Although we check the return value of copyin(9) while determaining how

long the string is in userspace, afterwards we call malloc(M_WAITOK), which could sleep for an unknown amount of time. Check the return value of copyin(9) just to be sure that nothing has changed during that time. Found with: Coverity Prevent (tm) MFC after: 1 week
author: csjp <csjp@FreeBSD.org> 2006-01-16 17:03:21 +0000
committer: csjp <csjp@FreeBSD.org> 2006-01-16 17:03:21 +0000
commit: be2af71ad1a9adff34663f1e3156a7d2f13bce18 (patch)
tree: 44baca38a41cd09d8880682daa0741db918f3ff5 /sys/netsmb/smb_subr.c
parent: 5ed013569426944a42840951d6e004c0722feea7 (diff)
download: FreeBSD-src-be2af71ad1a9adff34663f1e3156a7d2f13bce18.zip
FreeBSD-src-be2af71ad1a9adff34663f1e3156a7d2f13bce18.tar.gz
1 files changed, 6 insertions, 2 deletions
diff --git a/sys/netsmb/smb_subr.c b/sys/netsmb/smb_subr.c
index b8dab57..6895b65 100644
--- a/sys/netsmb/smb_subr.c
+++ b/sys/netsmb/smb_subr.c
@@ -117,7 +117,7 @@ char *
 smb_strdupin(char *s, int maxlen)
 {
 	char *p, bt;
-	int len = 0;
+	int error, len = 0;
 
 	for (p = s; ;p++) {
 		if (copyin(p, &bt, 1))
@@ -129,7 +129,11 @@ smb_strdupin(char *s, int maxlen)
 			break;
 	}
 	p = malloc(len, M_SMBSTR, M_WAITOK);
-	copyin(s, p, len);
+	error = copyin(s, p, len);
+	if (error) {
+		free(p, M_SMBSTR);
+		return (NULL);
+	}
 	return p;
 }
author	csjp <csjp@FreeBSD.org>	2006-01-16 17:03:21 +0000
committer	csjp <csjp@FreeBSD.org>	2006-01-16 17:03:21 +0000
commit	be2af71ad1a9adff34663f1e3156a7d2f13bce18 (patch)
tree	44baca38a41cd09d8880682daa0741db918f3ff5 /sys/netsmb/smb_subr.c
parent	5ed013569426944a42840951d6e004c0722feea7 (diff)
download	FreeBSD-src-be2af71ad1a9adff34663f1e3156a7d2f13bce18.zip FreeBSD-src-be2af71ad1a9adff34663f1e3156a7d2f13bce18.tar.gz