Page MenuHomeFreeBSD

Fix use-after-free error in nscd (CID 1006083)
Needs ReviewPublic

Authored by truckman on Jun 7 2016, 11:29 PM.
Tags
None
Referenced Files
Unknown Object (File)
Dec 20 2023, 12:00 AM
Unknown Object (File)
Jun 25 2023, 1:52 AM
Unknown Object (File)
May 3 2023, 10:16 PM
Unknown Object (File)
Apr 26 2023, 3:48 PM
Unknown Object (File)
Apr 8 2023, 9:17 PM
Unknown Object (File)
Oct 28 2016, 1:37 PM
Unknown Object (File)
Aug 15 2016, 6:23 PM
Unknown Object (File)
Jul 14 2016, 1:56 AM
Subscribers

Details

Reviewers
jhb
se
des
Summary

Coverity flagged a use-after-free error in the nscd cache_read
function. It noticed that find_res->value is getting freed
before it gets passed to memcpy(). It looks like the problem
is a missing return (-1) inside the

	    if (find_res->fifo_policy_item->last_request_time.tv_sec -
	        find_res->fifo_policy_item->creation_time.tv_sec
	        common_entry->common_params.max_lifetime.tv_sec) {

block.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 4141
Build 4184: arc lint + arc unit

Event Timeline

truckman retitled this revision from to Fix use-after-free error in nscd (CID 1006083).
truckman updated this object.
truckman edited the test plan for this revision. (Show Details)
truckman added reviewers: jhb, se, des.