d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix use-after-free on XPT_RESET_BUS.

Browse Source 
That command is not queued, so does not use later status update.
This commit is contained in:
Alexander Motin 2014-07-08 16:56:21 +00:00
parent b33b96e352
commit ad3cd840f2
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
sys/cam/ctl/ctl_frontend_cam_sim.c
View File

@ -460,6 +460,10 @@ cfcs_done(union ctl_io *io)
union ccb *ccb;
ccb = io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr;
if (ccb == NULL) {
ctl_free_io(io);
return;
}
/*
* At this point we should have status. If we don't, that's a bug.
@ -741,7 +745,8 @@ cfcs_action(struct cam_sim *sim, union ccb *ccb)
ctl_zero_io(io);
/* Save pointers on both sides */
io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr = ccb;
if (ccb->ccb_h.func_code == XPT_RESET_DEV)
io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr = ccb;
ccb->ccb_h.io_ptr = io;
io->io_hdr.io_type = CTL_IO_TASK;