d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

When freeing the chain of if_ef devices on an aborted load, use

Browse Source 
SLIST_FOREACH_SAFE() rather than SLIST_FOREACH(), as elements are
freed on each iteration of the loop.  This prevents use-after-free.

Noticed by:	Coverity Prevent analysis tool
MFC after:	3 days
This commit is contained in:
Robert Watson 2006-01-13 23:20:46 +00:00
parent 63074a901a
commit ae7c484e82
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sys/net/if_ef.c
View File

@ -491,7 +491,7 @@ ef_load(void)
{
struct ifnet *ifp;
struct efnet *efp;
struct ef_link *efl = NULL;
struct ef_link *efl = NULL, *efl_temp;
int error = 0, d;
IFNET_RLOCK();
@ -529,7 +529,7 @@ ef_load(void)
if (error) {
if (efl)
SLIST_INSERT_HEAD(&efdev, efl, el_next);
SLIST_FOREACH(efl, &efdev, el_next) {
SLIST_FOREACH_SAFE(efl, &efdev, el_next, efl_temp) {
for (d = 0; d < EF_NFT; d++)
if (efl->el_units[d]) {
if (efl->el_units[d]->ef_pifp != NULL)