From owner-freebsd-net@FreeBSD.ORG  Fri Apr 27 21:48:53 2012
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id CE8EF106564A
	for <net@freebsd.org>; Fri, 27 Apr 2012 21:48:53 +0000 (UTC)
	(envelope-from mattmiller1@gmail.com)
Received: from mail-vx0-f182.google.com (mail-vx0-f182.google.com
	[209.85.220.182])
	by mx1.freebsd.org (Postfix) with ESMTP id 8810A8FC08
	for <net@freebsd.org>; Fri, 27 Apr 2012 21:48:53 +0000 (UTC)
Received: by vcmm1 with SMTP id m1so1167584vcm.13
	for <net@freebsd.org>; Fri, 27 Apr 2012 14:48:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=mime-version:sender:from:date:x-google-sender-auth:message-id
	:subject:to:content-type;
	bh=1pJO2ZNOzPwxcI1dEF2DKLScbD/03FpWF7Ef2iuQ7xA=;
	b=TGW8y+/OIZCFqnC6K93Qi1iNHyRbKEJivPjuTZvkPzvnywHEBgdip94WMz7HvufKt7
	f6LhbFHHE9eB6CjgcGXp9jCz56gAuNb5zxVTPmIfW0EqNWiaw7DOLfsoa/dfv1pRqof5
	1sRhccYydr4RCOQYZovbjZQIzmbV9vB6yXEm2/Tu6VltnLzOPvwdM9jjQa46WO2RzNjI
	4sL1vZe5eXGNKI1b/ITzpDQ/ZjZW28e/mwSQOCFeHNUxRikNOIkVMOaqr5u05Hg/eTv/
	cVklC0i926pCIC+u/JVc1CFwJ/ruBoHJycS59r/5ch+Pv5tZAQNS1itipA6Oce71Njz8
	Kamw==
Received: by 10.220.63.9 with SMTP id z9mr12749788vch.64.1335563326901; Fri,
	27 Apr 2012 14:48:46 -0700 (PDT)
MIME-Version: 1.0
Sender: mattmiller1@gmail.com
Received: by 10.220.178.12 with HTTP; Fri, 27 Apr 2012 14:48:06 -0700 (PDT)
From: Matt Miller <matt@matthewjmiller.net>
Date: Fri, 27 Apr 2012 17:48:06 -0400
X-Google-Sender-Auth: Aqw6-odwrFfJN2Yuf2ZxJD7hbiE
Message-ID: <CAFc6gu-VNpk966JwRwUEiMvQFDds-ryErS5DLk3f-Oh6Qf-_5g@mail.gmail.com>
To: net@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1
Cc: 
Subject: Alloc Error Handling in lib/libc/rpc/svc.c
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Apr 2012 21:48:53 -0000

In an OOM condition, we noticed a couple of mem_alloc handling bugs in
this file.  Please let me know if a PR should be opened for these.

- No NULL checks after mem_alloc()'s:

SVCXPRT *
svc_xprt_alloc()
{
	SVCXPRT *xprt;
	SVCXPRT_EXT *ext;

	xprt = mem_alloc(sizeof(SVCXPRT));
	memset(xprt, 0, sizeof(SVCXPRT));
	ext = mem_alloc(sizeof(SVCXPRT_EXT));
	memset(ext, 0, sizeof(SVCXPRT_EXT));
	xprt->xp_p3 = ext;
	ext->xp_auth.svc_ah_ops = &svc_auth_null_ops;

	return (xprt);
}

- No lock release if mem_alloc() returns NULL:

void
xprt_register(xprt)
	SVCXPRT *xprt;
{
	int sock;

	assert(xprt != NULL);

	sock = xprt->xp_fd;

	rwlock_wrlock(&svc_fd_lock);
	if (__svc_xports == NULL) {
		__svc_xports = (SVCXPRT **)
			mem_alloc(FD_SETSIZE * sizeof(SVCXPRT *));
		if (__svc_xports == NULL)
			return;
		memset(__svc_xports, '\0', FD_SETSIZE * sizeof(SVCXPRT *));
	}
	if (sock < FD_SETSIZE) {
		__svc_xports[sock] = xprt;
		FD_SET(sock, &svc_fdset);
		svc_maxfd = max(svc_maxfd, sock);
	}
	rwlock_unlock(&svc_fd_lock);
}

Thanks,

Matt