Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 27 Apr 2012 17:48:06 -0400
From:      Matt Miller <matt@matthewjmiller.net>
To:        net@freebsd.org
Subject:   Alloc Error Handling in lib/libc/rpc/svc.c
Message-ID:  <CAFc6gu-VNpk966JwRwUEiMvQFDds-ryErS5DLk3f-Oh6Qf-_5g@mail.gmail.com>
next in thread | raw e-mail | index | archive | help 
In an OOM condition, we noticed a couple of mem_alloc handling bugs in
this file.  Please let me know if a PR should be opened for these.

- No NULL checks after mem_alloc()'s:

SVCXPRT *
svc_xprt_alloc()
{
	SVCXPRT *xprt;
	SVCXPRT_EXT *ext;

	xprt = mem_alloc(sizeof(SVCXPRT));
	memset(xprt, 0, sizeof(SVCXPRT));
	ext = mem_alloc(sizeof(SVCXPRT_EXT));
	memset(ext, 0, sizeof(SVCXPRT_EXT));
	xprt->xp_p3 = ext;
	ext->xp_auth.svc_ah_ops = &svc_auth_null_ops;

	return (xprt);
}

- No lock release if mem_alloc() returns NULL:

void
xprt_register(xprt)
	SVCXPRT *xprt;
{
	int sock;

	assert(xprt != NULL);

	sock = xprt->xp_fd;

	rwlock_wrlock(&svc_fd_lock);
	if (__svc_xports == NULL) {
		__svc_xports = (SVCXPRT **)
			mem_alloc(FD_SETSIZE * sizeof(SVCXPRT *));
		if (__svc_xports == NULL)
			return;
		memset(__svc_xports, '\0', FD_SETSIZE * sizeof(SVCXPRT *));
	}
	if (sock < FD_SETSIZE) {
		__svc_xports[sock] = xprt;
		FD_SET(sock, &svc_fdset);
		svc_maxfd = max(svc_maxfd, sock);
	}
	rwlock_unlock(&svc_fd_lock);
}

Thanks,

Matt

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFc6gu-VNpk966JwRwUEiMvQFDds-ryErS5DLk3f-Oh6Qf-_5g>