diff options
author | Jackie Huang <jackie.huang@windriver.com> | 2018-01-10 09:53:06 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-01-14 09:11:57 +0000 |
commit | fcd828a22844649c69e061f8b2a956bf09441c33 (patch) | |
tree | ad38a19fd2c2ae47283e4d9a2266ad157e9b2223 /meta | |
parent | f015edf9feb43ea5aab9aeba0c01062d0245f1f5 (diff) | |
download | poky-fcd828a22844649c69e061f8b2a956bf09441c33.tar.gz |
rpcbind: Stop freeing a static pointer
commit 7ea36ee introduced a svc_freeargs() call
that ended up freeing static pointer.
It turns out the allocations for the rmt_args
is not necessary . The xdr routines (xdr_bytes) will
handle the memory management and the largest
possible message size is UDPMSGSIZE (due to UDP only)
which is smaller than RPC_BUF_MAX
(From OE-Core rev: 1d78875de924d794130c86b27ed516a1df40a59d)
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-extended/rpcbind/rpcbind/rpcbproc_callit_com-Stop-freeing-a-static-pointer.patch | 100 | ||||
-rw-r--r-- | meta/recipes-extended/rpcbind/rpcbind_0.2.4.bb | 1 |
2 files changed, 101 insertions, 0 deletions
diff --git a/meta/recipes-extended/rpcbind/rpcbind/rpcbproc_callit_com-Stop-freeing-a-static-pointer.patch b/meta/recipes-extended/rpcbind/rpcbind/rpcbproc_callit_com-Stop-freeing-a-static-pointer.patch new file mode 100644 index 0000000000..9a000d0285 --- /dev/null +++ b/meta/recipes-extended/rpcbind/rpcbind/rpcbproc_callit_com-Stop-freeing-a-static-pointer.patch | |||
@@ -0,0 +1,100 @@ | |||
1 | From 7c7590ad536c0e24bef790cb1e65702fc54db566 Mon Sep 17 00:00:00 2001 | ||
2 | From: Steve Dickson <steved@redhat.com> | ||
3 | Date: Tue, 30 May 2017 11:27:22 -0400 | ||
4 | Subject: [PATCH] rpcbproc_callit_com: Stop freeing a static pointer | ||
5 | |||
6 | commit 7ea36ee introduced a svc_freeargs() call | ||
7 | that ended up freeing static pointer. | ||
8 | |||
9 | It turns out the allocations for the rmt_args | ||
10 | is not necessary . The xdr routines (xdr_bytes) will | ||
11 | handle the memory management and the largest | ||
12 | possible message size is UDPMSGSIZE (due to UDP only) | ||
13 | which is smaller than RPC_BUF_MAX | ||
14 | |||
15 | Signed-off-by: Steve Dickson <steved@redhat.com> | ||
16 | |||
17 | Upstream-Status: Backport | ||
18 | |||
19 | Signed-off-by: Jackie Huang <jackie.huang@windriver.com> | ||
20 | --- | ||
21 | src/rpcb_svc_com.c | 39 ++++++--------------------------------- | ||
22 | 1 file changed, 6 insertions(+), 33 deletions(-) | ||
23 | |||
24 | diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c | ||
25 | index cb63afd..1fc2229 100644 | ||
26 | --- a/src/rpcb_svc_com.c | ||
27 | +++ b/src/rpcb_svc_com.c | ||
28 | @@ -612,9 +612,9 @@ rpcbproc_callit_com(struct svc_req *rqstp, SVCXPRT *transp, | ||
29 | struct netconfig *nconf; | ||
30 | struct netbuf *caller; | ||
31 | struct r_rmtcall_args a; | ||
32 | - char *buf_alloc = NULL, *outbufp; | ||
33 | + char *outbufp; | ||
34 | char *outbuf_alloc = NULL; | ||
35 | - char buf[RPC_BUF_MAX], outbuf[RPC_BUF_MAX]; | ||
36 | + char outbuf[RPC_BUF_MAX]; | ||
37 | struct netbuf *na = (struct netbuf *) NULL; | ||
38 | struct rpc_msg call_msg; | ||
39 | int outlen; | ||
40 | @@ -635,36 +635,10 @@ rpcbproc_callit_com(struct svc_req *rqstp, SVCXPRT *transp, | ||
