On 18/04/13 14:48, Steve Dickson wrote: > commit 82cc2e61 (SVCAUTH_WRAP/SVCAUTH_UNWRAP) introduce a regression > that causes callers of svc_getargs() to crash when svc_freeargs() frees > args points that are allocated on the stack. > > svc_getargs() should let the callers do the freeing and not make any > assumptions on the type of memory passed in. > > Also see: > https://bugzilla.redhat.com/show_bug.cgi?id=948378 > and > CVE-2013-1950 EMBARGOED rpcbind: invalid pointer free leads to crash > > Signed-off-by: Steve Dickson <steved@xxxxxxxxxx> Committed... steved. > --- > src/svc_dg.c | 1 - > 1 file changed, 1 deletion(-) > > diff --git a/src/svc_dg.c b/src/svc_dg.c > index b1ac462..6e00191 100644 > --- a/src/svc_dg.c > +++ b/src/svc_dg.c > @@ -284,7 +284,6 @@ svc_dg_getargs(xprt, xdr_args, args_ptr) > { > if (! SVCAUTH_UNWRAP(xprt->xp_auth, &(su_data(xprt)->su_xdrs), > xdr_args, args_ptr)) { > - (void)svc_freeargs(xprt, xdr_args, args_ptr); > return FALSE; > } > return TRUE; > -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
