commit 8d096a0572b955835f7f64f267a29047091e0a8e Author: Olaf Kirch Date: Wed Nov 12 16:10:53 2008 +0100 Fix a bug in clnt broadcast Before calling the replyproc function on a broadcast reply, we convert the server-provided address using uaddr2taddr. This may fail (eg if the server provided a garbage address), and return NULL. In this case, we should not call the replyproc function - because the caller expects the address netbuf to be a valid pointer, rather than NULL. Signed-off-by: Olaf Kirch diff --git a/src/clnt_bcast.c b/src/clnt_bcast.c index aa2b8f2..899eb76 100644 --- a/src/clnt_bcast.c +++ b/src/clnt_bcast.c @@ -607,9 +607,11 @@ rpc_broadcast_exp(prog, vers, proc, xargs, argsp, xresults, resultsp, #endif np = uaddr2taddr( fdlist[i].nconf, uaddrp); - done = (*eachresult)(resultsp, - np, fdlist[i].nconf); - free(np); + if (np != NULL) { + done = (*eachresult)(resultsp, + np, fdlist[i].nconf); + free(np); + } #ifdef PORTMAP } #endif /* PORTMAP */