svn commit: r267076 - stable/9/sys/dev/aac
John Baldwin
jhb at FreeBSD.org
Wed Jun 4 18:32:42 UTC 2014
Author: jhb
Date: Wed Jun 4 18:32:41 2014
New Revision: 267076
URL: http://svnweb.freebsd.org/changeset/base/267076
Log:
MFC 266281:
Clear the data buffer length field when freeing a command structure so that
it doesn't leak through when the command structure is reused for a user
command without a data buffer.
PR: 189668
Approved by: re (delphij)
Modified:
stable/9/sys/dev/aac/aac.c
Directory Properties:
stable/9/sys/ (props changed)
stable/9/sys/dev/ (props changed)
Modified: stable/9/sys/dev/aac/aac.c
==============================================================================
--- stable/9/sys/dev/aac/aac.c Wed Jun 4 18:22:34 2014 (r267075)
+++ stable/9/sys/dev/aac/aac.c Wed Jun 4 18:32:41 2014 (r267076)
@@ -1408,6 +1408,7 @@ aac_release_command(struct aac_command *
fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
/* (re)initialize the command/FIB */
+ cm->cm_datalen = 0;
cm->cm_sgtable = NULL;
cm->cm_flags = 0;
cm->cm_complete = NULL;
More information about the svn-src-stable-9
mailing list