Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/dev/usb PR/48963: kmem_free size mismatch causes panic w...
details: https://anonhg.NetBSD.org/src/rev/22aae305df8c
branches: trunk
changeset: 797078:22aae305df8c
user: skrll <skrll%NetBSD.org@localhost>
date: Sat Jul 05 09:30:08 2014 +0000
description:
PR/48963: kmem_free size mismatch causes panic when attaching urndis(4).
Fix the size passed in kmem_free in the urndis_ctrl_{query,set} functions
diffstat:
sys/dev/usb/if_urndis.c | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
diffs (36 lines):
diff -r c06b8484d553 -r 22aae305df8c sys/dev/usb/if_urndis.c
--- a/sys/dev/usb/if_urndis.c Sat Jul 05 09:28:48 2014 +0000
+++ b/sys/dev/usb/if_urndis.c Sat Jul 05 09:30:08 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: if_urndis.c,v 1.6 2013/10/17 21:07:37 christos Exp $ */
+/* $NetBSD: if_urndis.c,v 1.7 2014/07/05 09:30:08 skrll Exp $ */
/* $OpenBSD: if_urndis.c,v 1.31 2011/07/03 15:47:17 matthew Exp $ */
/*
@@ -21,7 +21,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_urndis.c,v 1.6 2013/10/17 21:07:37 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_urndis.c,v 1.7 2014/07/05 09:30:08 skrll Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -513,7 +513,7 @@
le32toh(msg->rm_devicevchdl)));
rval = urndis_ctrl_send(sc, msg, sizeof(*msg));
- kmem_free(msg, sizeof(*msg));
+ kmem_free(msg, sizeof(*msg) + qlen);
if (rval != RNDIS_STATUS_SUCCESS) {
printf("%s: query failed\n", DEVNAME(sc));
@@ -566,7 +566,7 @@
le32toh(msg->rm_devicevchdl)));
rval = urndis_ctrl_send(sc, msg, sizeof(*msg));
- kmem_free(msg, sizeof(*msg));
+ kmem_free(msg, sizeof(*msg) + len);
if (rval != RNDIS_STATUS_SUCCESS) {
printf("%s: set failed\n", DEVNAME(sc));
Home |
Main Index |
Thread Index |
Old Index