This is the mail archive of the libc-hacker@sources.redhat.com mailing list for the glibc project.

Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[PATCH] Fix pmap_rmtcall and clnt_broadcast on 64-bit arches


Hi!

xdr_rmtcall_args first encodes arglen just to allocate space for it,
then outputs the actual arguments and once they are output, XDR_SETPOS
to the location of argument length and outputs the newly computed
arglen.
The problem is that cap->arglen is usually uninitialized value
(it makes no sense to initialize it, as xdr_rmtcall_args is
supposed to set it and on 32-bit arches doesn't rely on its
previous value).
But on 64-bit, if the unitialized cap->arglen happens to have
any of the upper 32 bits set, xdr_u_long will fail.

Fixed thusly:

2005-04-04  Jakub Jelinek  <jakub@redhat.com>

	* sunrpc/pmap_rmt.c (xdr_rmtcall_args): Use a dummy arglen instead
	of trying to encode uninitialized arglen.

--- libc/sunrpc/pmap_rmt.c.jj	2004-10-01 12:05:01.000000000 +0200
+++ libc/sunrpc/pmap_rmt.c	2005-04-04 08:39:19.000000000 +0200
@@ -125,8 +125,9 @@ xdr_rmtcall_args (XDR *xdrs, struct rmtc
       INTUSE(xdr_u_long) (xdrs, &(cap->vers)) &&
       INTUSE(xdr_u_long) (xdrs, &(cap->proc)))
     {
+      u_long dummy_arglen = 0;
       lenposition = XDR_GETPOS (xdrs);
-      if (!INTUSE(xdr_u_long) (xdrs, &(cap->arglen)))
+      if (!INTUSE(xdr_u_long) (xdrs, &dummy_arglen))
 	return FALSE;
       argposition = XDR_GETPOS (xdrs);
       if (!(*(cap->xdr_args)) (xdrs, cap->args_ptr))

	Jakub


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]