mirror/glibc
2
0
Fork 0
mirror of git://sourceware.org/git/glibc.git synced 2025-02-17 13:00:43 +08:00
Code Issues Packages Projects Releases Wiki Activity

Use calloc to allocate xports (BZ #17542)

Browse Source 
If xports is NULL in xprt_register we malloc it but if sock >
_rpc_dtablesize() that memory does not get initialised and may in theory
contain any value. Later we make a conditional jump in svc_getreq_common
based on the uninitialised memory and this caused a general protection
fault in rpc.statd on an older version of glibc but this code has not
changed since that version.

Following is the valgrind warning.

==26802== Conditional jump or move depends on uninitialised value(s)
==26802==    at 0x5343A25: svc_getreq_common (in /lib64/libc-2.5.so)
==26802==    by 0x534357B: svc_getreqset (in /lib64/libc-2.5.so)
==26802==    by 0x10DE1F: ??? (in /sbin/rpc.statd)
==26802==    by 0x10D0EF: main (in /sbin/rpc.statd)
==26802==  Uninitialised value was created by a heap allocation
==26802==    at 0x4C2210C: malloc (vg_replace_malloc.c:195)
==26802==    by 0x53438BE: xprt_register (in /lib64/libc-2.5.so)
==26802==    by 0x53450DF: svcudp_bufcreate (in /lib64/libc-2.5.so)
==26802==    by 0x10FE32: ??? (in /sbin/rpc.statd)
==26802==    by 0x10D13E: main (in /sbin/rpc.statd)
This commit is contained in:
Brad Hubbard 2015-03-18 14:51:26 +05:30 committed by Siddhesh Poyarekar
parent f8aeae3473
commit ed6b0fe710
3 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@ -1,3 +1,8 @@
2015-03-18 Brad Hubbard <bhubbard@redhat.com>
[BZ #17542]
* sunrpc/svc.c (xprt_register): Use calloc to allocate xports.
2015-03-17 Alexandre Oliva <aoliva@redhat.com> 2015-03-17 Alexandre Oliva <aoliva@redhat.com>
[BZ #17090] [BZ #17090]

11
NEWS
View File

@ -10,12 +10,11 @@ Version 2.22
* The following bugs are resolved with this release: * The following bugs are resolved with this release:
4719, 13064, 14094, 14841, 14906, 15319, 15467, 15790, 15969, 16351, 4719, 13064, 14094, 14841, 14906, 15319, 15467, 15790, 15969, 16351,
16512, 16560, 16783, 17090, 17269, 17523, 17569, 17588, 17620, 17621, 16512, 16560, 16783, 17269, 17523, 17542, 17569, 17588, 17631, 17711,
17628, 17631, 17711, 17776, 17779, 17792, 17836, 17912, 17916, 17932, 17776, 17779, 17792, 17836, 17912, 17916, 17932, 17944, 17949, 17964,
17944, 17949, 17964, 17965, 17967, 17969, 17978, 17987, 17991, 17996, 17965, 17967, 17969, 17978, 17987, 17991, 17996, 17998, 17999, 18019,
17998, 17999, 18019, 18020, 18029, 18030, 18032, 18036, 18038, 18039, 18020, 18029, 18030, 18032, 18036, 18038, 18039, 18042, 18043, 18046,
18042, 18043, 18046, 18047, 18068, 18080, 18093, 18104, 18110, 18111, 18047, 18068, 18080, 18093, 18104, 18110, 18111.
18128.
* Character encoding and ctype tables were updated to Unicode 7.0.0, using * Character encoding and ctype tables were updated to Unicode 7.0.0, using
new generator scripts contributed by Pravin Satpute and Mike FABIAN (Red new generator scripts contributed by Pravin Satpute and Mike FABIAN (Red

4
sunrpc/svc.c
View File

@ -97,8 +97,8 @@ xprt_register (SVCXPRT *xprt)
if (xports == NULL) if (xports == NULL)
{ {
xports = (SVCXPRT **) malloc (_rpc_dtablesize () * sizeof (SVCXPRT *)); xports = (SVCXPRT **) calloc (_rpc_dtablesize (), sizeof (SVCXPRT *));
if (xports == NULL) /* Don´t add handle */ if (xports == NULL) /* Don't add handle */
return; return;
} }