At some point during the history of m_getcl(), MAC support began to

unconditionally initialize the mbuf header even if cluster allocation failed, which could result in a NULL pointer dereference in low-memory conditions. PR: kern/65548 Submitted by: Stephan Uphoff <ups@tree.com>
author: rwatson <rwatson@FreeBSD.org> 2004-04-16 14:35:11 +0000
committer: rwatson <rwatson@FreeBSD.org> 2004-04-16 14:35:11 +0000
commit: 800e19506e87a04a5276ff793146a87ffdb15d2c (patch)
tree: 19dde26e37abbb07ca0ff7d8cbfb54baf352f7e6
parent: a7f6bd46b91734296d496e965f490fd3b8509d3d (diff)
download: FreeBSD-src-800e19506e87a04a5276ff793146a87ffdb15d2c.zip
FreeBSD-src-800e19506e87a04a5276ff793146a87ffdb15d2c.tar.gz
1 files changed, 6 insertions, 6 deletions
diff --git a/sys/kern/subr_mbuf.c b/sys/kern/subr_mbuf.c
index 674feff..d84ef31 100644
--- a/sys/kern/subr_mbuf.c
+++ b/sys/kern/subr_mbuf.c
@@ -1451,15 +1451,15 @@ m_getcl(int how, short type, int flags)
 	} else {
 		_mcl_setup(mb);
 		_mext_init_ref(mb, &cl_refcntmap[cl2ref(mb->m_ext.ext_buf)]);
-	}
 #ifdef MAC
-	if (flags & M_PKTHDR) {
-		if (mac_init_mbuf(mb, MBTOM(how)) != 0) {
-			m_free(mb);
-			return (NULL);
+		if (flags & M_PKTHDR) {
+			if (mac_init_mbuf(mb, MBTOM(how)) != 0) {
+				m_free(mb);
+				return (NULL);
+			}
 		}
-	}
 #endif
+	}
 	return (mb);
 }
author	rwatson <rwatson@FreeBSD.org>	2004-04-16 14:35:11 +0000
committer	rwatson <rwatson@FreeBSD.org>	2004-04-16 14:35:11 +0000
commit	800e19506e87a04a5276ff793146a87ffdb15d2c (patch)
tree	19dde26e37abbb07ca0ff7d8cbfb54baf352f7e6
parent	a7f6bd46b91734296d496e965f490fd3b8509d3d (diff)
download	FreeBSD-src-800e19506e87a04a5276ff793146a87ffdb15d2c.zip FreeBSD-src-800e19506e87a04a5276ff793146a87ffdb15d2c.tar.gz