mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-12 09:58:36 +00:00
Code Issues Releases Activity

Although we check the return value of copyin(9) while determaining how

Browse Source 
long the string is in userspace, afterwards we call malloc(M_WAITOK),
which could sleep for an unknown amount of time. Check the return
value of copyin(9) just to be sure that nothing has changed during that
time.

Found with:	Coverity Prevent (tm)
MFC after:	1 week
This commit is contained in:
Christian S.J. Peron 2006-01-16 17:03:21 +00:00
parent b2c9ed2d83
commit ed9e2ed449
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=154434
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
sys/netsmb/smb_subr.c
View File

@ -117,7 +117,7 @@ char *
smb_strdupin(char *s, int maxlen)
{
char *p, bt;
int len = 0;
int error, len = 0;
for (p = s; ;p++) {
if (copyin(p, &bt, 1))
@ -129,7 +129,11 @@ smb_strdupin(char *s, int maxlen)
break;
}
p = malloc(len, M_SMBSTR, M_WAITOK);
copyin(s, p, len);
error = copyin(s, p, len);
if (error) {
free(p, M_SMBSTR);
return (NULL);
}
return p;
}