MFC r276904:

Improve style and fix a possible use-after-free case introduced in r268384 by reinitializing the 'freestate' pointer after freeing the memory. Obtained from: HardenedBSD (71fab80c5dd3034b71a29a61064625018671bbeb) PR: 194525 Submitted by: Oliver Pinter <oliver.pinter@hardenedbsd.org>
author: delphij <delphij@FreeBSD.org> 2015-01-24 00:27:50 +0000
committer: delphij <delphij@FreeBSD.org> 2015-01-24 00:27:50 +0000
commit: f72184af7f1b19f99893f951a64a22f22ec344ba (patch)
tree: 8f8e01fc96659bab3a8acc2e351d27ea9fdacff6
parent: ae11365e35a8faa087336848bdb52f9f6c252ff1 (diff)
download: FreeBSD-src-f72184af7f1b19f99893f951a64a22f22ec344ba.zip
FreeBSD-src-f72184af7f1b19f99893f951a64a22f22ec344ba.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/kern/kern_lockf.c b/sys/kern/kern_lockf.c
index 8d5c576..91eae09 100644
--- a/sys/kern/kern_lockf.c
+++ b/sys/kern/kern_lockf.c
@@ -740,12 +740,13 @@ retry_setlock:
 
 	VI_UNLOCK(vp);
 
-	if (freestate) {
+	if (freestate != NULL) {
 		sx_xlock(&lf_lock_states_lock);
 		LIST_REMOVE(freestate, ls_link);
 		sx_xunlock(&lf_lock_states_lock);
 		sx_destroy(&freestate->ls_lock);
 		free(freestate, M_LOCKF);
+		freestate = NULL;
 	}
 
 	if (error == EDOOFUS) {
author	delphij <delphij@FreeBSD.org>	2015-01-24 00:27:50 +0000
committer	delphij <delphij@FreeBSD.org>	2015-01-24 00:27:50 +0000
commit	f72184af7f1b19f99893f951a64a22f22ec344ba (patch)
tree	8f8e01fc96659bab3a8acc2e351d27ea9fdacff6
parent	ae11365e35a8faa087336848bdb52f9f6c252ff1 (diff)
download	FreeBSD-src-f72184af7f1b19f99893f951a64a22f22ec344ba.zip FreeBSD-src-f72184af7f1b19f99893f951a64a22f22ec344ba.tar.gz