svn commit: r312047 - stable/10/contrib/bsnmp/lib
Ngie Cooper
ngie at FreeBSD.org
Fri Jan 13 08:55:39 UTC 2017
Author: ngie
Date: Fri Jan 13 08:55:37 2017
New Revision: 312047
URL: https://svnweb.freebsd.org/changeset/base/312047
Log:
MFC r310729:
Prevent improper memory accesses after calling snmp_pdu_free and snmp_value_free
snmp_pdu_free: set pdu->nbindings to 0 to limit the damage that
could happen if a pdu was reused after calling the function, and
as both stack and heap allocation types are used in contrib/bsnmp
and usr.sbin/bsnmpd.
snmp_value_free: NULL out value->v.octetstring.octets after calling
free on it to prevent a double-free from occurring.
Modified:
stable/10/contrib/bsnmp/lib/snmp.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/contrib/bsnmp/lib/snmp.c
==============================================================================
--- stable/10/contrib/bsnmp/lib/snmp.c Fri Jan 13 08:54:09 2017 (r312046)
+++ stable/10/contrib/bsnmp/lib/snmp.c Fri Jan 13 08:55:37 2017 (r312047)
@@ -1154,8 +1154,11 @@ snmp_pdu_dump(const struct snmp_pdu *pdu
void
snmp_value_free(struct snmp_value *value)
{
- if (value->syntax == SNMP_SYNTAX_OCTETSTRING)
+
+ if (value->syntax == SNMP_SYNTAX_OCTETSTRING) {
free(value->v.octetstring.octets);
+ value->v.octetstring.octets = NULL;
+ }
value->syntax = SNMP_SYNTAX_NULL;
}
@@ -1216,6 +1219,7 @@ snmp_pdu_free(struct snmp_pdu *pdu)
for (i = 0; i < pdu->nbindings; i++)
snmp_value_free(&pdu->bindings[i]);
+ pdu->nbindings = 0;
}
/*
More information about the svn-src-stable
mailing list