Re: net/rtsock.c: size to free(9)

Sat, 16 Dec 2017 08:51:06 -0800 

On Wed, 13 Dec 2017 08:56:53 +0000, Martin Pieuchot wrote:
> Thanks.  I'd suggest you for the next time to not to mix withespace or
> style changes with a functional change.
>
> That said it'd be great if you could look at other free(9) calls missing
> the size argument.

The diff below deals with the last three calls in rtsock.c.  The case of
rt_llinfo when RTF_MPLS is set in rt_flags seems safe as it is similar
to what has already been done in route.c.

Index: rtsock.c
===================================================================
RCS file: /cvs/src/sys/net/rtsock.c,v
retrieving revision 1.258
diff -u -p -r1.258 rtsock.c
--- rtsock.c    13 Dec 2017 08:59:02 -0000      1.258
+++ rtsock.c    14 Dec 2017 16:13:04 -0000
@@ -980,7 +980,8 @@ change:
                                /* if gateway changed remove MPLS information */
                                if (rt->rt_llinfo != NULL &&
                                    rt->rt_flags & RTF_MPLS) {
-                                       free(rt->rt_llinfo, M_TEMP, 0);
+                                       free(rt->rt_llinfo, M_TEMP,
+                                           sizeof(struct rt_mpls));
                                        rt->rt_llinfo = NULL;
                                        rt->rt_flags &= ~RTF_MPLS;
                                }
@@ -1363,22 +1364,20 @@ again:
        /* align message length to the next natural boundary */
        len = ALIGN(len);
        if (cp == 0 && w != NULL && !second_time) {
-               struct walkarg *rw = w;
-
-               rw->w_needed += len;
-               if (rw->w_needed <= 0 && rw->w_where) {
-                       if (rw->w_tmemsize < len) {
-                               free(rw->w_tmem, M_RTABLE, 0);
-                               rw->w_tmem = malloc(len, M_RTABLE, M_NOWAIT);
-                               if (rw->w_tmem)
-                                       rw->w_tmemsize = len;
+               w->w_needed += len;
+               if (w->w_needed <= 0 && w->w_where) {
+                       if (w->w_tmemsize < len) {
+                               free(w->w_tmem, M_RTABLE, w->w_tmemsize);
+                               w->w_tmem = malloc(len, M_RTABLE, M_NOWAIT);
+                               if (w->w_tmem)
+                                       w->w_tmemsize = len;
                        }
-                       if (rw->w_tmem) {
-                               cp = rw->w_tmem;
+                       if (w->w_tmem) {
+                               cp = w->w_tmem;
                                second_time = 1;
                                goto again;
                        } else
-                               rw->w_where = 0;
+                               w->w_where = 0;
                }
        }
        if (cp && w)            /* clear the message header */
@@ -1809,7 +1808,7 @@ sysctl_rtable(int *name, u_int namelen, 
                NET_UNLOCK();
                break;
        }
-       free(w.w_tmem, M_RTABLE, 0);
+       free(w.w_tmem, M_RTABLE, w.w_tmemsize);
        w.w_needed += w.w_given;
        if (where) {
                *given = w.w_where - (caddr_t)where;

Regards,

kshe

Reply via email to