On Fri, Jan 30, 2015 at 15:57, Todd C. Miller wrote: > On Fri, 30 Jan 2015 22:55:06 +0100, Alexander Bluhm wrote: > >> sosetopt() calls m_free() and then it is called again. So it is a >> double free. > > Whoops, I didn't notice that the non-error case also falls thought > to the "bad" label. We could just do what sys_setsockopt() does > and zero out m after calling sosetopt().
So many diffs to choose from! This does retain the original semantics.
