diff options
| author | rwatson <rwatson@FreeBSD.org> | 2004-04-16 14:35:11 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2004-04-16 14:35:11 +0000 |
| commit | 800e19506e87a04a5276ff793146a87ffdb15d2c (patch) | |
| tree | 19dde26e37abbb07ca0ff7d8cbfb54baf352f7e6 /sys/kern | |
| parent | a7f6bd46b91734296d496e965f490fd3b8509d3d (diff) | |
| download | FreeBSD-src-800e19506e87a04a5276ff793146a87ffdb15d2c.zip FreeBSD-src-800e19506e87a04a5276ff793146a87ffdb15d2c.tar.gz | |
At some point during the history of m_getcl(), MAC support began to
unconditionally initialize the mbuf header even if cluster allocation
failed, which could result in a NULL pointer dereference in low-memory
conditions.
PR: kern/65548
Submitted by: Stephan Uphoff <ups@tree.com>
Diffstat (limited to 'sys/kern')
| -rw-r--r-- | sys/kern/subr_mbuf.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/sys/kern/subr_mbuf.c b/sys/kern/subr_mbuf.c index 674feff..d84ef31 100644 --- a/sys/kern/subr_mbuf.c +++ b/sys/kern/subr_mbuf.c @@ -1451,15 +1451,15 @@ m_getcl(int how, short type, int flags) } else { _mcl_setup(mb); _mext_init_ref(mb, &cl_refcntmap[cl2ref(mb->m_ext.ext_buf)]); - } #ifdef MAC - if (flags & M_PKTHDR) { - if (mac_init_mbuf(mb, MBTOM(how)) != 0) { - m_free(mb); - return (NULL); + if (flags & M_PKTHDR) { + if (mac_init_mbuf(mb, MBTOM(how)) != 0) { + m_free(mb); + return (NULL); + } } - } #endif + } return (mb); } |
