Date: Tue, 12 Jan 2016 00:20:57 +0000 (UTC) From: Garrett Cooper <ngie@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r293715 - head/lib/libc/rpc Message-ID: <201601120020.u0C0KvlA054248@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ngie Date: Tue Jan 12 00:20:57 2016 New Revision: 293715 URL: https://svnweb.freebsd.org/changeset/base/293715 Log: Fix a mismerge from NetBSD in r162194 with `xdr_rpcb_entry_list_ptr(..)` This fixes the potential NULL pointer dereference properly, and also fixes memory leaks encountered in the process of iterating through `*rp`. MFC after: 1 week Found by: Valgrind Reported by: Dan Roberts <dan.roberts@isilon.com> Submitted by: Miles Ohlrich <miles.ohlrich@isilon.com> Sponsored by: EMC / Isilon Storage Division Modified: head/lib/libc/rpc/rpcb_prot.c Modified: head/lib/libc/rpc/rpcb_prot.c ============================================================================== --- head/lib/libc/rpc/rpcb_prot.c Tue Jan 12 00:12:18 2016 (r293714) +++ head/lib/libc/rpc/rpcb_prot.c Tue Jan 12 00:20:57 2016 (r293715) @@ -207,14 +207,14 @@ xdr_rpcb_entry_list_ptr(XDR *xdrs, rpcb_ * the case of freeing we must remember the next object * before we free the current object ... */ - if (freeing) + if (freeing && *rp) next = (*rp)->rpcb_entry_next; if (! xdr_reference(xdrs, (caddr_t *)rp, (u_int)sizeof (rpcb_entry_list), (xdrproc_t)xdr_rpcb_entry)) { return (FALSE); } - if (freeing && *rp) { + if (freeing) { next_copy = next; rp = &next_copy; /*
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201601120020.u0C0KvlA054248>