d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
freebsd-nq/sys/fs
History
Mark Johnston 785eb42adf Clear the cookie pointer on error in tmpfs_readdir(). 
It is otherwise left dangling, and callers that request cookies always free
the cookie buffer, even when VOP_READDIR(9) returns an error. This results
in a double free if tmpfs_readdir() returns an error to the NFS server or
the Linux getdents(2) emulation code.

Reported by:	pho
MFC after:	1 week
Security:	double free of malloc(9)-backed memory
Sponsored by:	EMC / Isilon Storage Division
2016-02-12 20:43:53 +00:00
..
autofs
Restore ABI compatibility, broken in r273127. Note that while this fixes
2015-02-10 16:17:16 +00:00
cd9660
cd9660: Drop an unnecessary check for NULL.
2016-02-07 03:48:40 +00:00
cuse
Make CUSE usable with platforms where the size of "unsigned long" is
2015-12-22 09:55:44 +00:00
deadfs
Style changes for deadfs:
2014-10-15 13:22:33 +00:00
devfs
When devfs dirent is freed, a vnode might still keep a pointer to it,
2016-01-22 20:30:51 +00:00
ext2fs
Ext4: Use boolean type instead of '0' and '1'
2016-02-11 15:27:14 +00:00
fdescfs
Revert r295359:
2016-02-07 15:40:01 +00:00
fifofs
Ensure that when a blockable open of fifo returns success, a valid
2015-09-20 21:18:33 +00:00
fuse
Fix breakage caused by r292373 in ZFS/FUSE/NFS/SMBFS.
2015-12-16 23:48:50 +00:00
msdosfs
msdosfs_rename: yet another unused value.
2016-02-07 15:36:16 +00:00
nandfs
[PR 206224] bv_cnt is sometimes examined without holding the bufobj lock
2016-01-17 01:04:20 +00:00
nfs
Make nfscl_getmyip() use new routing KPI.
2016-01-15 09:05:14 +00:00
nfsclient
Unbreak NOIP builds after r294084.
2016-01-15 16:45:36 +00:00
nfsserver
Add kernel support to the NFS server for the "-manage-gids"
2015-11-30 21:54:27 +00:00
nullfs
Force nullfs vnode reclaim after unlinking, to potentially unlink
2015-12-30 19:49:22 +00:00
procfs
- Consistently use PROC_ASSERT_HELD() to verify that a process' hold count
2015-11-08 01:38:56 +00:00
pseudofs
Hide vfs.pfs.trace variable if it is not used.
2015-05-24 18:11:22 +00:00
smbfs
Change the type of newsize argument in the smbfs_smb_setfsize() function
2016-01-11 18:11:06 +00:00
tmpfs
Clear the cookie pointer on error in tmpfs_readdir().
2016-02-12 20:43:53 +00:00
udf
Fix a -Wcast-qual warning in udf_vnops.c, by using __DECONST. No
2015-01-30 22:01:45 +00:00
unionfs
Check suspendability on the mountpoint returned by VOP_GETWRITEMOUNT.
2015-07-05 22:37:33 +00:00