Subject: bin/13237: rpcbind dumps core in addrmerge()
To: None <firstname.lastname@example.org>
From: Manuel Bouyer <Manuel.Bouyer@asim.lip6.fr>
Date: 06/18/2001 14:45:54
>Synopsis: rpcbind dumps core in addrmerge()
>Arrival-Date: Mon Jun 18 05:44:00 PDT 2001
>Originator: Manuel Bouyer
LIP6, Universite Paris VI
System: NetBSD asim.lip6.fr 1.5+vlan NetBSD 1.5+vlan (ASIM) #1: Fri Feb 2 17:31:06 MET 2001 email@example.com:/home/NetBSD-1.5+vlan/src/sys/arch/i386/compile/ASIM i386
libc is from 1.5, rpcbind compiled from 1.5.1 sources
This machine is a server which exports some filesystems to linux
and Solaris NFS clients (with nfs locking, as it exports /var/mail). It
has been running happilly for more than 6 months. This week-end rpcbind
started dumping core without apparent reasons. I recompiled rpcbind
from 1.5.1 sources, but this didn't solve the problem.
Looking at the core dump with gdb showed that taddr2uaddr() was called
with an uninitialised tbuf in addrmerge().
I don't know how to reproduce it. I found the uninitialised variable
to be the problem but I can't explain why I've not been hit before
by this. As tbuf is allocated on stack maybe it contains sensible
data in the general case (maybe left from a previous call to
addrmerge() which found the proper interface).
I've other servers with runs the same code on which the problem didn't
show up yet. The difference is that this server isn't on the same
subnet as the clients.
The patch below solves the problem for me, but I'm not sure at all
it's rigth for all cases.
--- util.c.orig Mon Jun 18 14:31:37 2001
+++ util.c Mon Jun 18 12:22:47 2001
@@ -279,6 +279,14 @@
bestif = ifap;
ifap = bestif;
+ /* servsin should have been initialised in the 'case' */
+ newsin = (struct sockaddr_in *)&ss;
+ memcpy(newsin, ifap->ifa_addr,
+ newsin->sin_port = servsin->sin_port;
+ tbuf.len = clnt_sa->sa_len;
+ tbuf.maxlen = sizeof (struct sockaddr_storage);
+ tbuf.buf = newsin;
if (ifap != NULL)
ret = taddr2uaddr(nconf, &tbuf);