From 134fd583cb50dc3751b5a34cbdfcd1a9677a2bf8 Mon Sep 17 00:00:00 2001 From: Conrad Meyer Date: Wed, 11 May 2016 22:33:20 +0000 Subject: [PATCH] route6d(8): Fix potential double-free In the case that the subsequent sysctl(3) call failed, 'buf' could be free(3)ed repeatedly. It isn't clear to me that that case is possible, but be clear and do the right thing in case it is. Reported by: Coverity CID: 272537 Sponsored by: EMC / Isilon Storage Division --- usr.sbin/route6d/route6d.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/usr.sbin/route6d/route6d.c b/usr.sbin/route6d/route6d.c index 3c3d9d30f8c..91c1d372ed9 100644 --- a/usr.sbin/route6d/route6d.c +++ b/usr.sbin/route6d/route6d.c @@ -2598,8 +2598,10 @@ krtread(int again) sleep(1); retry++; errmsg = NULL; - if (buf) + if (buf) { free(buf); + buf = NULL; + } if (sysctl(mib, 6, NULL, &msize, NULL, 0) < 0) { errmsg = "sysctl estimate"; continue;