K 10
svn:author
V 4
ngie
K 8
svn:date
V 27
2016-01-03T09:08:34.301634Z
K 7
svn:log
V 1139
MFC r286642,r286644,r286645,r286646:

r286642 (by oshogbo):

Make the nvlist_next(9) function handle NULL pointer variable.
This simplifies removing the first element from nvlist.

r286644 (by oshogbo):

Don't set parent if the unpack operation fail. In some
case this could crash the library, because of the NULL pointer references.

Discovered thanks to american fuzzy lop.

r286645 (by oshogbo):

The nvlist_move_nvpair() function can fail in two cases, if:
- the nvlist error is set, or
- the nvlist case ignore flag is not set and there is attend to
  add element with duplicated name.
In both cases the nvlist_move_nvpair() function free nvpair structure.
If library will try to unpack a binary blob which contains duplicated
names it will end up with using memory after free.

To prevent that, the nvlist_move_nvpair() function interface is changed
to report about failure and checks are added to the nvpair_xunpack()
function.

Discovered thanks to the american fuzzy lop.

r286646 (by oshogbo):

If any function fail (the ptr variable will be equal to NULL), we shouldn't
return buffer. Instead we should free it and return NULL.

END