Only do this if struct nfsm_info doesn't have local scope.
In some cases the caller would perfrom another m_freem and double free
the mbuf and Bad Things(TM) would happen.
Reported by Claes M Nyberg on bugs@; with & ok miod@
-/* $OpenBSD: nfs_serv.c,v 1.128 2024/09/10 18:44:04 miod Exp $ */
+/* $OpenBSD: nfs_serv.c,v 1.129 2024/09/11 12:22:34 claudio Exp $ */
/* $NetBSD: nfs_serv.c,v 1.34 1997/05/12 23:37:12 fvdl Exp $ */
/*
statuslen = 0;
(void)nfs_rephead(statuslen, nfsd, slp, error,
&infop->nmi_mreq, &infop->nmi_mb);
- if (infop->nmi_mrep != NULL) {
- m_freem(infop->nmi_mrep);
- infop->nmi_mrep = NULL;
- }
+ m_freem(infop->nmi_mrep);
+ infop->nmi_mrep = NULL;
*mrq = infop->nmi_mreq;
if (error && (!infop->nmi_v3 || error == EBADRPC))
return error;
-/* $OpenBSD: nfs_socket.c,v 1.152 2024/09/04 07:54:53 mglocker Exp $ */
+/* $OpenBSD: nfs_socket.c,v 1.153 2024/09/11 12:22:34 claudio Exp $ */
/* $NetBSD: nfs_socket.c,v 1.27 1996/04/15 20:20:00 thorpej Exp $ */
/*
if ((nmp->nm_flag & NFSMNT_NFSV3) &&
error == NFSERR_TRYLATER) {
m_freem(info.nmi_mrep);
+ info.nmi_mrep = NULL;
error = 0;
tsleep_nsec(&nowake, PSOCK, "nfsretry",
SEC_TO_NSEC(trylater_delay));
-/* $OpenBSD: nfs_vnops.c,v 1.201 2024/07/06 09:53:25 jsg Exp $ */
+/* $OpenBSD: nfs_vnops.c,v 1.202 2024/09/11 12:22:34 claudio Exp $ */
/* $NetBSD: nfs_vnops.c,v 1.62.4.1 1996/07/08 20:26:52 jtc Exp $ */
/*
error = nfs_loadattrcache(&ttvp, &infop->nmi_md, &infop->nmi_dpos, vap);
if (error != 0) {
m_freem(infop->nmi_mrep);
+ infop->nmi_mrep = NULL;
*infop->nmi_errorp = error;
return error;
}
size = fxdr_unsigned(int, *tl);
if (size <= 0 || size > NFSX_V3FHMAX) {
m_freem(infop->nmi_mrep);
+ infop->nmi_mrep = NULL;
*infop->nmi_errorp = EBADRPC;
return NULL;
}
error = nfs_nget(dvp->v_mount, ttfhp, ttfhsize, &ttnp);
if (error != 0) {
m_freem(infop->nmi_mrep);
+ infop->nmi_mrep = NULL;
*infop->nmi_errorp = error;
return error;
}
-/* $OpenBSD: nfsm_subs.h,v 1.48 2024/04/30 17:04:23 miod Exp $ */
+/* $OpenBSD: nfsm_subs.h,v 1.49 2024/09/11 12:22:34 claudio Exp $ */
/* $NetBSD: nfsm_subs.h,v 1.10 1996/03/20 21:59:56 fvdl Exp $ */
/*
error = nfsm_disct(&infop->nmi_md, &infop->nmi_dpos, s, avail, &ret);
if (error != 0) {
m_freem(infop->nmi_mrep);
+ infop->nmi_mrep = NULL;
*infop->nmi_errorp = error;
return NULL;
} else {
error = nfs_adv(&infop->nmi_md, &infop->nmi_dpos, s, avail);
if (error != 0) {
m_freem(infop->nmi_mrep);
+ infop->nmi_mrep = NULL;
*infop->nmi_errorp = error;
return error;
}
&infop->nmi_dpos, NULL);
if (error != 0) {
m_freem(infop->nmi_mrep);
+ infop->nmi_mrep = NULL;
*infop->nmi_errorp = error;
return error;
}
len = fxdr_unsigned(int32_t, *tl);
if (len < 0 || len > maxlen) {
m_freem(infop->nmi_mrep);
+ infop->nmi_mrep = NULL;
*infop->nmi_errorp = EBADRPC;
return 1;
}
error = nfsm_mbuftouio(&infop->nmi_md, uiop, len, &infop->nmi_dpos);
if (error != 0) {
m_freem(infop->nmi_mrep);
+ infop->nmi_mrep = NULL;
*infop->nmi_errorp = error;
return error;
}
{
if (len > maxlen) {
m_freem(infop->nmi_mreq);
+ infop->nmi_mreq = NULL;
*infop->nmi_errorp = ENAMETOOLONG;
return 1;
}