linux-nfs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] svc_getargs(): Should not be freeing arg pointers on failures
@ 2013-04-18 18:48 Steve Dickson
  2013-04-22 12:18 ` [Libtirpc-devel] " Steve Dickson
  0 siblings, 1 reply; 2+ messages in thread
From: Steve Dickson @ 2013-04-18 18:48 UTC (permalink / raw)
  To: Libtirpc-devel Mailing List; +Cc: Linux NFS Mailing list

commit 82cc2e61 (SVCAUTH_WRAP/SVCAUTH_UNWRAP) introduce a regression
that causes callers of svc_getargs() to crash when svc_freeargs() frees
args points that are allocated on the stack.

svc_getargs() should let the callers do the freeing and not make any
assumptions on the type of memory passed in.

Also see:
    https://bugzilla.redhat.com/show_bug.cgi?id=948378
and
    CVE-2013-1950 EMBARGOED rpcbind: invalid pointer free leads to crash

Signed-off-by: Steve Dickson <steved@redhat.com>
---
 src/svc_dg.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/svc_dg.c b/src/svc_dg.c
index b1ac462..6e00191 100644
--- a/src/svc_dg.c
+++ b/src/svc_dg.c
@@ -284,7 +284,6 @@ svc_dg_getargs(xprt, xdr_args, args_ptr)
 {
 	if (! SVCAUTH_UNWRAP(xprt->xp_auth, &(su_data(xprt)->su_xdrs),
 			     xdr_args, args_ptr)) {
-		(void)svc_freeargs(xprt, xdr_args, args_ptr);
 		return FALSE;
 	}
 	return TRUE;
-- 
1.8.1.4


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [Libtirpc-devel] [PATCH] svc_getargs(): Should not be freeing arg pointers on failures
  2013-04-18 18:48 [PATCH] svc_getargs(): Should not be freeing arg pointers on failures Steve Dickson
@ 2013-04-22 12:18 ` Steve Dickson
  0 siblings, 0 replies; 2+ messages in thread
From: Steve Dickson @ 2013-04-22 12:18 UTC (permalink / raw)
  To: Steve Dickson; +Cc: Libtirpc-devel Mailing List, Linux NFS Mailing list



On 18/04/13 14:48, Steve Dickson wrote:
> commit 82cc2e61 (SVCAUTH_WRAP/SVCAUTH_UNWRAP) introduce a regression
> that causes callers of svc_getargs() to crash when svc_freeargs() frees
> args points that are allocated on the stack.
> 
> svc_getargs() should let the callers do the freeing and not make any
> assumptions on the type of memory passed in.
> 
> Also see:
>     https://bugzilla.redhat.com/show_bug.cgi?id=948378
> and
>     CVE-2013-1950 EMBARGOED rpcbind: invalid pointer free leads to crash
> 
> Signed-off-by: Steve Dickson <steved@redhat.com>
Committed...

steved.

> ---
>  src/svc_dg.c | 1 -
>  1 file changed, 1 deletion(-)
> 
> diff --git a/src/svc_dg.c b/src/svc_dg.c
> index b1ac462..6e00191 100644
> --- a/src/svc_dg.c
> +++ b/src/svc_dg.c
> @@ -284,7 +284,6 @@ svc_dg_getargs(xprt, xdr_args, args_ptr)
>  {
>  	if (! SVCAUTH_UNWRAP(xprt->xp_auth, &(su_data(xprt)->su_xdrs),
>  			     xdr_args, args_ptr)) {
> -		(void)svc_freeargs(xprt, xdr_args, args_ptr);
>  		return FALSE;
>  	}
>  	return TRUE;
> 

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2013-04-22 12:18 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-04-18 18:48 [PATCH] svc_getargs(): Should not be freeing arg pointers on failures Steve Dickson
2013-04-22 12:18 ` [Libtirpc-devel] " Steve Dickson

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).