From f49b8435bb95491ae0a4a9c3cb5655723717ef87 Mon Sep 17 00:00:00 2001
From: Steve Dickson <steved@fedoraproject.org>
Date: Fri, 13 Mar 2009 17:15:08 +0000
Subject: [PATCH] - libtirpc: set r_netid and r_owner in __rpcb_findaddr_timed
 - libtirpc: be sure to free cl_netid and cl_tp - libtirpc: must free saved
 wire verifier when destroying context

---
 libtirpc-0.1.10-rc1.patch | 93 +++++++++++++++++++++++++++++++++++++++
 libtirpc.spec             |  9 +++-
 2 files changed, 101 insertions(+), 1 deletion(-)
 create mode 100644 libtirpc-0.1.10-rc1.patch

diff --git a/libtirpc-0.1.10-rc1.patch b/libtirpc-0.1.10-rc1.patch
new file mode 100644
index 0000000..5a21ee7
--- /dev/null
+++ b/libtirpc-0.1.10-rc1.patch
@@ -0,0 +1,93 @@
+commit 1c8c2bf2f0b81b0fa1992894679786619c048a1e
+Author: Jeff Layton <jlayton@redhat.com>
+Date:   Fri Mar 13 12:44:16 2009 -0400
+
+    libtirpc: set r_netid and r_owner in __rpcb_findaddr_timed
+    
+    These fields in the rpcbind GETADDR call are being passed uninitialized
+    to CLNT_CALL. In the case of x86_64 at least, this usually leads to a
+    segfault. On x86, it sometimes causes segfaults and other times causes
+    garbage to be sent on the wire.
+    
+    rpcbind generally ignores the r_owner field for calls that come in over
+    the wire, so it really doesn't matter what we send in that slot. We just
+    need to send something. The reference implementation from Sun seems to
+    send a blank string. Have ours follow suit.
+    
+    Signed-off-by: Jeff Layton <jlayton@redhat.com>
+    Signed-off-by: Steve Dickson <steved@redhat.com>
+
+commit 956a049085101961593956d01084f7f713ea8ded
+Author: Jeff Layton <jlayton@redhat.com>
+Date:   Fri Mar 13 12:47:36 2009 -0400
+
+    libtirpc: be sure to free cl_netid and cl_tp
+    
+    When creating a client with clnt_tli_create, it uses strdup to copy
+    strings for these fields if nconf is passed in. clnt_dg_destroy frees
+    these strings already. Make sure clnt_vc_destroy frees them in the same
+    way.
+    
+    Signed-off-by: Jeff Layton <jlayton@redhat.com>
+    Signed-off-by: Steve Dickson <steved@redhat.com>
+
+commit fbe8b50728c565459f2678aa1ad4dfc6610d1f9e
+Author: Jeff Layton <jlayton@redhat.com>
+Date:   Fri Mar 13 12:48:40 2009 -0400
+
+    libtirpc: must free saved wire verifier when destroying context
+    
+    When we're destroying the authgss context, we must also free any
+    saved wire verifier that we have to keep from leaking memory.
+    
+    Signed-off-by: Jeff Layton <jlayton@redhat.com>
+    Signed-off-by: Steve Dickson <steved@redhat.com>
+
+
+diff -up libtirpc-0.1.10/src/auth_gss.c.orig libtirpc-0.1.10/src/auth_gss.c
+--- libtirpc-0.1.10/src/auth_gss.c.orig	2009-03-13 13:07:58.000000000 -0400
++++ libtirpc-0.1.10/src/auth_gss.c	2009-03-13 13:09:25.000000000 -0400
+@@ -567,6 +567,12 @@ authgss_destroy_context(AUTH *auth)
+ 		gss_delete_sec_context(&min_stat, &gd->ctx, NULL);
+ 		gd->ctx = GSS_C_NO_CONTEXT;
+ 	}
++
++	/* free saved wire verifier (if any) */
++	mem_free(gd->gc_wire_verf.value, gd->gc_wire_verf.length);
++	gd->gc_wire_verf.value = NULL;
++	gd->gc_wire_verf.length = 0;
++
+ 	gd->established = FALSE;
+ }
+ 
+diff -up libtirpc-0.1.10/src/clnt_vc.c.orig libtirpc-0.1.10/src/clnt_vc.c
+--- libtirpc-0.1.10/src/clnt_vc.c.orig	2008-11-19 08:01:43.000000000 -0500
++++ libtirpc-0.1.10/src/clnt_vc.c	2009-03-13 13:09:21.000000000 -0400
+@@ -646,6 +646,10 @@ clnt_vc_destroy(cl)
+ 	if (ct->ct_addr.buf)
+ 		free(ct->ct_addr.buf);
+ 	mem_free(ct, sizeof(struct ct_data));
++	if (cl->cl_netid && cl->cl_netid[0])
++		mem_free(cl->cl_netid, strlen(cl->cl_netid) +1);
++	if (cl->cl_tp && cl->cl_tp[0])
++		mem_free(cl->cl_tp, strlen(cl->cl_tp) +1);
+ 	mem_free(cl, sizeof(CLIENT));
+ 	mutex_unlock(&clnt_fd_lock);
+ 	thr_sigsetmask(SIG_SETMASK, &(mask), NULL);
+diff -up libtirpc-0.1.10/src/rpcb_clnt.c.orig libtirpc-0.1.10/src/rpcb_clnt.c
+--- libtirpc-0.1.10/src/rpcb_clnt.c.orig	2008-11-19 08:01:43.000000000 -0500
++++ libtirpc-0.1.10/src/rpcb_clnt.c	2009-03-13 13:09:16.000000000 -0400
+@@ -749,6 +749,13 @@ __rpcb_findaddr_timed(program, version, 
+ 	parms.r_addr = NULL;
+ 	parms.r_prog = program;
+ 	parms.r_vers = version;
++	parms.r_netid = nconf->nc_netid;
++
++	/*
++	 * According to wire captures, the reference implementation
++	 * (OpenSolaris) sends a blank string here too.
++	 */
++	parms.r_owner = "";
+ 
+ 	/*
+ 	 * Use default total timeout if no timeout is specified.
diff --git a/libtirpc.spec b/libtirpc.spec
index f372f42..a897647 100644
--- a/libtirpc.spec
+++ b/libtirpc.spec
@@ -1,6 +1,6 @@
 Name:		   libtirpc
 Version:		0.1.10
-Release:		5%{?dist}
+Release:		6%{?dist}
 Summary:		Transport Independent RPC Library
 Group:		  	System Environment/Libraries
 License:		SISSL
@@ -36,6 +36,7 @@ Patch03: libtirpc-0.1.10-C++declares.patch
 Patch04: libtirpc-0.1.10-svcreq-compat.patch
 Patch05: libtirpc-0.1.10-warnings.patch
 Patch06: libtirpc-0.1.10-uuid_t.patch
+Patch07: libtirpc-0.1.10-rc1.patch
 
 Patch100: libtirpc-0.1.7-compile.patch
 
@@ -52,6 +53,7 @@ developing programs which use the tirpc library.
 %patch04	-p1
 %patch05	-p1
 %patch06	-p1
+%patch07	-p1
 
 %patch100	-p1
 
@@ -150,6 +152,11 @@ rm -rf %{buildroot}
 %{_mandir}/*/*
 
 %changelog
+* Fri Mar 13 2009 Steve Dickson  <steved@redhat.com> 0.1.10-6
+- libtirpc: set r_netid and r_owner in __rpcb_findaddr_timed
+- libtirpc: be sure to free cl_netid and cl_tp
+- libtirpc: must free saved wire verifier when destroying context
+
 * Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.1.10-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild