ce426f
commit ed6b0fe710b631b99ed9fc28cefedfe69a16dc55
ce426f
Author: Brad Hubbard <bhubbard@redhat.com>
ce426f
Date:   Wed Mar 18 14:51:26 2015 +0530
ce426f
ce426f
    Use calloc to allocate xports (BZ #17542)
ce426f
    
ce426f
    If xports is NULL in xprt_register we malloc it but if sock >
ce426f
    _rpc_dtablesize() that memory does not get initialised and may in theory
ce426f
    contain any value. Later we make a conditional jump in svc_getreq_common
ce426f
    based on the uninitialised memory and this caused a general protection
ce426f
    fault in rpc.statd on an older version of glibc but this code has not
ce426f
    changed since that version.
ce426f
    
ce426f
    Following is the valgrind warning.
ce426f
    
ce426f
    ==26802== Conditional jump or move depends on uninitialised value(s)
ce426f
    ==26802==    at 0x5343A25: svc_getreq_common (in /lib64/libc-2.5.so)
ce426f
    ==26802==    by 0x534357B: svc_getreqset (in /lib64/libc-2.5.so)
ce426f
    ==26802==    by 0x10DE1F: ??? (in /sbin/rpc.statd)
ce426f
    ==26802==    by 0x10D0EF: main (in /sbin/rpc.statd)
ce426f
    ==26802==  Uninitialised value was created by a heap allocation
ce426f
    ==26802==    at 0x4C2210C: malloc (vg_replace_malloc.c:195)
ce426f
    ==26802==    by 0x53438BE: xprt_register (in /lib64/libc-2.5.so)
ce426f
    ==26802==    by 0x53450DF: svcudp_bufcreate (in /lib64/libc-2.5.so)
ce426f
    ==26802==    by 0x10FE32: ??? (in /sbin/rpc.statd)
ce426f
    ==26802==    by 0x10D13E: main (in /sbin/rpc.statd)
ce426f
ce426f
diff --git glibc-2.17-c758a686/sunrpc/svc.c glibc-2.17-c758a686/sunrpc/svc.c
ce426f
index 8c4e8a5..c6ccf10 100644
ce426f
--- glibc-2.17-c758a686/sunrpc/svc.c
ce426f
+++ glibc-2.17-c758a686/sunrpc/svc.c
ce426f
@@ -97,8 +97,8 @@ xprt_register (SVCXPRT *xprt)
ce426f
 
ce426f
   if (xports == NULL)
ce426f
     {
ce426f
-      xports = (SVCXPRT **) malloc (_rpc_dtablesize () * sizeof (SVCXPRT *));
ce426f
-      if (xports == NULL) /* DonĀ“t add handle */
ce426f
+      xports = (SVCXPRT **) calloc (_rpc_dtablesize (), sizeof (SVCXPRT *));
ce426f
+      if (xports == NULL) /* Don't add handle */
ce426f
 	return;
ce426f
     }
ce426f