Subject: bin/10487: rpcbind crashes on pmax
To: None <>
From: None <>
List: netbsd-bugs
Date: 06/30/2000 07:53:14
>Number:         10487
>Category:       bin
>Synopsis:       rpcbind crashes on  pmax
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Jun 30 07:54:00 PDT 2000
>Originator:     Christian Riede
>Release:        1.5_ALPHA
Akaflieg Karlsruhe e.V.
chr@akfv1(~)$ uname -a
NetBSD akfv1 1.5_ALPHA NetBSD 1.5_ALPHA (AKAFLIEG) #3: Sun Jul 11 17:22:09 CET 1976     chr@akfds2:/usr/src/sys/arch/pmax/compile/AKAFLIEG pmax

rpcbind crashes with SIGSEV in:
rpcb_svc_com.c: unmodified, readonly: line 451 of 1458
because of a null pointer in cap->rmt_uaddr used as first argument to sscanf().

Run rpcbind and wait. Possibly an old DECSystem 5500 under Ultrix 4.3 
in the same subnet using the NetBSD system as nis and nfs server 
could cause the problem:

chr@akfds3(~)$ uname -a
ULTRIX akfds3 4.3 1 RISC unknown

Coredump of rpcbind can be provided O/R

root@akfds1(/usr/src/usr.sbin/rpcbind)# cvs diff rpcb_svc_com.c
Index: rpcb_svc_com.c
RCS file: /cvsroot/basesrc/usr.sbin/rpcbind/rpcb_svc_com.c,v
retrieving revision
diff -r1.1.2.1 rpcb_svc_com.c
<               if (sscanf(cap->rmt_uaddr, "%d.%d.%d.%d.%d.%d",
<                       &h1, &h2, &h3, &h4, &p1, &p2) != 6)
> /* C.R. Bugfix: check for NULL pointer cap->rmt_uaddr */
>               if ((!cap->rmt_uaddr ||
>                       sscanf(cap->rmt_uaddr, "%d.%d.%d.%d.%d.%d",
>                       &h1, &h2, &h3, &h4, &p1, &p2) != 6))