From be2af71ad1a9adff34663f1e3156a7d2f13bce18 Mon Sep 17 00:00:00 2001 From: csjp Date: Mon, 16 Jan 2006 17:03:21 +0000 Subject: Although we check the return value of copyin(9) while determaining how long the string is in userspace, afterwards we call malloc(M_WAITOK), which could sleep for an unknown amount of time. Check the return value of copyin(9) just to be sure that nothing has changed during that time. Found with: Coverity Prevent (tm) MFC after: 1 week --- sys/netsmb/smb_subr.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'sys/netsmb') diff --git a/sys/netsmb/smb_subr.c b/sys/netsmb/smb_subr.c index b8dab57..6895b65 100644 --- a/sys/netsmb/smb_subr.c +++ b/sys/netsmb/smb_subr.c @@ -117,7 +117,7 @@ char * smb_strdupin(char *s, int maxlen) { char *p, bt; - int len = 0; + int error, len = 0; for (p = s; ;p++) { if (copyin(p, &bt, 1)) @@ -129,7 +129,11 @@ smb_strdupin(char *s, int maxlen) break; } p = malloc(len, M_SMBSTR, M_WAITOK); - copyin(s, p, len); + error = copyin(s, p, len); + if (error) { + free(p, M_SMBSTR); + return (NULL); + } return p; } -- cgit v1.1