On Thu, 2009-07-30 at 17:37 -0600, Theo de Raadt wrote:
> Follow the flow of the code:
>
> again:
> ...
>
> if (cookies) {
> free((caddr_t)cookies, M_TEMP);
> cookies = NULL;
> }
>
> A kernel double free. I doubt it.
> Holy shit that was big to miss. I'm going to sleep now :)
