Commit 5d0df6de authored Nov 15, 2016 by Stefan Hajnoczi

Merge remote-tracking branch 'sthibault/tags/samuel-thibault' into staging



slirp updates

# gpg: Signature made Mon 14 Nov 2016 08:19:16 PM GMT
# gpg:                using RSA key 0xA003196827414880
# gpg: Good signature from "Samuel Thibault <samuel.thibault@u-bordeaux.fr>"
# gpg:                 aka "Samuel Thibault <sthibault@debian.org>"
# gpg:                 aka "Samuel Thibault <samuel.thibault@gnu.org>"
# gpg:                 aka "Samuel Thibault <samuel.thibault@inria.fr>"
# gpg:                 aka "Samuel Thibault <samuel.thibault@labri.fr>"
# gpg:                 aka "Samuel Thibault <samuel.thibault@ens-lyon.org>"
# Primary key fingerprint: 900C B024 B679 31D4 0F82  304B D017 8C76 7D06 9EE6
#      Subkey fingerprint: 6B0F AC21 8566 46E9 4AA2  D200 A003 1968 2741 4880

* sthibault/tags/samuel-thibault:
  slirp: Fix access to freed memory

Message-id: 20161114202030.17685-1-samuel.thibault@ens-lyon.org
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

parents 972d233b ea64d5f0

slirp/socket.c

+17 −0

Original line number	Diff line number	Diff line
		@@ -66,6 +66,23 @@ void
		sofree(struct socket *so)
		{
		Slirp *slirp = so->slirp;
		struct mbuf *ifm;

		for (ifm = (struct mbuf *) slirp->if_fastq.qh_link;
		(struct quehead *) ifm != &slirp->if_fastq;
		ifm = ifm->ifq_next) {
		if (ifm->ifq_so == so) {
		ifm->ifq_so = NULL;
		}
		}

		for (ifm = (struct mbuf *) slirp->if_batchq.qh_link;
		(struct quehead *) ifm != &slirp->if_batchq;
		ifm = ifm->ifq_next) {
		if (ifm->ifq_so == so) {
		ifm->ifq_so = NULL;
		}
		}

		if (so->so_emu==EMU_RSH && so->extra) {
		sofree(so->extra);