Plug memory leak in ctl(4) when ctl_copyin_args() is called with a non-

null terminated ASCII string. PR: 207626 Submitted by: cturt@hardenedbsd.org MFC after: 2 days
2016-04-19 16:48:14 +00:00 · 2016-04-19 16:48:14 +00:00 · bbea316cc8
commit bbea316cc8
parent 36e4410ab0
1 changed files with 1 additions and 0 deletions
--- a/sys/cam/ctl/ctl.c
+++ b/sys/cam/ctl/ctl.c
@ -2445,6 +2445,7 @@ ctl_copyin_args(int num_args, struct ctl_be_arg *uargs,
 			 && (tmpptr[args[i].vallen - 1] != '\0')) {
 				snprintf(error_str, error_str_len, "Argument "
 				    "%d value is not NUL-terminated", i);
+				free(tmpptr, M_CTL);
 				goto bailout;
 			}
 			args[i].kvalue = tmpptr;