Date: Wed, 12 Aug 2009 20:30:27 +0000 (UTC) From: Rick Macklem <rmacklem@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/sys/xdr xdr_mbuf.c Message-ID: <200908122030.n7CKUftn044429@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
rmacklem 2009-08-12 20:30:27 UTC FreeBSD src repository Modified files: (Branch: RELENG_8) sys/xdr xdr_mbuf.c Log: SVN rev 196153 on 2009-08-12 20:30:27Z by rmacklem MFC r196149: Add a check for a NULL mbuf ptr at the beginning of xdrmbuf_inline() so that it returns failure instead of crashing when "m->m_len" is executed and m == NULL. The mbuf ptr can be NULL when a call to xdrmbuf_getbytes() gets the bytes it needs, but they are at the end of a short RPC reply. When this happens, xdrmbuf_getbytes() returns success, but advances the mbuf ptr (xdrs->x_private) to m_next, which is NULL. If this is followed by a call to xdrmbuf_getlong(), it calls xdrmbuf_inline(), which would cause a crash by accessing "m->m_len". Approved by: re (rwatson), kib (mentor) Revision Changes Path 1.4.2.2 +2 -0 src/sys/xdr/xdr_mbuf.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200908122030.n7CKUftn044429>