Subject: lib/2194: Missing bzero may cause coredumps of RPC programs.
To: None <gnats-bugs@NetBSD.ORG>
From: Anders Magnusson <ragge@my28.sm.luth.se>
List: netbsd-bugs
Date: 03/09/1996 20:26:13
>Number: 2194
>Category: lib
>Synopsis: Missing bzero may cause coredumps of RPC programs.
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: lib-bug-people (Library Bug People)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Mar 9 15:05:01 1996
>Last-Modified:
>Originator: Anders Magnusson
>Organization:
Department of Computer Science at Luleå University.
>Release: -current
>Environment:
System: NetBSD my28 1.1_ALPHA NetBSD 1.1_ALPHA (GENERIC) #2: Fri Jan 12 17:10:22 MET 1996 ragge@my28:/usr/src/sys/arch/sparc/compile/GENERIC sparc
>Description:
In function xprt_register() in lib/libc/rpc/svc.c, line 89,
an array of pointers is malloc'd and later used without
being zeroed first, the result may be that it is containing
garbage.
>How-To-Repeat:
Add a memset(xports, 111, FD_SETSIZE * sizeof(SVCXPRT *));
directly after mem_alloc in svc.c, line 89, recompile ypbind and
it will coredump immediately when started.
>Fix:
May be done in numerous ways, I'm not sure that this is a correct
fix but adding a bzero() after mem_alloc() will work. Diff:
my28:/usr/src/usr.sbin/ypbind >diff -c /usr/src/lib/libc/rpc/svc.c svc.c
--- //usr/src/lib/libc/rpc/svc.c Sat Oct 14 01:51:00 1995
***************
*** 87,93 ****
if (xports == NULL) {
xports = (SVCXPRT **)
mem_alloc(FD_SETSIZE * sizeof(SVCXPRT *));
+ bzero(xports, FD_SETSIZE * sizeof(SVCXPRT *));
}
if (sock < FD_SETSIZE) {
xports[sock] = xprt;
--- 87,92 ----
>Audit-Trail:
>Unformatted: