DragonFlyBSD Kernel Audit
← dashboard
DF-0207

Memory leak in clist_alloc_cblocks: old c_data never freed on resize

Summary

clist_alloc_cblocks(:61) kmalloc new data, bcopy from old(:71-74), cl->c_data=data(:80) WITHOUT kfree of old. Every ccmax change leaks old_ccmax*sizeof(short). Reachable: unpriv pty open+tcsetattr varying baud -> ttywatermarks -> clist_alloc_cblocks. Sustained -> kmem exhaustion DoS.