This is the mail archive of the libc-hacker@sources.redhat.com mailing list for the glibc project.
Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Hi! Recent changes to xdr_rec.c broke make check. The problem is that fix_buf_size must be done before passing those sizes to mem_alloc, otherwise e.g. 4 bytes are allocated, but several kilobytes are counted with. While at it, I've added a few mem_free calls for oom situations, so that sunrpc does not leak memory that much. 2001-08-22 Jakub Jelinek <jakub@redhat.com> * sunrpc/xdr_rec.c (xdrrec_create): Fix buf sizes before allocating buf. Free resources on failure. * sunrpc/svc_unix.c (svcunix_create): Free resources on failure. (makefd_xprt): Likewise. * sunrpc/svc_udp.c (svcudp_bufcreate): Likewise. * sunrpc/svc_tcp.c (svctcp_create, makefd_xprt): Likewise. * sunrpc/auth_unix.c (authunix_create): Likewise. --- libc/sunrpc/xdr_rec.c.jj Mon Aug 20 04:18:32 2001 +++ libc/sunrpc/xdr_rec.c Wed Aug 22 09:21:09 2001 @@ -146,7 +146,11 @@ xdrrec_create (XDR *xdrs, u_int sendsize { RECSTREAM *rstrm = (RECSTREAM *) mem_alloc (sizeof (RECSTREAM)); caddr_t tmp; - char *buf = mem_alloc (sendsize + recvsize + BYTES_PER_XDR_UNIT); + char *buf; + + sendsize = fix_buf_size (sendsize); + recvsize = fix_buf_size (recvsize); + buf = mem_alloc (sendsize + recvsize + BYTES_PER_XDR_UNIT); if (rstrm == NULL || buf == NULL) { @@ -156,6 +160,8 @@ xdrrec_create (XDR *xdrs, u_int sendsize else #endif (void) fputs (_("xdrrec_create: out of memory\n"), stderr); + mem_free (rstrm, sizeof (RECSTREAM)); + mem_free (buf, sendsize + recvsize + BYTES_PER_XDR_UNIT); /* * This is bad. Should rework xdrrec_create to * return a handle, and in this case return NULL @@ -165,8 +171,8 @@ xdrrec_create (XDR *xdrs, u_int sendsize /* * adjust sizes and allocate buffer quad byte aligned */ - rstrm->sendsize = sendsize = fix_buf_size (sendsize); - rstrm->recvsize = recvsize = fix_buf_size (recvsize); + rstrm->sendsize = sendsize; + rstrm->recvsize = recvsize; rstrm->the_buffer = buf; tmp = rstrm->the_buffer; if ((size_t)tmp % BYTES_PER_XDR_UNIT) --- libc/sunrpc/svc_unix.c.jj Mon Aug 20 04:18:30 2001 +++ libc/sunrpc/svc_unix.c Wed Aug 22 09:23:34 2001 @@ -179,6 +179,8 @@ svcunix_create (int sock, u_int sendsize else #endif fputs (_("svcunix_create: out of memory\n"), stderr); + mem_free (r, sizeof (*r)); + mem_free (xprt, sizeof (SVCXPRT)); return NULL; } r->sendsize = sendsize; @@ -221,6 +223,8 @@ makefd_xprt (int fd, u_int sendsize, u_i else #endif (void) fputs (_("svc_unix: makefd_xprt: out of memory\n"), stderr); + mem_free (xprt, sizeof (SVCXPRT)); + mem_free (cd, sizeof (struct unix_conn)); return NULL; } cd->strm_stat = XPRT_IDLE; --- libc/sunrpc/svc_udp.c.jj Wed Aug 22 06:17:20 2001 +++ libc/sunrpc/svc_udp.c Wed Aug 22 09:25:11 2001 @@ -156,6 +156,9 @@ svcudp_bufcreate (sock, sendsz, recvsz) else #endif (void) fputs (_("svcudp_create: out of memory\n"), stderr); + mem_free (xprt, sizeof (SVCXPRT)); + mem_free (su, sizeof (*su)); + mem_free (buf, ((MAX (sendsz, recvsz) + 3) / 4) * 4); return NULL; } su->su_iosz = ((MAX (sendsz, recvsz) + 3) / 4) * 4; --- libc/sunrpc/svc_tcp.c.jj Mon Aug 20 04:18:30 2001 +++ libc/sunrpc/svc_tcp.c Wed Aug 22 09:28:10 2001 @@ -183,6 +183,8 @@ svctcp_create (int sock, u_int sendsize, else #endif (void) fputs (_("svctcp_create: out of memory\n"), stderr); + mem_free (r, sizeof (*r)); + mem_free (xprt, sizeof (SVCXPRT)); return NULL; } r->sendsize = sendsize; @@ -225,6 +227,8 @@ makefd_xprt (int fd, u_int sendsize, u_i else #endif (void) fputs (_("svc_tcp: makefd_xprt: out of memory\n"), stderr); + mem_free (xprt, sizeof (SVCXPRT)); + mem_free (cd, sizeof (struct tcp_conn)); return NULL; } cd->strm_stat = XPRT_IDLE; --- libc/sunrpc/auth_unix.c.jj Mon Aug 20 04:18:29 2001 +++ libc/sunrpc/auth_unix.c Wed Aug 22 09:35:15 2001 @@ -108,6 +108,7 @@ authunix_create (char *machname, uid_t u au = (struct audata *) mem_alloc (sizeof (*au)); if (auth == NULL || au == NULL) { +no_memory: #ifdef USE_IN_LIBIO if (_IO_fwide (stderr, 0) > 0) (void) __fwprintf (stderr, L"%s", @@ -115,6 +116,8 @@ authunix_create (char *machname, uid_t u else #endif (void) fputs (_("authunix_create: out of memory\n"), stderr); + mem_free (auth, sizeof (*auth)); + mem_free (au, sizeof (*au)); return NULL; } auth->ah_ops = &auth_unix_ops; @@ -143,16 +146,7 @@ authunix_create (char *machname, uid_t u au->au_origcred.oa_flavor = AUTH_UNIX; au->au_origcred.oa_base = mem_alloc ((u_int) len); if (au->au_origcred.oa_base == NULL) - { -#ifdef USE_IN_LIBIO - if (_IO_fwide (stderr, 0) > 0) - (void) __fwprintf (stderr, L"%s", - _("authunix_create: out of memory\n")); - else -#endif - (void) fputs (_("authunix_create: out of memory\n"), stderr); - return NULL; - } + goto no_memory; memcpy(au->au_origcred.oa_base, mymem, (u_int) len); /* Jakub
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |