summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/rpc/ChangeLog7
-rw-r--r--src/lib/rpc/svc.c20
2 files changed, 21 insertions, 6 deletions
diff --git a/src/lib/rpc/ChangeLog b/src/lib/rpc/ChangeLog
index f58e800985..1e90d7fdaa 100644
--- a/src/lib/rpc/ChangeLog
+++ b/src/lib/rpc/ChangeLog
@@ -1,3 +1,10 @@
+2004-08-17 Tom Yu <tlyu@mit.edu>
+
+ * svc.c (svc_getreqset): Allocate cred and verf memory to
+ temporary pointers, and free the temporary pointers on exit.
+ Freeing the actual cred and verf pointers can cause corruption
+ because auth mechanisms can reassign the pointers.
+
2004-08-16 Tom Yu <tlyu@mit.edu>
* svc_auth_gss.c (gssrpc__svcauth_gss): Add some debug messages.
diff --git a/src/lib/rpc/svc.c b/src/lib/rpc/svc.c
index e7f3243cfa..ac69df48f1 100644
--- a/src/lib/rpc/svc.c
+++ b/src/lib/rpc/svc.c
@@ -420,10 +420,18 @@ svc_getreqset(readfds)
register SVCXPRT *xprt;
register int sock;
bool_t no_dispatch;
+ caddr_t rawcred, rawverf, cookedcred;
- msg.rm_call.cb_cred.oa_base = mem_alloc(MAX_AUTH_BYTES);
- msg.rm_call.cb_verf.oa_base = mem_alloc(MAX_AUTH_BYTES);
- r.rq_clntcred = mem_alloc(RQCRED_SIZE);
+ rawcred = mem_alloc(MAX_AUTH_BYTES);
+ rawverf = mem_alloc(MAX_AUTH_BYTES);
+ cookedcred = mem_alloc(RQCRED_SIZE);
+
+ if (rawcred == NULL || rawverf == NULL || cookedcred == NULL)
+ return;
+
+ msg.rm_call.cb_cred.oa_base = rawcred;
+ msg.rm_call.cb_verf.oa_base = rawverf;
+ r.rq_clntcred = cookedcred;
#ifdef FD_SETSIZE
for (sock = 0; sock <= max_xport; sock++) {
@@ -497,7 +505,7 @@ svc_getreqset(readfds)
} while (stat == XPRT_MOREREQS);
}
}
- mem_free(msg.rm_call.cb_cred.oa_base, MAX_AUTH_BYTES);
- mem_free(msg.rm_call.cb_verf.oa_base, MAX_AUTH_BYTES);
- mem_free(r.rq_clntcred, RQCRED_SIZE);
+ mem_free(rawcred, MAX_AUTH_BYTES);
+ mem_free(rawverf, MAX_AUTH_BYTES);
+ mem_free(cookedcred, RQCRED_SIZE);
}
generated by cgit (git 2.34.1) at 2024-09-30 18:19:38 +0000