NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
RE: lib/47617: Memory and socket leak in librpc
The following reply was made to PR lib/47617; it has been noted by GNATS.
From: Thorsten Brehm <tbrehm%dspace.de@localhost>
To: "gnats-bugs%NetBSD.org@localhost" <gnats-bugs%NetBSD.org@localhost>
Cc:
Subject: RE: lib/47617: Memory and socket leak in librpc
Date: Mon, 4 Mar 2013 15:31:49 +0000
Ah, sorry, my inferior mail client is messing things up again. It should ha=
ve been a plain-text attachment... ;-)
Hopefully this works out ok:
diff -ru original/include/rpc/svc.h src/include/rpc/svc.h
--- original/include/rpc/svc.h Tue Aug 30 20:06:20 2011
+++ src/include/rpc/svc.h Mon Mar 4 12:05:13 2013
@@ -221,7 +221,7 @@
* SVCXPRT *xprt;
*/
__BEGIN_DECLS
-extern void xprt_register (SVCXPRT *);
+extern bool_t xprt_register (SVCXPRT *);
__END_DECLS
=20
/*
diff -ru original/lib/libc/rpc/rpc_soc.3 src/lib/libc/rpc/rpc_soc.3
--- original/lib/libc/rpc/rpc_soc.3 Sun Jan 11 03:46:30 2009
+++ src/lib/libc/rpc/rpc_soc.3 Mon Mar 4 12:24:34 2013
@@ -221,7 +221,7 @@
.Fn xdr_rejected_reply "XDR *xdrs" "struct rejected_reply *rr"
.Ft int
.Fn xdr_replymsg "XDR *xdrs" "struct rpc_msg *rmsg"
-.Ft void
+.Ft bool_t
.Fn xprt_register "SVCXPRT *xprt"
.Ft void
.Fn xprt_unregister "SVCXPRT *xprt"
diff -ru original/lib/libc/rpc/rpc_svc_reg.3 src/lib/libc/rpc/rpc_svc_reg.3
--- original/lib/libc/rpc/rpc_svc_reg.3 Wed Mar 11 14:36:02 2009
+++ src/lib/libc/rpc/rpc_svc_reg.3 Mon Mar 4 12:26:12 2013
@@ -27,7 +27,7 @@
.Fn svc_unreg "const rpcprog_t prognum" "const rpcvers_t versnum"
.Ft int
.Fn svc_auth_reg "const int cred_flavor" "const enum auth_stat (*handler(s=
truct svc_req *, struct rpc_msg *))"
-.Ft void
+.Ft bool_t
.Fn xprt_register "const SVCXPRT *xprt"
.Ft void
.Fn xprt_unregister "const SVCXPRT *xprt"
diff -ru original/lib/libc/rpc/svc.c src/lib/libc/rpc/svc.c
--- original/lib/libc/rpc/svc.c Tue Mar 20 18:14:50 2012
+++ src/lib/libc/rpc/svc.c Mon Mar 4 14:46:52 2013
@@ -125,7 +125,7 @@
/*
* Activate a transport handle.
*/
-void
+bool_t
xprt_register(SVCXPRT *xprt)
{
int sock;
@@ -143,13 +143,20 @@
}
memset(__svc_xports, '\0', FD_SETSIZE * sizeof(SVCXPRT *));
}
- if (sock < FD_SETSIZE) {
- __svc_xports[sock] =3D xprt;
- FD_SET(sock, &svc_fdset);
- svc_maxfd =3D max(svc_maxfd, sock);
+ if (sock >=3D FD_SETSIZE)
+ {
+ warnx("xprt_register: socket descriptor out of bounds");
+ goto out;
}
+ __svc_xports[sock] =3D xprt;
+ FD_SET(sock, &svc_fdset);
+ svc_maxfd =3D max(svc_maxfd, sock);
+ rwlock_unlock(&svc_fd_lock);
+ return (TRUE);
+
out:
rwlock_unlock(&svc_fd_lock);
+ return (FALSE);
}
=20
void
diff -ru original/lib/libc/rpc/svc_dg.c src/lib/libc/rpc/svc_dg.c
--- original/lib/libc/rpc/svc_dg.c Tue Mar 20 18:14:50 2012
+++ src/lib/libc/rpc/svc_dg.c Mon Mar 4 14:15:24 2013
