From a3ce3b6d35ac6808f2799b90c2db8eb2f3d5e62d Mon Sep 17 00:00:00 2001 From: Pawel Jakub Dawidek Date: Sat, 14 Mar 2009 20:40:06 +0000 Subject: [PATCH] - Correct logic in if statement - we want to allocate temporary buffer when someone is passing new rules, not when he only want to read them. Because of this bug, even if the given rules were incorrect, they ended up in rule_string. - Add missing protection for rule_string when coping it. Reviewed by: rwatson MFC after: 1 week --- sys/security/mac_portacl/mac_portacl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sys/security/mac_portacl/mac_portacl.c b/sys/security/mac_portacl/mac_portacl.c index aceda6908b1..f54319aca93 100644 --- a/sys/security/mac_portacl/mac_portacl.c +++ b/sys/security/mac_portacl/mac_portacl.c @@ -341,10 +341,12 @@ sysctl_rules(SYSCTL_HANDLER_ARGS) int error; new_string = NULL; - if (req->newptr == NULL) { + if (req->newptr != NULL) { new_string = malloc(MAC_RULE_STRING_LEN, M_PORTACL, M_WAITOK | M_ZERO); + mtx_lock(&rule_mtx); strcpy(new_string, rule_string); + mtx_unlock(&rule_mtx); string = new_string; } else string = rule_string;