Re: [Libtirpc-devel] Missing NULL check in __nc_error()

[Susant Sahani <ssahani@redhat.com>]

[-- Attachment #1: Type: text/plain, Size: 1744 bytes --]

Hi Steve,
      In the file: getnetconfig.c __nc_error() does not check return 
value from malloc() and can pass NULL pointer to thr_setspecific() which 
can lead to crash. Attached fix.

Thanks,
Susant

On 11/16/2013 02:45 AM, Susant Sahani wrote:
> Yes was reading out the code. Could be because of out of memory also .
>
> On 11/16/2013 02:15 AM, Chuck Lever wrote:
>> Hi-
>>
>> On Nov 15, 2013, at 3:30 PM, Susant Sahani <ssahani@redhat.com> wrote:
>>
>>> Hi,
>>>
>>> __nc_error() does not check return value from malloc() can lead to crash .
>> Curious.  Did you see an actual NULL return from malloc(), or did you notice this via code inspection?  A NULL return is rare and usually indicates a deeper problem.
>>
>>>      trying get familiar with with patch submission
>> Start here for details on formatting your submission, and legal requirements:
>>
>>     https://www.kernel.org/doc/Documentation/SubmittingPatches
>>
>> Send patches to Steve Dickson <steved@redhat.com>, and cc this mailing list.
>>
>> Thanks.
>>
>> --
>> Chuck Lever
>> chucklever[at]gmail[dot]com
>>
>>
>>
> Thanks,
> Susant
>
> ------------------------------------------------------------------------------
> DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
> OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
> Free app hosting. Or install the open source package on any LAMP server.
> Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
> http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk
> _______________________________________________
> Libtirpc-devel mailing list
> Libtirpc-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/libtirpc-devel


[-- Attachment #2: 0001-__nc_error-does-not-check-return-value-from-malloc.patch --]
[-- Type: text/x-patch, Size: 835 bytes --]

>From 72d43756f09599da9d0907c9f62c6a8e1e0cb261 Mon Sep 17 00:00:00 2001
From: Susant Sahani <ssahani@redhat.com>
Date: Tue, 19 Nov 2013 08:40:00 +0530
Subject: [PATCH] __nc_error() does not check return value from malloc

Signed-off-by: Susant Sahani <ssahani@redhat.com>
---
 src/getnetconfig.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/getnetconfig.c b/src/getnetconfig.c
index af4a484..2460a6e 100644
--- a/src/getnetconfig.c
+++ b/src/getnetconfig.c
@@ -146,7 +146,8 @@ __nc_error()
 			return (&nc_error);
 	}
 	if ((nc_addr = (int *)thr_getspecific(nc_key)) == NULL) {
-		nc_addr = (int *)malloc(sizeof (int));
+		if((nc_addr = (int *)malloc(sizeof (int))) == NULL)
+			return (&nc_error);
 		if (thr_setspecific(nc_key, (void *) nc_addr) != 0) {
 			if (nc_addr)
 				free(nc_addr);
-- 
1.8.4.2