@@ -128,15 +128,15 @@
=20
xprt =3D mem_alloc(sizeof (SVCXPRT));
if (xprt =3D=3D NULL)
- goto freedata;
+ goto outofmem;
memset(xprt, 0, sizeof (SVCXPRT));
=20
su =3D mem_alloc(sizeof (*su));
if (su =3D=3D NULL)
- goto freedata;
+ goto outofmem;
su->su_iosz =3D ((MAX(sendsize, recvsize) + 3) / 4) * 4;
if ((rpc_buffer(xprt) =3D malloc(su->su_iosz)) =3D=3D NULL)
- goto freedata;
+ goto outofmem;
_DIAGASSERT(__type_fit(u_int, su->su_iosz));
xdrmem_create(&(su->su_xdrs), rpc_buffer(xprt), (u_int)su->su_iosz,
XDR_DECODE);
@@ -149,16 +149,19 @@
=20
slen =3D sizeof ss;
if (getsockname(fd, (struct sockaddr *)(void *)&ss, &slen) < 0)
- goto freedata;
+ goto outofmem;
xprt->xp_ltaddr.buf =3D mem_alloc(sizeof (struct sockaddr_storage));
xprt->xp_ltaddr.maxlen =3D sizeof (struct sockaddr_storage);
xprt->xp_ltaddr.len =3D slen;
memcpy(xprt->xp_ltaddr.buf, &ss, slen);
=20
- xprt_register(xprt);
+ if (!xprt_register(xprt))
+ goto freedata;
return (xprt);
-freedata:
+
+outofmem:
(void) warnx(svc_dg_str, __no_mem_str);
+freedata:
if (xprt) {
if (su)
(void) mem_free(su, sizeof (*su));
diff -ru original/lib/libc/rpc/svc_raw.c src/lib/libc/rpc/svc_raw.c
--- original/lib/libc/rpc/svc_raw.c Tue Mar 20 18:14:50 2012
+++ src/lib/libc/rpc/svc_raw.c Mon Mar 4 12:21:49 2013
@@ -117,7 +117,8 @@
svc_raw_ops(&srp->server);
srp->server.xp_verf.oa_base =3D srp->verf_body;
xdrmem_create(&srp->xdr_stream, srp->raw_buf, UDPMSGSIZE, XDR_DECODE);
- xprt_register(&srp->server);
+ if (!xprt_register(&srp->server))
+ goto out;
mutex_unlock(&svcraw_lock);
return (&srp->server);
out:
diff -ru original/lib/libc/rpc/svc_vc.c src/lib/libc/rpc/svc_vc.c
--- original/lib/libc/rpc/svc_vc.c Tue Feb 26 21:55:26 2013
+++ src/lib/libc/rpc/svc_vc.c Mon Mar 4 14:16:50 2013
@@ -188,7 +188,8 @@
memcpy(xprt->xp_ltaddr.buf, &sslocal, (size_t)sslocal.ss_len);
=20
xprt->xp_rtaddr.maxlen =3D sizeof (struct sockaddr_storage);
- xprt_register(xprt);
+ if (!xprt_register(xprt))
+ goto cleanup_svc_vc_create;
return xprt;
cleanup_svc_vc_create:
if (xprt)
@@ -268,11 +269,11 @@
=20
xprt =3D mem_alloc(sizeof(SVCXPRT));
if (xprt =3D=3D NULL)
- goto out;
+ goto outofmem;
memset(xprt, 0, sizeof *xprt);
cd =3D mem_alloc(sizeof(struct cf_conn));
if (cd =3D=3D NULL)
- goto out;
+ goto outofmem;
cd->strm_stat =3D XPRT_IDLE;
xdrrec_create(&(cd->xdrs), sendsize, recvsize,
(caddr_t)(void *)xprt, read_vc, write_vc);
@@ -283,12 +284,15 @@
xprt->xp_fd =3D fd;
if (__rpc_fd2sockinfo(fd, &si) && __rpc_sockinfo2netid(&si, &netid))
if ((xprt->xp_netid =3D strdup(netid)) =3D=3D NULL)
- goto out;
+ goto outofmem;
=20
- xprt_register(xprt);
+ if (!xprt_register(xprt))
+ goto out;
return xprt;
-out:
+
+outofmem:
warn("svc_tcp: makefd_xprt");
+out:
if (xprt)
mem_free(xprt, sizeof(SVCXPRT));
return NULL;
Home |
Main Index |
Thread Index |
Old Index