d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Although we check the return value of copyin(9) while determaining how

Browse Source 
long the string is in userspace, afterwards we call malloc(M_WAITOK),
which could sleep for an unknown amount of time. Check the return
value of copyin(9) just to be sure that nothing has changed during that
time.

Found with:	Coverity Prevent (tm)
MFC after:	1 week
This commit is contained in:
Christian S.J. Peron 2006-01-16 17:03:21 +00:00
parent b2c9ed2d83
commit ed9e2ed449
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=154434
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
sys/netsmb/smb_subr.c
View File

@ -117,7 +117,7 @@ char *
smb_strdupin(char *s, int maxlen)
{
char *p, bt;
int len = 0;
int error, len = 0;
for (p = s; ;p++) {
if (copyin(p, &bt, 1))
@ -129,7 +129,11 @@ smb_strdupin(char *s, int maxlen)
break;
}
p = malloc(len, M_SMBSTR, M_WAITOK);
copyin(s, p, len);
error = copyin(s, p, len);
if (error) {
free(p, M_SMBSTR);
return (NULL);
}
return p;
}