diff options
author | pjd <pjd@FreeBSD.org> | 2009-03-14 20:40:06 +0000 |
---|---|---|
committer | pjd <pjd@FreeBSD.org> | 2009-03-14 20:40:06 +0000 |
commit | b67aabcdf8d580b9ac413394217e14f8fa1760b6 (patch) | |
tree | fe0d2395d13c8216fd09352f7797c6411ee100c2 /sys/security | |
parent | 58fce43140bb8d3abacea316b6eb11295e7bf210 (diff) | |
download | FreeBSD-src-b67aabcdf8d580b9ac413394217e14f8fa1760b6.zip FreeBSD-src-b67aabcdf8d580b9ac413394217e14f8fa1760b6.tar.gz |
- Correct logic in if statement - we want to allocate temporary buffer
when someone is passing new rules, not when he only want to read them.
Because of this bug, even if the given rules were incorrect, they
ended up in rule_string.
- Add missing protection for rule_string when coping it.
Reviewed by: rwatson
MFC after: 1 week
Diffstat (limited to 'sys/security')
-rw-r--r-- | sys/security/mac_portacl/mac_portacl.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/security/mac_portacl/mac_portacl.c b/sys/security/mac_portacl/mac_portacl.c index aceda69..f54319a 100644 --- a/sys/security/mac_portacl/mac_portacl.c +++ b/sys/security/mac_portacl/mac_portacl.c @@ -341,10 +341,12 @@ sysctl_rules(SYSCTL_HANDLER_ARGS) int error; new_string = NULL; - if (req->newptr == NULL) { + if (req->newptr != NULL) { new_string = malloc(MAC_RULE_STRING_LEN, M_PORTACL, M_WAITOK | M_ZERO); + mtx_lock(&rule_mtx); strcpy(new_string, rule_string); + mtx_unlock(&rule_mtx); string = new_string; } else string = rule_string; |