Date: Wed, 12 Aug 2009 20:30:27 +0000 (UTC) From: Rick Macklem <rmacklem@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/sys/xdr xdr_mbuf.c Message-ID: <200908122030.n7CKUftn044429@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
rmacklem 2009-08-12 20:30:27 UTC
FreeBSD src repository
Modified files: (Branch: RELENG_8)
sys/xdr xdr_mbuf.c
Log:
SVN rev 196153 on 2009-08-12 20:30:27Z by rmacklem
MFC r196149:
Add a check for a NULL mbuf ptr at the beginning of xdrmbuf_inline()
so that it returns failure instead of crashing when "m->m_len" is
executed and m == NULL. The mbuf ptr can be NULL when a call to
xdrmbuf_getbytes() gets the bytes it needs, but they are at the end
of a short RPC reply. When this happens, xdrmbuf_getbytes() returns
success, but advances the mbuf ptr (xdrs->x_private) to m_next, which
is NULL. If this is followed by a call to xdrmbuf_getlong(), it calls
xdrmbuf_inline(), which would cause a crash by accessing "m->m_len".
Approved by: re (rwatson), kib (mentor)
Revision Changes Path
1.4.2.2 +2 -0 src/sys/xdr/xdr_mbuf.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200908122030.n7CKUftn044429>