Re: Avoid memory leak in nfs_serv.c

Theo de Raadt Thu, 30 Jul 2009 16:39:05 -0700

> >From NetBSD.
> 
> Index: nfs_serv.c
> ===================================================================
> RCS file: /cvs/src/sys/nfs/nfs_serv.c,v
> retrieving revision 1.77
> diff -u -p -r1.77 nfs_serv.c
> --- nfs_serv.c        20 Jul 2009 16:49:40 -0000      1.77
> +++ nfs_serv.c        30 Jul 2009 23:11:33 -0000
> @@ -2489,6 +2489,7 @@ again:
>       if (cpos >= cend || ncookies == 0) {
>               toff = off;
>               siz = fullsiz;
> +             free(cookies, M_TEMP);
>               goto again;
>       }
>  
> @@ -2698,6 +2699,7 @@ again:
>       if (cpos >= cend || ncookies == 0) {
>               toff = off;
>               siz = fullsiz;
> +             free(cookies, M_TEMP);
>               goto again;
>       }
>


Follow the flow of the code:

again:
        ...

        if (cookies) {
                free((caddr_t)cookies, M_TEMP);
                cookies = NULL;
        }

A kernel double free.  I doubt it.

Re: Avoid memory leak in nfs_serv.c

Reply via email to