41 | } | ||
42 | if (si.si_socktype != SOCK_DGRAM) | ||
43 | return; /* Only datagram type accepted */ | ||
44 | - sendsz = __rpc_get_t_size(si.si_af, si.si_proto, UDPMSGSIZE); | ||
45 | - if (sendsz == 0) { /* data transfer not supported */ | ||
46 | - if (reply_type == RPCBPROC_INDIRECT) | ||
47 | - svcerr_systemerr(transp); | ||
48 | - return; | ||
49 | - } | ||
50 | - /* | ||
51 | - * Should be multiple of 4 for XDR. | ||
52 | - */ | ||
53 | - sendsz = ((sendsz + 3) / 4) * 4; | ||
54 | - if (sendsz > RPC_BUF_MAX) { | ||
55 | -#ifdef notyet | ||
56 | - buf_alloc = alloca(sendsz); /* not in IDR2? */ | ||
57 | -#else | ||
58 | - buf_alloc = malloc(sendsz); | ||
59 | -#endif /* notyet */ | ||
60 | - if (buf_alloc == NULL) { | ||
61 | - if (debugging) | ||
62 | - xlog(LOG_DEBUG, | ||
63 | - "rpcbproc_callit_com: No Memory!\n"); | ||
64 | - if (reply_type == RPCBPROC_INDIRECT) | ||
65 | - svcerr_systemerr(transp); | ||
66 | - return; | ||
67 | - } | ||
68 | - a.rmt_args.args = buf_alloc; | ||
69 | - } else { | ||
70 | - a.rmt_args.args = buf; | ||
71 | - } | ||
72 | + sendsz = UDPMSGSIZE; | ||
73 | |||
74 | call_msg.rm_xid = 0; /* For error checking purposes */ | ||
75 | + memset(&a, 0, sizeof(a)); /* Zero out the input buffer */ | ||
76 | if (!svc_getargs(transp, (xdrproc_t) xdr_rmtcall_args, (char *) &a)) { | ||
77 | if (reply_type == RPCBPROC_INDIRECT) | ||
78 | svcerr_decode(transp); | ||
79 | @@ -704,7 +678,8 @@ rpcbproc_callit_com(struct svc_req *rqstp, SVCXPRT *transp, | ||
80 | if (rbl == (rpcblist_ptr)NULL) { | ||
81 | #ifdef RPCBIND_DEBUG | ||
82 | if (debugging) | ||
83 | - xlog(LOG_DEBUG, "not found\n"); | ||
84 | + xlog(LOG_DEBUG, "prog %lu vers %lu: not found\n", | ||
85 | + a.rmt_prog, a.rmt_vers); | ||
86 | #endif | ||
87 | if (reply_type == RPCBPROC_INDIRECT) | ||
88 | svcerr_noprog(transp); | ||
89 | @@ -937,8 +912,6 @@ out: | ||
90 | } | ||
91 | if (local_uaddr) | ||
92 | free(local_uaddr); | ||
93 | - if (buf_alloc) | ||
94 | - free(buf_alloc); | ||
95 | if (outbuf_alloc) | ||
96 | free(outbuf_alloc); | ||
97 | if (na) { | ||
98 | -- | ||
99 | 2.7.4 | ||
100 | |||
diff --git a/meta/recipes-extended/rpcbind/rpcbind_0.2.4.bb b/meta/recipes-extended/rpcbind/rpcbind_0.2.4.bb index d3eeaf94b6..dcdee6c468 100644 --- a/meta/recipes-extended/rpcbind/rpcbind_0.2.4.bb +++ b/meta/recipes-extended/rpcbind/rpcbind_0.2.4.bb | |||
@@ -17,6 +17,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/rpcbind/rpcbind-${PV}.tar.bz2 \ | |||
17 | file://rpcbind.service \ | 17 | file://rpcbind.service \ |
18 | file://0001-rpcbind-pair-all-svc_getargs-calls-with-svc_freeargs.patch \ | 18 | file://0001-rpcbind-pair-all-svc_getargs-calls-with-svc_freeargs.patch \ |
19 | file://pmapproc_dump-Fixed-typo-in-memory-leak-patch.patch \ | 19 | file://pmapproc_dump-Fixed-typo-in-memory-leak-patch.patch \ |
20 | file://rpcbproc_callit_com-Stop-freeing-a-static-pointer.patch \ | ||
20 | " | 21 | " |
21 | SRC_URI[md5sum] = "cf10cd41ed8228fc54c316191c1f07fe" | 22 | SRC_URI[md5sum] = "cf10cd41ed8228fc54c316191c1f07fe" |
22 | SRC_URI[sha256sum] = "074a9a530dc7c11e0d905aa59bcb0847c009313f02e98d3d798aa9568f414c66" | 23 | SRC_URI[sha256sum] = "074a9a530dc7c11e0d905aa59bcb0847c009313f02e98d3d798aa9568f414c66" |