| Message ID | 1366310898-9206-1-git-send-email-steved@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On 18/04/13 14:48, Steve Dickson wrote: > commit 82cc2e61 (SVCAUTH_WRAP/SVCAUTH_UNWRAP) introduce a regression > that causes callers of svc_getargs() to crash when svc_freeargs() frees > args points that are allocated on the stack. > > svc_getargs() should let the callers do the freeing and not make any > assumptions on the type of memory passed in. > > Also see: > https://bugzilla.redhat.com/show_bug.cgi?id=948378 > and > CVE-2013-1950 EMBARGOED rpcbind: invalid pointer free leads to crash > > Signed-off-by: Steve Dickson <steved@redhat.com> Committed... steved. > --- > src/svc_dg.c | 1 - > 1 file changed, 1 deletion(-) > > diff --git a/src/svc_dg.c b/src/svc_dg.c > index b1ac462..6e00191 100644 > --- a/src/svc_dg.c > +++ b/src/svc_dg.c > @@ -284,7 +284,6 @@ svc_dg_getargs(xprt, xdr_args, args_ptr) > { > if (! SVCAUTH_UNWRAP(xprt->xp_auth, &(su_data(xprt)->su_xdrs), > xdr_args, args_ptr)) { > - (void)svc_freeargs(xprt, xdr_args, args_ptr); > return FALSE; > } > return TRUE; > -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/src/svc_dg.c b/src/svc_dg.c index b1ac462..6e00191 100644 --- a/src/svc_dg.c +++ b/src/svc_dg.c @@ -284,7 +284,6 @@ svc_dg_getargs(xprt, xdr_args, args_ptr) { if (! SVCAUTH_UNWRAP(xprt->xp_auth, &(su_data(xprt)->su_xdrs), xdr_args, args_ptr)) { - (void)svc_freeargs(xprt, xdr_args, args_ptr); return FALSE; } return TRUE;
commit 82cc2e61 (SVCAUTH_WRAP/SVCAUTH_UNWRAP) introduce a regression that causes callers of svc_getargs() to crash when svc_freeargs() frees args points that are allocated on the stack. svc_getargs() should let the callers do the freeing and not make any assumptions on the type of memory passed in. Also see: https://bugzilla.redhat.com/show_bug.cgi?id=948378 and CVE-2013-1950 EMBARGOED rpcbind: invalid pointer free leads to crash Signed-off-by: Steve Dickson <steved@redhat.com> --- src/svc_dg.c | 1 - 1 file changed, 1 deletion(-)