From 22f085c43ba25698ba35154738306d6598b74e25 Mon Sep 17 00:00:00 2001 From: Rick Macklem Date: Sat, 5 Sep 2020 00:50:52 +0000 Subject: [PATCH] Fix a potential memory leak in the NFS over TLS handling code. For the TLS case where there is a "user@domain" name specified in the X.509 v3 certificate presented by the client in the otherName component of subjectAltName, a gid list is allocated via mem_alloc(). This needs to be free'd. Otherwise xp_gidp == NULL and free() handles that. (The size argument to mem_free() is not used by FreeBSD, so it can be 0.) This leak would not have occurred for any other case than NFS over TLS with the "user@domain" in the client's certificate. --- sys/rpc/svc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sys/rpc/svc.c b/sys/rpc/svc.c index a678fbae704d..a059096e7b77 100644 --- a/sys/rpc/svc.c +++ b/sys/rpc/svc.c @@ -902,6 +902,8 @@ svc_xprt_free(SVCXPRT *xprt) { mem_free(xprt->xp_p3, sizeof(SVCXPRT_EXT)); + /* The size argument is ignored, so 0 is ok. */ + mem_free(xprt->xp_gidp, 0); mem_free(xprt, sizeof(SVCXPRT)); }