d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
freebsd-skq/sys/fs/tmpfs
History
Mark Johnston 785eb42adf Clear the cookie pointer on error in tmpfs_readdir(). 
It is otherwise left dangling, and callers that request cookies always free
the cookie buffer, even when VOP_READDIR(9) returns an error. This results
in a double free if tmpfs_readdir() returns an error to the NFS server or
the Linux getdents(2) emulation code.

Reported by:	pho
MFC after:	1 week
Security:	double free of malloc(9)-backed memory
Sponsored by:	EMC / Isilon Storage Division
2016-02-12 20:43:53 +00:00
..
tmpfs_fifoops.c
Remove code separator lines which do not conform to style(9).
2014-07-14 08:17:11 +00:00
tmpfs_fifoops.h
Remove code separator lines which do not conform to style(9).
2014-07-14 08:17:11 +00:00
tmpfs_subr.c
A change to KPI of vm_pager_get_pages() and underlying VOP_GETPAGES().
2015-12-16 21:30:45 +00:00
tmpfs_vfsops.c
Check suspendability on the mountpoint returned by VOP_GETWRITEMOUNT.
2015-07-05 22:37:33 +00:00
tmpfs_vnops.c
Clear the cookie pointer on error in tmpfs_readdir().
2016-02-12 20:43:53 +00:00
tmpfs_vnops.h
Remove code separator lines which do not conform to style(9).
2014-07-14 08:17:11 +00:00
tmpfs.h
Update mtime for tmpfs files modified through memory mapping. Similar
2015-01-28 10:37:23 +00:00