From nobody@FreeBSD.org  Tue Jan  5 07:57:44 2010
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id F26241065679
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  5 Jan 2010 07:57:44 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id E238B8FC14
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  5 Jan 2010 07:57:44 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o057viqd018866
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 5 Jan 2010 07:57:44 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id o057vinm018865;
	Tue, 5 Jan 2010 07:57:44 GMT
	(envelope-from nobody)
Message-Id: <201001050757.o057vinm018865@www.freebsd.org>
Date: Tue, 5 Jan 2010 07:57:44 GMT
From: Henning Petersen <henning.petersen@t-online.de>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Double free in getnetpath.c.
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         142339
>Category:       kern
>Synopsis:       [libc] [patch] Double free in getnetpath.c.
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    brueffer
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jan 05 08:00:06 UTC 2010
>Closed-Date:    Fri Feb 12 23:58:14 UTC 2010
>Last-Modified:  Fri Feb 12 23:58:14 UTC 2010
>Originator:     Henning Petersen
>Release:        Freebsd-current
>Organization:
>Environment:
>Description:
np_sessionp is freed at line 102 and line 123.
>How-To-Repeat:

>Fix:
diff -u -r1.8 getnetpath.c
--- lib/libc/rpc/getnetpath.c	20 Sep 2007 22:35:24 -0000	1.8
+++ lib/libc/rpc/getnetpath.c	5 Jan 2010 05:52:21 -0000
@@ -101,7 +101,7 @@
     if ((np_sessionp->nc_handlep = setnetconfig()) == NULL) {
 	free(np_sessionp);
 	syslog (LOG_ERR, "rpc: failed to open " NETCONFIG);
-	goto failed;
+	return (NULL);
     }
     np_sessionp->valid = NP_VALID;
     np_sessionp->ncp_list = NULL;


Patch attached with submission follows:

Index: lib/libc/rpc/getnetpath.c
===================================================================
RCS file: /usr/ncvs/src/lib/libc/rpc/getnetpath.c,v
retrieving revision 1.8
diff -u -r1.8 getnetpath.c
--- lib/libc/rpc/getnetpath.c	20 Sep 2007 22:35:24 -0000	1.8
+++ lib/libc/rpc/getnetpath.c	5 Jan 2010 05:52:21 -0000
@@ -101,7 +101,7 @@
     if ((np_sessionp->nc_handlep = setnetconfig()) == NULL) {
 	free(np_sessionp);
 	syslog (LOG_ERR, "rpc: failed to open " NETCONFIG);
-	goto failed;
+	return (NULL);
     }
     np_sessionp->valid = NP_VALID;
     np_sessionp->ncp_list = NULL;


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->patched 
State-Changed-By: brueffer 
State-Changed-When: Tue Jan 5 21:18:53 CET 2010 
State-Changed-Why:  
Committed, thanks! 


Responsible-Changed-From-To: freebsd-bugs->brueffer 
Responsible-Changed-By: brueffer 
Responsible-Changed-When: Tue Jan 5 21:18:53 CET 2010 
Responsible-Changed-Why:  
MFC reminder. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=142339 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/142339: commit references a PR
Date: Tue,  5 Jan 2010 20:18:52 +0000 (UTC)

 Author: brueffer
 Date: Tue Jan  5 20:18:41 2010
 New Revision: 201603
 URL: http://svn.freebsd.org/changeset/base/201603
 
 Log:
   Fix a double free().
   
   PR:		142339
   Submitted by:	Henning Petersen <henning.petersen@t-online.de>
   MFC after:	2 weeks
 
 Modified:
   head/lib/libc/rpc/getnetpath.c
 
 Modified: head/lib/libc/rpc/getnetpath.c
 ==============================================================================
 --- head/lib/libc/rpc/getnetpath.c	Tue Jan  5 20:17:13 2010	(r201602)
 +++ head/lib/libc/rpc/getnetpath.c	Tue Jan  5 20:18:41 2010	(r201603)
 @@ -101,7 +101,7 @@ setnetpath()
      if ((np_sessionp->nc_handlep = setnetconfig()) == NULL) {
  	free(np_sessionp);
  	syslog (LOG_ERR, "rpc: failed to open " NETCONFIG);
 -	goto failed;
 +    	return (NULL);
      }
      np_sessionp->valid = NP_VALID;
      np_sessionp->ncp_list = NULL;
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: patched->closed 
State-Changed-By: brueffer 
State-Changed-When: Tue Jan 19 18:06:47 CET 2010 
State-Changed-Why:  
MFCs done. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=142339 
State-Changed-From-To: closed->feedback 
State-Changed-By: pgollucci 
State-Changed-When: Fri Feb 12 23:56:15 UTC 2010 
State-Changed-Why:  
Ask for submitter approval. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=142339 
State-Changed-From-To: feedback->closed 
State-Changed-By: pgollucci 
State-Changed-When: Fri Feb 12 23:58:14 UTC 2010 
State-Changed-Why:  
re-close 

http://www.freebsd.org/cgi/query-pr.cgi?pr=142339 
>Unformatted:
