From dbc239a5a7085beffc050837662f718c49937994 Mon Sep 17 00:00:00 2001
From: jhb <jhb@FreeBSD.org>
Date: Sat, 17 May 2014 02:45:04 +0000
Subject: Clear the data buffer length field when freeing a command structure
 so that it doesn't leak through when the command structure is reused for a
 user command without a data buffer.

PR:		amd64/189668
Tested by:	Pete Long <pete@nrth.org>
MFC after:	1 week
---
 sys/dev/aac/aac.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'sys/dev/aac')

diff --git a/sys/dev/aac/aac.c b/sys/dev/aac/aac.c
index c0f11f9..3ea964f 100644
--- a/sys/dev/aac/aac.c
+++ b/sys/dev/aac/aac.c
@@ -1408,6 +1408,7 @@ aac_release_command(struct aac_command *cm)
 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
 
 	/* (re)initialize the command/FIB */
+	cm->cm_datalen = 0;
 	cm->cm_sgtable = NULL;
 	cm->cm_flags = 0;
 	cm->cm_complete = NULL;
-- 
cgit v1.1