Date: Wed, 12 Aug 2009 16:27:51 +0000 (UTC) From: Rick Macklem <rmacklem@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/sys/xdr xdr_mbuf.c Message-ID: <200908121628.n7CGS10W012654@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
rmacklem 2009-08-12 16:27:51 UTC
FreeBSD src repository
Modified files:
sys/xdr xdr_mbuf.c
Log:
SVN rev 196149 on 2009-08-12 16:27:51Z by rmacklem
Add a check for a NULL mbuf ptr at the beginning of xdrmbuf_inline()
so that it returns failure instead of crashing when "m->m_len" is
executed and m == NULL. The mbuf ptr can be NULL when a call to
xdrmbuf_getbytes() gets the bytes it needs, but they are at the end
of a short RPC reply. When this happens, xdrmbuf_getbytes() returns
success, but advances the mbuf ptr (xdrs->x_private) to m_next, which
is NULL. If this is followed by a call to xdrmbuf_getlong(), it calls
xdrmbuf_inline(), which would cause a crash by accessing "m->m_len".
Tested by: pho, serenity at exscape dot org
Approved by: re (rwatson), kib (mentor)
Revision Changes Path
1.5 +2 -0 src/sys/xdr/xdr_mbuf.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200908121628.n7CGS10W012654>