rpm/libtirpc
SHA256
1
0
Fork 0
forked from pool/libtirpc
Code Pull Requests Activity
c3b2cb84b1
libtirpc/libtirpc-clntunix_create.patch
Stephan Kulow 6705ba4caf Accepting request 213497 from home:okir:branches:openSUSE:13.1:Update 
Next attempt to get this included into Factory...

This fixes several issues in libtirpc uncovered by automated testing.

OBS-URL: https://build.opensuse.org/request/show/213497
OBS-URL: https://build.opensuse.org/package/show/Base:System/libtirpc?expand=0&rev=37
2014-01-14 05:16:50 +00:00

71 lines
2.1 KiB
Diff
Raw Blame History

commit 79bf7950d8c8bc9d323887ba0e5fa7555aa6644a
Author: Olaf Kirch <okir@suse.de>
Date: Tue Feb 8 10:21:16 2011 +0100
Fix a crash in clntunix_create
Programs using clntunix_create would abort because glibc detected an
attempt to free a bad pointer. It turns out that clntunix_create
has two bugs:
- it sets up a struct netbuf to hold the sockaddr_un passed
into the function, but instead of copying the data, it
just assigns the sockaddr pointer - and eventually tries to
free that pointer.
- when setting up the netbuf, it uses sizeof(raddr) instead
of sizeof(*raddr).
Instead of doing the trivial fixes, I changed the function to use
the __rpc_set_netbuf utility function. While I was at it, I removed
an unused local variable.
Signed-off-by: Olaf Kirch <okir@suse.de>
---
src/rpc_soc.c | 20 ++++++--------------
1 file changed, 6 insertions(+), 14 deletions(-)
Index: libtirpc-0.2.4-rc2/src/rpc_soc.c
===================================================================
--- libtirpc-0.2.4-rc2.orig/src/rpc_soc.c
+++ libtirpc-0.2.4-rc2/src/rpc_soc.c
@@ -564,16 +564,12 @@ clntunix_create(raddr, prog, vers, sockp
u_int sendsz;
u_int recvsz;
{
- struct netbuf *svcaddr;
- CLIENT *cl;
+ struct netbuf svcaddr;
+ CLIENT *cl = NULL;
int len;
- cl = NULL;
- svcaddr = NULL;
- if (((svcaddr = malloc(sizeof(struct netbuf))) == NULL ) ||
- ((svcaddr->buf = malloc(sizeof(struct sockaddr_un))) == NULL)) {
- if (svcaddr != NULL)
- free(svcaddr);
+ memset(&svcaddr, 0, sizeof(svcaddr));
+ if (__rpc_set_netbuf(&svcaddr, raddr, sizeof(*raddr)) == NULL) {
rpc_createerr.cf_stat = RPC_SYSTEMERROR;
rpc_createerr.cf_error.re_errno = errno;
return(cl);
@@ -590,14 +586,10 @@ clntunix_create(raddr, prog, vers, sockp
goto done;
}
}
- svcaddr->buf = raddr;
- svcaddr->len = sizeof(raddr);
- svcaddr->maxlen = sizeof (struct sockaddr_un);
- cl = clnt_vc_create(*sockp, svcaddr, prog,
+ cl = clnt_vc_create(*sockp, &svcaddr, prog,
vers, sendsz, recvsz);
done:
- free(svcaddr->buf);
- free(svcaddr);
+ free(svcaddr.buf);
return(cl);
}
View Git Blame Copy Permalink