rpms
/
libtirpc
7
0
Fork 0
Code Issues Pull Requests Releases Activity

rpcb_clnt.c: Eliminate double frees in delete_cache() (RHEL-11183) 

commit 1d2e10afb2ffc35cb3623f57a15f712359f18e75
Author: Herb Wartens <wartens2@llnl.gov>
Date:   Tue Aug 1 10:36:16 2023 -0400

    rpcb_clnt.c: Eliminate double frees in delete_cache()

    Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2224666
    Signed-off-by: Steve Dickson <steved@redhat.com>

Signed-off-by: Steve Dickson <steved@redhat.com>
Resolves: RHEL-11183
This commit is contained in:
Steve Dickson 2024-03-05 04:03:05 -05:00
parent b1fbacc836
commit 97a014bbe9
2 changed files with 37 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
libtirpc-1.3.3-double-free.patch Normal file
View File

@ -0,0 +1,32 @@
commit 1d2e10afb2ffc35cb3623f57a15f712359f18e75
Author: Herb Wartens <wartens2@llnl.gov>
Date: Tue Aug 1 10:36:16 2023 -0400
rpcb_clnt.c: Eliminate double frees in delete_cache()
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2224666
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/src/rpcb_clnt.c b/src/rpcb_clnt.c
index c0a9e12..68fe69a 100644
--- a/src/rpcb_clnt.c
+++ b/src/rpcb_clnt.c
@@ -262,12 +262,15 @@ delete_cache(addr)
for (cptr = front; cptr != NULL; cptr = cptr->ac_next) {
if (!memcmp(cptr->ac_taddr->buf, addr->buf, addr->len)) {
/* Unlink from cache. We'll destroy it after releasing the mutex. */
- if (cptr->ac_uaddr)
+ if (cptr->ac_uaddr) {
free(cptr->ac_uaddr);
- if (prevptr)
+ cptr->ac_uaddr = NULL;
+ }
+ if (prevptr) {
prevptr->ac_next = cptr->ac_next;
- else
+ } else {
front = cptr->ac_next;
+ }
cachesize--;
break;
}

6
libtirpc.spec
View File

@ -2,7 +2,7 @@
Name: libtirpc
Version: 1.3.3
Release: 5%{?dist}
Release: 6%{?dist}
Summary: Transport Independent RPC Library
License: SISSL and BSD
URL: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=summary
@ -29,6 +29,7 @@ Patch003: libtirpc-1.3.3-dos-sleep.patch
#
Patch004: libtirpc-1.3.3-null-ptrs-not-reused.patch
Patch005: libtirpc-1.3.3-gssd-context-creation.patch
Patch006: libtirpc-1.3.3-double-free.patch
%description
This package contains SunLib's implementation of transport-independent
@ -129,6 +130,9 @@ mv %{buildroot}%{_mandir}/man3 %{buildroot}%{_mandir}/man3t
%{_mandir}/*/*
%changelog
* Tue Mar 5 2024 Steve Dickson <steved@redhat.com> - 1.3.3-6
- rpcb_clnt.c: Eliminate double frees in delete_cache() (RHEL-11183)
* Mon Mar 4 2024 Steve Dickson <steved@redhat.com> - 1.3.3-5
- Fix rpc_gss_seccreate() usage of the passed in gss credential. (RHEL-27936)