|
|
00db10 |
commit ed6b0fe710b631b99ed9fc28cefedfe69a16dc55
|
|
|
00db10 |
Author: Brad Hubbard <bhubbard@redhat.com>
|
|
|
00db10 |
Date: Wed Mar 18 14:51:26 2015 +0530
|
|
|
00db10 |
|
|
|
00db10 |
Use calloc to allocate xports (BZ #17542)
|
|
|
00db10 |
|
|
|
00db10 |
If xports is NULL in xprt_register we malloc it but if sock >
|
|
|
00db10 |
_rpc_dtablesize() that memory does not get initialised and may in theory
|
|
|
00db10 |
contain any value. Later we make a conditional jump in svc_getreq_common
|
|
|
00db10 |
based on the uninitialised memory and this caused a general protection
|
|
|
00db10 |
fault in rpc.statd on an older version of glibc but this code has not
|
|
|
00db10 |
changed since that version.
|
|
|
00db10 |
|
|
|
00db10 |
Following is the valgrind warning.
|
|
|
00db10 |
|
|
|
00db10 |
==26802== Conditional jump or move depends on uninitialised value(s)
|
|
|
00db10 |
==26802== at 0x5343A25: svc_getreq_common (in /lib64/libc-2.5.so)
|
|
|
00db10 |
==26802== by 0x534357B: svc_getreqset (in /lib64/libc-2.5.so)
|
|
|
00db10 |
==26802== by 0x10DE1F: ??? (in /sbin/rpc.statd)
|
|
|
00db10 |
==26802== by 0x10D0EF: main (in /sbin/rpc.statd)
|
|
|
00db10 |
==26802== Uninitialised value was created by a heap allocation
|
|
|
00db10 |
==26802== at 0x4C2210C: malloc (vg_replace_malloc.c:195)
|
|
|
00db10 |
==26802== by 0x53438BE: xprt_register (in /lib64/libc-2.5.so)
|
|
|
00db10 |
==26802== by 0x53450DF: svcudp_bufcreate (in /lib64/libc-2.5.so)
|
|
|
00db10 |
==26802== by 0x10FE32: ??? (in /sbin/rpc.statd)
|
|
|
00db10 |
==26802== by 0x10D13E: main (in /sbin/rpc.statd)
|
|
|
00db10 |
|
|
|
00db10 |
diff --git glibc-2.17-c758a686/sunrpc/svc.c glibc-2.17-c758a686/sunrpc/svc.c
|
|
|
00db10 |
index 8c4e8a5..c6ccf10 100644
|
|
|
00db10 |
--- glibc-2.17-c758a686/sunrpc/svc.c
|
|
|
00db10 |
+++ glibc-2.17-c758a686/sunrpc/svc.c
|
|
|
00db10 |
@@ -97,8 +97,8 @@ xprt_register (SVCXPRT *xprt)
|
|
|
00db10 |
|
|
|
00db10 |
if (xports == NULL)
|
|
|
00db10 |
{
|
|
|
00db10 |
- xports = (SVCXPRT **) malloc (_rpc_dtablesize () * sizeof (SVCXPRT *));
|
|
|
00db10 |
- if (xports == NULL) /* DonĀ“t add handle */
|
|
|
00db10 |
+ xports = (SVCXPRT **) calloc (_rpc_dtablesize (), sizeof (SVCXPRT *));
|
|
|
00db10 |
+ if (xports == NULL) /* Don't add handle */
|
|
|
00db10 |
return;
|
|
|
00db10 |
}
|
|
|
00db10 |
|