From b2d68f13bb7484d76910cd423eb56af1ccf19caf Mon Sep 17 00:00:00 2001
From: sbruno <sbruno@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
Date: Fri, 6 May 2016 19:11:47 +0000
Subject: [PATCH] MFC r298279

Plug memory leak in ctl(4) when ctl_copyin_args() is called with a non-
null terminated ASCII string.

PR:		207626
Submitted by:	cturt@hardenedbsd.org


git-svn-id: svn://svn.freebsd.org/base/stable/10@299191 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
---
 sys/cam/ctl/ctl.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sys/cam/ctl/ctl.c b/sys/cam/ctl/ctl.c
index 68f788189..1d0d9ce10 100644
--- a/sys/cam/ctl/ctl.c
+++ b/sys/cam/ctl/ctl.c
@@ -2447,6 +2447,7 @@ ctl_copyin_args(int num_args, struct ctl_be_arg *uargs,
 			 && (tmpptr[args[i].vallen - 1] != '\0')) {
 				snprintf(error_str, error_str_len, "Argument "
 				    "%d value is not NUL-terminated", i);
+				free(tmpptr, M_CTL);
 				goto bailout;
 			}
 			args[i].kvalue = tmpptr;
-- 
2.45.0