mirror of
https://git.FreeBSD.org/src.git
synced 2024-12-19 10:53:58 +00:00
785eb42adf
It is otherwise left dangling, and callers that request cookies always free the cookie buffer, even when VOP_READDIR(9) returns an error. This results in a double free if tmpfs_readdir() returns an error to the NFS server or the Linux getdents(2) emulation code. Reported by: pho MFC after: 1 week Security: double free of malloc(9)-backed memory Sponsored by: EMC / Isilon Storage Division |
||
---|---|---|
.. | ||
tmpfs_fifoops.c | ||
tmpfs_fifoops.h | ||
tmpfs_subr.c | ||
tmpfs_vfsops.c | ||
tmpfs_vnops.c | ||
tmpfs_vnops.h | ||
tmpfs.h |