Add checks for g_clone_bio() returning NULL, it will be possible RSN.

Sponsored by: DARPA & NAI Labs.
2002-09-27 20:47:23 +00:00 · 2002-09-27 20:47:23 +00:00 · beece77a2d
commit beece77a2d
parent 346cd5fe2d
2 changed files with 18 additions and 1 deletions
--- a/sys/geom/geom_aes.c
+++ b/sys/geom/geom_aes.c
@ -195,12 +195,20 @@ g_aes_start(struct bio *bp)
 	switch (bp->bio_cmd) {
 	case BIO_READ:
 		bp2 = g_clone_bio(bp);
+		if (bp2 == NULL) {
+			g_io_fail(bp, ENOMEM);
+			return;
+		}
 		bp2->bio_done = g_aes_read_done;
 		bp2->bio_offset += sc->sectorsize;
 		g_io_request(bp2, cp);
 		break;
 	case BIO_WRITE:
 		bp2 = g_clone_bio(bp);
+		if (bp2 == NULL) {
+			g_io_fail(bp, ENOMEM);
+			return;
+		}
 		bp2->bio_done = g_aes_write_done;
 		bp2->bio_offset += sc->sectorsize;
 		bp2->bio_data = g_malloc(bp->bio_length, M_WAITOK);
@ -226,6 +234,10 @@ g_aes_start(struct bio *bp)
 		if (g_handleattr_int(bp, "GEOM::sectorsize", sc->sectorsize))
 			return;
 		bp2 = g_clone_bio(bp);
+		if (bp2 == NULL) {
+			g_io_fail(bp, ENOMEM);
+			return;
+		}
 		bp2->bio_done = g_std_done;
 		bp2->bio_offset += sc->sectorsize;
 		g_io_request(bp2, cp);
--- a/sys/geom/geom_slice.c
+++ b/sys/geom/geom_slice.c
@ -72,7 +72,8 @@ g_slice_init(unsigned nslice, unsigned scsize)

 	gsp = g_malloc(sizeof *gsp, M_WAITOK | M_ZERO);
 	gsp->softc = g_malloc(scsize, M_WAITOK | M_ZERO);
-	gsp->slices = g_malloc(nslice * sizeof(struct g_slice), M_WAITOK | M_ZERO);
+	gsp->slices = g_malloc(nslice * sizeof(struct g_slice),
+	    M_WAITOK | M_ZERO);
 	gsp->nslice = nslice;
 	return (gsp);
 }
@ -148,6 +149,10 @@ g_slice_start(struct bio *bp)
 			return;
 		}
 		bp2 = g_clone_bio(bp);
+		if (bp2 == NULL) {
+			g_io_fail(bp, ENOMEM);
+			return;
+		}
 		if (bp2->bio_offset + bp2->bio_length > gsl->length)
 			bp2->bio_length = gsl->length - bp2->bio_offset;
 		bp2->bio_done = g_std_done;