diff options
author | delphij <delphij@FreeBSD.org> | 2011-11-29 08:16:14 +0000 |
---|---|---|
committer | delphij <delphij@FreeBSD.org> | 2011-11-29 08:16:14 +0000 |
commit | b050d953ee0f6fb7e2303645b5089b4e0b456f0c (patch) | |
tree | 2c7ddce797beb8212cf3823139eb808a9fa5f095 /usr.sbin/mfiutil | |
parent | 930bf9596b2b4f8a8de3c29afcb01ad820dbd1d6 (diff) | |
download | FreeBSD-src-b050d953ee0f6fb7e2303645b5089b4e0b456f0c.zip FreeBSD-src-b050d953ee0f6fb7e2303645b5089b4e0b456f0c.tar.gz |
In build_volume(), check if arrays is allocated before traversing its
items. While parsing the arrays input, it's possible that we reach the
error path before initializing the 'arrays' pointer, which in turn leads
to a NULL deference.
Submitted by: Garrett Cooper
MFC after: 1 week
Diffstat (limited to 'usr.sbin/mfiutil')
-rw-r--r-- | usr.sbin/mfiutil/mfi_config.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/usr.sbin/mfiutil/mfi_config.c b/usr.sbin/mfiutil/mfi_config.c index ba6ce2d..32cb171 100644 --- a/usr.sbin/mfiutil/mfi_config.c +++ b/usr.sbin/mfiutil/mfi_config.c @@ -820,9 +820,11 @@ error: free(config); free(state.volumes); free(state.arrays); - for (i = 0; i < narrays; i++) - free(arrays[i].drives); - free(arrays); + if (arrays != NULL) { + for (i = 0; i < narrays; i++) + free(arrays[i].drives); + free(arrays); + } close(fd); return (error); |