f49b8435bb
- libtirpc: be sure to free cl_netid and cl_tp - libtirpc: must free saved wire verifier when destroying context
94 lines
3.6 KiB
Diff
94 lines
3.6 KiB
Diff
commit 1c8c2bf2f0b81b0fa1992894679786619c048a1e
|
|
Author: Jeff Layton <jlayton@redhat.com>
|
|
Date: Fri Mar 13 12:44:16 2009 -0400
|
|
|
|
libtirpc: set r_netid and r_owner in __rpcb_findaddr_timed
|
|
|
|
These fields in the rpcbind GETADDR call are being passed uninitialized
|
|
to CLNT_CALL. In the case of x86_64 at least, this usually leads to a
|
|
segfault. On x86, it sometimes causes segfaults and other times causes
|
|
garbage to be sent on the wire.
|
|
|
|
rpcbind generally ignores the r_owner field for calls that come in over
|
|
the wire, so it really doesn't matter what we send in that slot. We just
|
|
need to send something. The reference implementation from Sun seems to
|
|
send a blank string. Have ours follow suit.
|
|
|
|
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
|
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
commit 956a049085101961593956d01084f7f713ea8ded
|
|
Author: Jeff Layton <jlayton@redhat.com>
|
|
Date: Fri Mar 13 12:47:36 2009 -0400
|
|
|
|
libtirpc: be sure to free cl_netid and cl_tp
|
|
|
|
When creating a client with clnt_tli_create, it uses strdup to copy
|
|
strings for these fields if nconf is passed in. clnt_dg_destroy frees
|
|
these strings already. Make sure clnt_vc_destroy frees them in the same
|
|
way.
|
|
|
|
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
|
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
commit fbe8b50728c565459f2678aa1ad4dfc6610d1f9e
|
|
Author: Jeff Layton <jlayton@redhat.com>
|
|
Date: Fri Mar 13 12:48:40 2009 -0400
|
|
|
|
libtirpc: must free saved wire verifier when destroying context
|
|
|
|
When we're destroying the authgss context, we must also free any
|
|
saved wire verifier that we have to keep from leaking memory.
|
|
|
|
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
|
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
diff -up libtirpc-0.1.10/src/auth_gss.c.orig libtirpc-0.1.10/src/auth_gss.c
|
|
--- libtirpc-0.1.10/src/auth_gss.c.orig 2009-03-13 13:07:58.000000000 -0400
|
|
+++ libtirpc-0.1.10/src/auth_gss.c 2009-03-13 13:09:25.000000000 -0400
|
|
@@ -567,6 +567,12 @@ authgss_destroy_context(AUTH *auth)
|
|
gss_delete_sec_context(&min_stat, &gd->ctx, NULL);
|
|
gd->ctx = GSS_C_NO_CONTEXT;
|
|
}
|
|
+
|
|
+ /* free saved wire verifier (if any) */
|
|
+ mem_free(gd->gc_wire_verf.value, gd->gc_wire_verf.length);
|
|
+ gd->gc_wire_verf.value = NULL;
|
|
+ gd->gc_wire_verf.length = 0;
|
|
+
|
|
gd->established = FALSE;
|
|
}
|
|
|
|
diff -up libtirpc-0.1.10/src/clnt_vc.c.orig libtirpc-0.1.10/src/clnt_vc.c
|
|
--- libtirpc-0.1.10/src/clnt_vc.c.orig 2008-11-19 08:01:43.000000000 -0500
|
|
+++ libtirpc-0.1.10/src/clnt_vc.c 2009-03-13 13:09:21.000000000 -0400
|
|
@@ -646,6 +646,10 @@ clnt_vc_destroy(cl)
|
|
if (ct->ct_addr.buf)
|
|
free(ct->ct_addr.buf);
|
|
mem_free(ct, sizeof(struct ct_data));
|
|
+ if (cl->cl_netid && cl->cl_netid[0])
|
|
+ mem_free(cl->cl_netid, strlen(cl->cl_netid) +1);
|
|
+ if (cl->cl_tp && cl->cl_tp[0])
|
|
+ mem_free(cl->cl_tp, strlen(cl->cl_tp) +1);
|
|
mem_free(cl, sizeof(CLIENT));
|
|
mutex_unlock(&clnt_fd_lock);
|
|
thr_sigsetmask(SIG_SETMASK, &(mask), NULL);
|
|
diff -up libtirpc-0.1.10/src/rpcb_clnt.c.orig libtirpc-0.1.10/src/rpcb_clnt.c
|
|
--- libtirpc-0.1.10/src/rpcb_clnt.c.orig 2008-11-19 08:01:43.000000000 -0500
|
|
+++ libtirpc-0.1.10/src/rpcb_clnt.c 2009-03-13 13:09:16.000000000 -0400
|
|
@@ -749,6 +749,13 @@ __rpcb_findaddr_timed(program, version,
|
|
parms.r_addr = NULL;
|
|
parms.r_prog = program;
|
|
parms.r_vers = version;
|
|
+ parms.r_netid = nconf->nc_netid;
|
|
+
|
|
+ /*
|
|
+ * According to wire captures, the reference implementation
|
|
+ * (OpenSolaris) sends a blank string here too.
|
|
+ */
|
|
+ parms.r_owner = "";
|
|
|
|
/*
|
|
* Use default total timeout if no timeout is specified.
|