After calling m_freem() on nmi_mrep (or nmi_mreq) set the pointer to NULL.
authorclaudio <claudio@openbsd.org>
Wed, 11 Sep 2024 12:22:34 +0000 (12:22 +0000)
committerclaudio <claudio@openbsd.org>
Wed, 11 Sep 2024 12:22:34 +0000 (12:22 +0000)
commitdf0421f788c05a447b4b21994ae20d538867f53b
tree534e45d9de29b2270fc6925b50bd12fc23821b3d
parent5fbfb4702d738833d89525666b7698bf7f462c3f
After calling m_freem() on nmi_mrep (or nmi_mreq) set the pointer to NULL.

Only do this if struct nfsm_info doesn't have local scope.
In some cases the caller would perfrom another m_freem and double free
the mbuf and Bad Things(TM) would happen.

Reported by Claes M Nyberg on bugs@; with & ok miod@
sys/nfs/nfs_serv.c
sys/nfs/nfs_socket.c
sys/nfs/nfs_vnops.c
sys/nfs/nfsm_subs.h