65 lines
		
	
	
	
		
			1.6 KiB
		
	
	
	
		
			Diff
		
	
	
	
	
	
			
		
		
	
	
			65 lines
		
	
	
	
		
			1.6 KiB
		
	
	
	
		
			Diff
		
	
	
	
	
	
| Index: usr.sbin/rpcbind/rpcb_svc_com.c
 | |
| ===================================================================
 | |
| --- usr.sbin/rpcbind/rpcb_svc_com.c	(revision 288019)
 | |
| +++ usr.sbin/rpcbind/rpcb_svc_com.c	(working copy)
 | |
| @@ -47,6 +47,7 @@
 | |
|  #include <rpc/rpc.h>
 | |
|  #include <rpc/rpcb_prot.h>
 | |
|  #include <rpc/svc_dg.h>
 | |
| +#include <assert.h>
 | |
|  #include <netconfig.h>
 | |
|  #include <errno.h>
 | |
|  #include <syslog.h>
 | |
| @@ -1047,19 +1048,31 @@ netbufcmp(struct netbuf *n1, struct netbuf *n2)
 | |
|  	return ((n1->len != n2->len) || memcmp(n1->buf, n2->buf, n1->len));
 | |
|  }
 | |
|  
 | |
| +static bool_t
 | |
| +netbuf_copybuf(struct netbuf *dst, const struct netbuf *src)
 | |
| +{
 | |
| +
 | |
| +	assert(dst->buf == NULL);
 | |
| +
 | |
| +	if ((dst->buf = malloc(src->len)) == NULL)
 | |
| +		return (FALSE);
 | |
| +
 | |
| +	dst->maxlen = dst->len = src->len;
 | |
| +	memcpy(dst->buf, src->buf, src->len);
 | |
| +	return (TRUE);
 | |
| +}
 | |
| +
 | |
|  static struct netbuf *
 | |
|  netbufdup(struct netbuf *ap)
 | |
|  {
 | |
|  	struct netbuf  *np;
 | |
|  
 | |
| -	if ((np = malloc(sizeof(struct netbuf))) == NULL)
 | |
| +	if ((np = calloc(1, sizeof(struct netbuf))) == NULL)
 | |
|  		return (NULL);
 | |
| -	if ((np->buf = malloc(ap->len)) == NULL) {
 | |
| +	if (netbuf_copybuf(np, ap) == FALSE) {
 | |
|  		free(np);
 | |
|  		return (NULL);
 | |
|  	}
 | |
| -	np->maxlen = np->len = ap->len;
 | |
| -	memcpy(np->buf, ap->buf, ap->len);
 | |
|  	return (np);
 | |
|  }
 | |
|  
 | |
| @@ -1067,6 +1080,7 @@ static void
 | |
|  netbuffree(struct netbuf *ap)
 | |
|  {
 | |
|  	free(ap->buf);
 | |
| +	ap->buf = NULL;
 | |
|  	free(ap);
 | |
|  }
 | |
|  
 | |
| @@ -1184,7 +1198,7 @@ xprt_set_caller(SVCXPRT *xprt, struct finfo *fi)
 | |
|  {
 | |
|  	u_int32_t *xidp;
 | |
|  
 | |
| -	*(svc_getrpccaller(xprt)) = *(fi->caller_addr);
 | |
| +	netbuf_copybuf(svc_getrpccaller(xprt), fi->caller_addr);
 | |
|  	xidp = __rpcb_get_dg_xidp(xprt);
 | |
|  	*xidp = fi->caller_xid;
 | |
|  }
 |