d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
38526a2cf1
freebsd-dev/sys/fs/tmpfs
History
Mark Johnston 785eb42adf Clear the cookie pointer on error in tmpfs_readdir(). 
It is otherwise left dangling, and callers that request cookies always free
the cookie buffer, even when VOP_READDIR(9) returns an error. This results
in a double free if tmpfs_readdir() returns an error to the NFS server or
the Linux getdents(2) emulation code.

Reported by:	pho
MFC after:	1 week
Security:	double free of malloc(9)-backed memory
Sponsored by:	EMC / Isilon Storage Division
2016-02-12 20:43:53 +00:00
..
tmpfs_fifoops.c Remove code separator lines which do not conform to style(9). 2014-07-14 08:17:11 +00:00
tmpfs_fifoops.h Remove code separator lines which do not conform to style(9). 2014-07-14 08:17:11 +00:00
tmpfs_subr.c A change to KPI of vm_pager_get_pages() and underlying VOP_GETPAGES(). 2015-12-16 21:30:45 +00:00
tmpfs_vfsops.c Check suspendability on the mountpoint returned by VOP_GETWRITEMOUNT. 2015-07-05 22:37:33 +00:00
tmpfs_vnops.c Clear the cookie pointer on error in tmpfs_readdir(). 2016-02-12 20:43:53 +00:00
tmpfs_vnops.h Remove code separator lines which do not conform to style(9). 2014-07-14 08:17:11 +00:00
tmpfs.h Update mtime for tmpfs files modified through memory mapping. Similar 2015-01-28 10:37:23 +00:00