Mercurial > illumos > illumos-gate

changeset 10236:23107305f797

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
6857836 groupListIoctl()/groupMemberListIoctl() can corrupt memory
author srivijitha dugganapalli <Srivijitha.Dugganapalli@Sun.COM>
date Fri, 31 Jul 2009 16:30:06 -0600
parents e7fdfb407eae
children 1cca4617b3a8
files usr/src/lib/libstmf/common/stmf.c
diffstat 1 files changed, 4 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/usr/src/lib/libstmf/common/stmf.c	Fri Jul 31 14:39:12 2009 -0700
+++ b/usr/src/lib/libstmf/common/stmf.c	Fri Jul 31 16:30:06 2009 -0600
@@ -3125,8 +3125,8 @@
 	}
 
 	/* allocate and copy to caller's buffer */
-	*groupList = (stmfGroupList *)calloc(1, sizeof (stmfGroupList) *
-	    stmfIoctl.stmf_obuf_nentries);
+	*groupList = (stmfGroupList *)calloc(1, sizeof (stmfGroupList) +
+	    sizeof (stmfGroupName) * stmfIoctl.stmf_obuf_nentries);
 	if (*groupList == NULL) {
 		ret = STMF_ERROR_NOMEM;
 		goto done;
@@ -3272,7 +3272,8 @@
 
 	/* allocate and copy to caller's buffer */
 	*groupProps = (stmfGroupProperties *)calloc(1,
-	    sizeof (stmfGroupProperties) * stmfIoctl.stmf_obuf_nentries);
+	    sizeof (stmfGroupProperties) +
+	    sizeof (stmfDevid) * stmfIoctl.stmf_obuf_nentries);
 	if (*groupProps == NULL) {
 		ret = STMF_ERROR_NOMEM;
 		goto done;