| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
r300624 which was false positive reported by cppcheck.
Approved by: re (kib)
|
|
|
|
|
|
|
|
|
|
|
|
| |
In r300388, endnetconfig() was called on nc_handle which would release
the associated netconfig structure, which means tmpnconf->nc_netid
would be a use-after-free.
Solve this by doing endnetconfig() in return paths instead.
Reported by: jemalloc via kevlo
Reviewed by: cem, ngie (earlier version)
Approved by: re (kib)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* limit size of buffers to RPC_MAXDATASIZE
* don't leak memory
* be more picky about bad parameters
From:
https://raw.githubusercontent.com/guidovranken/rpcbomb/master/libtirpc_patch.txt
https://github.com/guidovranken/rpcbomb/blob/master/rpcbind_patch.txt
via NetBSD.
Approved by: re (kib)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r317660:
Support clnt_raw's use of FD_SETSIZE as a fake file descriptor.
Accomplish this by allocating space for it in __svc_xports and allowing
it to be registered. The failure to allocate space was causing an
out-of-bounds read in svc_getreq_common(). The failure to register
caused PR 211804.
The bug was found with CHERI bounds checking.
PR: 211804
Obtained from: CheriBSD
Sponsored by: DARPA, AFRL
Reviewed by: ngie
Differential Revision: https://reviews.freebsd.org/D10528
r317710:
Remove expected failure now that it was fixed in r317660.
PR: 211804
Reviewed by: ngie
Obtained from: CheriBSD
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D10576
|
|
|
|
|
|
|
|
| |
libc: provide some bounds-checking through reallocarray(3).
reallocarray(3) is a non portable extension that originated in OpenBSD.
Given that it is already in FreeBSD's libc it is useful for the cases
where reallocation involves a multiplication.
|
|
|
|
|
|
|
|
| |
libc/rpc: replace comma with semicolon when pertinent.
Uses of commas instead of a semicolons can easily go undetected. The comma
can serve as a statement separator but this shouldn't be abused when
statements are meant to be standalone.
|
|
|
|
|
|
|
|
|
| |
This fixes the build when DESTDIR may be blank or not yet populated.
It also fixes reproducibility.
Submitted by: brooks
Approved by: re (gjb)
Differential Revision: https://reviews.freebsd.org/D6455
|
|
|
|
|
|
| |
xdr_rpcproc, xdr_rpcprog and xdr_rpcvers were broken in older
versions of FreeBSD but fixed in r296394. Give them some use
hoping they help make the code somewhat more readable.
|
|
|
|
|
|
| |
xdr_rpcprog and xdr_rpcvers were broken in older versions of FreeBSD
but were fixed in r296394. Give them some use hoping they help make
the code somewhat more readable.
|
|
|
|
| |
Submitted by: Sebastian Huber <sebastian dot huber at embedded-brains dot de>
|
|
|
|
|
|
| |
MFC after: 3 days
Reported by: coccinelle
Sponsored by: EMC / Isilon Storage Division
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I accidentally glossed over the fact that tmp is manipulated via strchr, so
if we tried to free `tmp` after r300385, it would have crashed.
Create a separate pointer (tmp2) to track the original allocation of `tmp`,
and free `tmp2` if `p->nc_lookups` can't be malloced
MFC after: 4 days
X-MFC with: r300385
Reported by: Coverity
CID: 1356026
Sponsored by: EMC / Isilon Storage Division
|
|
|
|
|
|
|
|
|
| |
If reallocf ever failed, outbuf_pmap would already be NULL
MFC after: 1 week
X-MFC with: r300620
Reported by: cem
Sponsored by: EMC / Isilon Storage Division
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The previous code overwrote outbuf_pmap's memory with malloc once per
loop iteration, which leaked its memory; use reallocf instead to ensure
that memory is properly free'd each loop iteration.
Add a outbuf_pmap = NULL in the failure case to avoid a double-free
at the bottom of the function.
Differential Revision: https://reviews.freebsd.org/D6495
MFC after: 1 week
Reported by: Coverity
CID: 1038776
Reviewed by: markj, pfgj
Sponsored by: EMC / Isilon Storage Division
|
|
|
|
|
|
|
|
|
|
| |
If the buffer couldn't be adequately resized to accomodate an additional "\n",
it would leak resultbuf by breaking from the loop early
MFC after: 2 weeks
Reported by: Coverity
CID: 1016702
Sponsored by: EMC / Isilon Storage Division
|
|
|
|
|
|
|
|
|
|
|
|
| |
was NULL
This would theoretically happen if the netconfig protocol family and protocol
semantics were never matched.
MFC after: 2 weeks
Reported by: Coverity
CID: 978179
Sponsored by: EMC / Isilon Storage Division
|
|
|
|
|
|
|
|
| |
This mutes a false positive with cppcheck, but also helps eliminate future
potential issues with this variable
MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
|
|
|
|
|
|
|
|
|
| |
struct xlist object fails
MFC after: 1 week
Reported by: Coverity
CID: 978277
Sponsored by: EMC / Isilon Storage Division
|
|
|
|
|
|
| |
MFC after: 1 week
Reported by: cppcheck
Sponsored by: EMC / Isilon Storage Division
|
|
|
|
| |
Mostly on comments.
|
|
|
|
|
|
| |
According to style(9):
> normally, include <sys/types.h> OR <sys/param.h>, but not both.
(<sys/param.h> already includes <sys/types.h> when LOCORE is not defined).
|
|
|
|
| |
Found with devel/coccinelle.
|
|
|
|
|
|
|
|
|
| |
While here also cleanup some surrounding code; particularly
drop some malloc() casts.
Found with devel/coccinelle.
Reviewed by: bde (previous version - all new bugs are mine)
|
|
|
|
| |
No functional change.
|
|
|
|
|
|
|
| |
Avoid casting gymnastics that lead to pointer aliasing by introducing an
inline function as done in NetBSD (but without #if0'd WIP code).
Obtained from: NetBSD (CVS Rev. 1.24, 1.25)
|
|
|
|
|
|
|
| |
Add const qualifier making getrpcbyname() and getrpcbyname_r()
prototypes match those used in latest Sun RPC code (TI-RPC 2.3).
Obtained from: NetBSD
|
|
|
|
|
|
|
| |
Noted by NetBSD's PR/21014
Obtained from: NetBSD (CVS Rev. 1.24, 1.25)
MFC after: 1 month
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes the potential NULL pointer dereference properly, and also fixes
memory leaks encountered in the process of iterating through `*rp`.
MFC after: 1 week
Found by: Valgrind
Reported by: Dan Roberts <dan.roberts@isilon.com>
Submitted by: Miles Ohlrich <miles.ohlrich@isilon.com>
Sponsored by: EMC / Isilon Storage Division
|
|
|
|
|
|
|
|
|
|
|
| |
__rpcbind_is_up(..) if getnetconfig(3) is partly successful in allocating
resources, but not completely successful by moving the endnetconfig(3) call
up before we return from the function if nconf == NULL.
MFC after: 1 week
Reported by: Coverity
Submitted by: Miles Ohlrich <miles.ohlrich@isilon.com>
Sponsored by: EMC / Isilon Storage Division
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the event that the getconfig(3) call in svcunix_create is partly successful,
some of the netconfig(3) resources allocated might be leaked if the call returns
NULL as endnetconfig(3) wasn't called explicitly in that case. Ensure that the
resources are fully cleaned up by going to the `done` label, which will call
endnetconfig(3) for us.
MFC after: 1 week
Reported by: Coverity
Submitted by: Miles Ohlrich <miles.ohlrich@isilon.com>
Sponsored by: EMC / Isilon Storage Division
|
|
|
|
|
|
|
|
|
|
|
| |
When accepting a connection on underlying tcp socket rpc vc
transporter fails to populate local address. This change rectifies
this problem by modifying rendezvous_request() to fill out the xptr
structure member with appropriate information.
Submitted by: Alex Burlyga <alex.burlyga.ietf@gmail.com>
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D4206
|
|
|
|
|
|
|
| |
already employs this check
MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
|
|
|
|
| |
Eliminates -Wstrict-prototypes warning
|
| |
|
|
|
|
| |
Eliminates gcc 4.9 warnings.
|
|
|
|
| |
Eliminates gcc 4.9 compiler warning.
|
|
|
|
| |
Eliminates gcc 4.9 warnings.
|
|
|
|
| |
Eliminates gcc 4.9 warning.
|
|
|
|
| |
Eliminates gcc 4.9 warnings.
|
| |
|
|
|
|
| |
Eliminates gcc 4.9 warnings.
|
| |
|
|
|
|
|
|
|
| |
These were found by gcc 5.0 on Dragonfly BSD, however I
made no attempt to silence the false positives.
Obtained from: DragonFly (cf515c3a6f3a8964ad592e524442bc628f8ed63b)
|
|
|
|
|
|
|
|
|
| |
Initialize *xprt to avoid exposing a random value
in cleanup_svc_vc_create.
CID: 1018723
Phabric: D1749
Reviewed by: alfred
|
|
|
|
|
| |
CID: 1016703
Reviewed by: alfred
|
| |
|
|
|
|
| |
Sponsored by: DARPA, AFRL
|
|
|
|
|
|
| |
CID: 1007032
Found with: Coverity Prevent(tm)
MFC after: 2 weeks
|
|
|
|
|
|
| |
multiple definitions.
Reported by: sbruno
|
|
|
|
|
|
|
|
|
|
|
| |
if not already defined. This allows building libc from outside of
lib/libc using a reach-over makefile.
A typical use-case is to build a standard ILP32 version and a COMPAT32
version in a single iteration by building the COMPAT32 version using a
reach-over makefile.
Obtained from: Juniper Networks, Inc.
|