Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/nfs CID 271162: NULL deref check
details: https://anonhg.NetBSD.org/src/rev/d2cce87ec925
branches: trunk
changeset: 791677:d2cce87ec925
user: christos <christos%NetBSD.org@localhost>
date: Wed Nov 27 22:10:47 2013 +0000
description:
CID 271162: NULL deref check
diffstat:
sys/nfs/nfs_syscalls.c | 45 +++++++++++++++++++++++++++------------------
1 files changed, 27 insertions(+), 18 deletions(-)
diffs (83 lines):
diff -r 77ea403d1ea7 -r d2cce87ec925 sys/nfs/nfs_syscalls.c
--- a/sys/nfs/nfs_syscalls.c Wed Nov 27 21:17:36 2013 +0000
+++ b/sys/nfs/nfs_syscalls.c Wed Nov 27 22:10:47 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: nfs_syscalls.c,v 1.153 2009/12/31 20:01:33 christos Exp $ */
+/* $NetBSD: nfs_syscalls.c,v 1.154 2013/11/27 22:10:47 christos Exp $ */
/*
* Copyright (c) 1989, 1993
@@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: nfs_syscalls.c,v 1.153 2009/12/31 20:01:33 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: nfs_syscalls.c,v 1.154 2013/11/27 22:10:47 christos Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -609,14 +609,19 @@
}
if (error) {
nfsstats.srv_errs++;
- nfsrv_updatecache(nd, false, mreq);
- if (nd->nd_nam2)
- m_freem(nd->nd_nam2);
+ if (nd) {
+ nfsrv_updatecache(nd, false,
+ mreq);
+ if (nd->nd_nam2)
+ m_freem(nd->nd_nam2);
+ }
break;
}
- nfsstats.srvrpccnt[nd->nd_procnum]++;
- nfsrv_updatecache(nd, true, mreq);
- nd->nd_mrep = (struct mbuf *)0;
+ if (nd) {
+ nfsstats.srvrpccnt[nd->nd_procnum]++;
+ nfsrv_updatecache(nd, true, mreq);
+ nd->nd_mrep = NULL;
+ }
case RC_REPLY:
m = mreq;
siz = 0;
@@ -640,13 +645,15 @@
*mtod(m, u_int32_t *) =
htonl(0x80000000 | siz);
}
- nd->nd_mreq = m;
- if (nfsrtton) {
- nfsd_rt(slp->ns_so->so_type, nd,
- cacherep);
+ if (nd) {
+ nd->nd_mreq = m;
+ if (nfsrtton) {
+ nfsd_rt(slp->ns_so->so_type, nd,
+ cacherep);
+ }
+ error = nfsdsock_sendreply(slp, nd);
+ nd = NULL;
}
- error = nfsdsock_sendreply(slp, nd);
- nd = NULL;
if (error == EPIPE)
nfsrv_zapsock(slp);
if (error == EINTR || error == ERESTART) {
@@ -656,10 +663,12 @@
}
break;
case RC_DROPIT:
- if (nfsrtton)
- nfsd_rt(sotype, nd, cacherep);
- m_freem(nd->nd_mrep);
- m_freem(nd->nd_nam2);
+ if (nd) {
+ if (nfsrtton)
+ nfsd_rt(sotype, nd, cacherep);
+ m_freem(nd->nd_mrep);
+ m_freem(nd->nd_nam2);
+ }
break;
}
if (nd) {
Home |
Main Index |
Thread Index |
Old Index