File sunrpc-xdr-memory.patch of Package glibc.6721
Index: glibc-2.22/sunrpc/xdr.c
===================================================================
--- glibc-2.22.orig/sunrpc/xdr.c
+++ glibc-2.22/sunrpc/xdr.c
@@ -598,6 +598,7 @@ xdr_bytes (xdrs, cpp, sizep, maxsize)
{
char *sp = *cpp; /* sp is the actual string pointer */
u_int nodesize;
+ bool_t allocated = FALSE;
/*
* first deal with the length since xdr bytes are counted
@@ -625,13 +626,23 @@ xdr_bytes (xdrs, cpp, sizep, maxsize)
if (sp == NULL)
{
*cpp = sp = (char *) mem_alloc (nodesize);
+ allocated = TRUE;
}
if (sp == NULL)
{
(void) __fxprintf (NULL, "%s: %s", __func__, _("out of memory\n"));
return FALSE;
}
- /* fall into ... */
+ if (!xdr_opaque (xdrs, sp, nodesize))
+ {
+ if (allocated)
+ {
+ mem_free (sp, nodesize);
+ *cpp = NULL;
+ }
+ return FALSE;
+ }
+ return TRUE;
case XDR_ENCODE:
return xdr_opaque (xdrs, sp, nodesize);
@@ -743,6 +754,7 @@ xdr_string (xdrs, cpp, maxsize)
never actually gets used without being initialized. */
u_int size = 0;
u_int nodesize;
+ bool_t allocated = FALSE;
/*
* first deal with the length since xdr strings are counted-strings
@@ -787,14 +799,26 @@ xdr_string (xdrs, cpp, maxsize)
{
case XDR_DECODE:
if (sp == NULL)
- *cpp = sp = (char *) mem_alloc (nodesize);
+ {
+ *cpp = sp = (char *) mem_alloc (nodesize);
+ allocated = TRUE;
+ }
if (sp == NULL)
{
(void) __fxprintf (NULL, "%s: %s", __func__, _("out of memory\n"));
return FALSE;
}
sp[size] = 0;
- /* fall into ... */
+ if (!xdr_opaque (xdrs, sp, size))
+ {
+ if (allocated)
+ {
+ mem_free (sp, nodesize);
+ *cpp = NULL;
+ }
+ return FALSE;
+ }
+ return TRUE;
case XDR_ENCODE:
return xdr_opaque (xdrs, sp, size);
Index: glibc-2.22/sunrpc/xdr_array.c
===================================================================
--- glibc-2.22.orig/sunrpc/xdr_array.c
+++ glibc-2.22/sunrpc/xdr_array.c
@@ -65,6 +65,7 @@ xdr_array (xdrs, addrp, sizep, maxsize,
caddr_t target = *addrp;
u_int c; /* the actual element count */
bool_t stat = TRUE;
+ bool_t allocated = FALSE;
/* like strings, arrays are really counted arrays */
if (!xdr_u_int (xdrs, sizep))
@@ -92,6 +93,7 @@ xdr_array (xdrs, addrp, sizep, maxsize,
if (c == 0)
return TRUE;
*addrp = target = calloc (c, elsize);
+ allocated = TRUE;
if (target == NULL)
{
(void) __fxprintf (NULL, "%s: %s", __func__, _("out of memory\n"));
@@ -117,7 +119,7 @@ xdr_array (xdrs, addrp, sizep, maxsize,
/*
* the array may need freeing
*/
- if (xdrs->x_op == XDR_FREE)
+ if (xdrs->x_op == XDR_FREE || (xdrs->x_op == XDR_DECODE && !stat && allocated))
{
mem_free (*addrp, c * elsize);
*addrp = NULL;
Index: glibc-2.22/sunrpc/xdr_ref.c
===================================================================
--- glibc-2.22.orig/sunrpc/xdr_ref.c
+++ glibc-2.22/sunrpc/xdr_ref.c
@@ -62,6 +62,7 @@ xdr_reference (xdrs, pp, size, proc)
{
caddr_t loc = *pp;
bool_t stat;
+ bool_t allocated = FALSE;
if (loc == NULL)
switch (xdrs->x_op)
@@ -71,6 +72,7 @@ xdr_reference (xdrs, pp, size, proc)
case XDR_DECODE:
*pp = loc = (caddr_t) calloc (1, size);
+ allocated = TRUE;
if (loc == NULL)
{
(void) __fxprintf (NULL, "%s: %s", __func__, _("out of memory\n"));
@@ -83,7 +85,7 @@ xdr_reference (xdrs, pp, size, proc)
stat = (*proc) (xdrs, loc, LASTUNSIGNED);
- if (xdrs->x_op == XDR_FREE)
+ if (xdrs->x_op == XDR_FREE || (xdrs->x_op == XDR_DECODE && !stat && allocated))
{
mem_free (loc, size);
*pp = NULL;
