From nobody@FreeBSD.ORG Fri Apr 30 15:29:28 1999
Return-Path: <nobody@FreeBSD.ORG>
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id A419E14E57; Fri, 30 Apr 1999 15:29:28 -0700 (PDT)
Message-Id: <19990430222928.A419E14E57@hub.freebsd.org>
Date: Fri, 30 Apr 1999 15:29:28 -0700 (PDT)
From: cpeterso@cs.washington.edu
Sender: nobody@FreeBSD.ORG
To: freebsd-gnats-submit@freebsd.org
Subject: code typo in ip_fil.c: missing NULL checks for calls to malloc(), calloc(), and realloc().
X-Send-Pr-Version: www-1.0

>Number:         11412
>Category:       kern
>Synopsis:       code typo in ip_fil.c: missing NULL checks for calls to malloc(), calloc(), and realloc().
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    darrenr
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Apr 30 15:30:01 PDT 1999
>Closed-Date:    Sun Sep 17 01:31:14 PDT 2000
>Last-Modified:  Sun Sep 17 01:31:58 PDT 2000
>Originator:     Christopher Peterson
>Release:        FreeBSD 3.1-RELEASE i386
>Organization:
>Environment:
>Description:
The following calls to malloc(), calloc(), and realloc() do not check for a NULL return, indicating memory allocation failure. Also, if realloc() fails, the NULL return will overwrite the "ifneta" pointer, causing a memory leak!


netinet/ip_fil.c (line 1150):	malloc not checked for NULL; 17:
	ifneta = (struct ifnet**) malloc(sizeof(ifp) * 2);
	ifneta[1] = NULL;

netinet/ip_fil.c (line 1152):	calloc not checked for NULL; 17:
	ifneta[0] = (struct ifnet*)calloc(1, sizeof(*ifp));

netinet/ip_fil.c (line 1156):	realloc overwrite src if NULL; 17:
	ifneta=(struct ifnet**)realloc(ifneta,(nifs+1)*sizeof(*ifa))


>How-To-Repeat:

>Fix:


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->darrenr 
Responsible-Changed-By: nbm 
Responsible-Changed-When: Tue Jun 27 01:28:15 PDT 2000 
Responsible-Changed-Why:  
I think Mr. Reed may want to see these. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=11412 
State-Changed-From-To: open->closed 
State-Changed-By: darrenr 
State-Changed-When: Sun Sep 17 01:31:14 PDT 2000 
State-Changed-Why:  
these problems have been addressed in a later version of the software 
(they never were critical) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=11412 
>Unformatted:
