mirror of
git://sourceware.org/git/glibc.git
synced 2024-11-27 03:41:23 +08:00
ed6b0fe710
If xports is NULL in xprt_register we malloc it but if sock > _rpc_dtablesize() that memory does not get initialised and may in theory contain any value. Later we make a conditional jump in svc_getreq_common based on the uninitialised memory and this caused a general protection fault in rpc.statd on an older version of glibc but this code has not changed since that version. Following is the valgrind warning. ==26802== Conditional jump or move depends on uninitialised value(s) ==26802== at 0x5343A25: svc_getreq_common (in /lib64/libc-2.5.so) ==26802== by 0x534357B: svc_getreqset (in /lib64/libc-2.5.so) ==26802== by 0x10DE1F: ??? (in /sbin/rpc.statd) ==26802== by 0x10D0EF: main (in /sbin/rpc.statd) ==26802== Uninitialised value was created by a heap allocation ==26802== at 0x4C2210C: malloc (vg_replace_malloc.c:195) ==26802== by 0x53438BE: xprt_register (in /lib64/libc-2.5.so) ==26802== by 0x53450DF: svcudp_bufcreate (in /lib64/libc-2.5.so) ==26802== by 0x10FE32: ??? (in /sbin/rpc.statd) ==26802== by 0x10D13E: main (in /sbin/rpc.statd) |
||
---|---|---|
.. | ||
rpc | ||
rpcsvc | ||
auth_des.c | ||
auth_none.c | ||
auth_unix.c | ||
authdes_prot.c | ||
authuxprot.c | ||
bindrsvprt.c | ||
clnt_gen.c | ||
clnt_perr.c | ||
clnt_raw.c | ||
clnt_simp.c | ||
clnt_tcp.c | ||
clnt_udp.c | ||
clnt_unix.c | ||
create_xid.c | ||
des_crypt.c | ||
des_impl.c | ||
des_soft.c | ||
etc.rpc | ||
get_myaddr.c | ||
getrpcbyname_r.c | ||
getrpcbyname.c | ||
getrpcbynumber_r.c | ||
getrpcbynumber.c | ||
getrpcent_r.c | ||
getrpcent.c | ||
getrpcport.c | ||
key_call.c | ||
key_prot.c | ||
Makefile | ||
netname.c | ||
openchild.c | ||
pm_getmaps.c | ||
pm_getport.c | ||
pmap_clnt.c | ||
pmap_prot2.c | ||
pmap_prot.c | ||
pmap_rmt.c | ||
proto.h | ||
publickey.c | ||
rpc_clntout.c | ||
rpc_cmsg.c | ||
rpc_common.c | ||
rpc_cout.c | ||
rpc_dtable.c | ||
rpc_hout.c | ||
rpc_main.c | ||
rpc_parse.c | ||
rpc_parse.h | ||
rpc_prot.c | ||
rpc_sample.c | ||
rpc_scan.c | ||
rpc_scan.h | ||
rpc_svcout.c | ||
rpc_tblout.c | ||
rpc_thread.c | ||
rpc_util.c | ||
rpc_util.h | ||
rpcgen.c | ||
rpcinfo.c | ||
rtime.c | ||
svc_auth.c | ||
svc_authux.c | ||
svc_raw.c | ||
svc_run.c | ||
svc_simple.c | ||
svc_tcp.c | ||
svc_udp.c | ||
svc_unix.c | ||
svc.c | ||
svcauth_des.c | ||
test-rpcent.c | ||
thrsvc.c | ||
tst-getmyaddr.c | ||
tst-xdrmem2.c | ||
tst-xdrmem.c | ||
Versions | ||
xcrypt.c | ||
xdr_array.c | ||
xdr_float.c | ||
xdr_intXX_t.c | ||
xdr_mem.c | ||
xdr_rec.c | ||
xdr_ref.c | ||
xdr_sizeof.c | ||
xdr_stdio.c | ||
xdr.c |