reported by cppcheck.
dup_ncp() tries to allocate a buffer of MAXNETCONFIGLINE
as tmp, which is then assigned to p->nc_netid via strcpy,
so the free(p->nc_netid) would have correctly released
the memory in case nc_lookups() fails, therefore, the
allerged leak never existed.
MFC after: 3 days
In r300388, endnetconfig() was called on nc_handle which would release
the associated netconfig structure, which means tmpnconf->nc_netid
would be a use-after-free.
Solve this by doing endnetconfig() in return paths instead.
Reported by: jemalloc via kevlo
Reviewed by: cem, ngie (earlier version)
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D11288
Accomplish this by allocating space for it in __svc_xports and allowing
it to be registered. The failure to allocate space was causing an
out-of-bounds read in svc_getreq_common(). The failure to register
caused PR 211804.
The bug was found with CHERI bounds checking.
PR: 211804
Obtained from: CheriBSD
Sponsored by: DARPA, AFRL
Reviewed by: ngie
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D10528
reallocarray(3) is a non portable extension that originated in OpenBSD.
Given that it is already in FreeBSD's libc it is useful for the cases
where reallocation involves a multiplication.
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D9955
Uses of commas instead of a semicolons can easily go undetected. The comma
can serve as a statement separator but this shouldn't be abused when
statements are meant to be standalone.
Detected with devel/coccinelle following a hint from DragonFlyBSD.
MFC after: 1 month
This fixes the build when DESTDIR may be blank or not yet populated.
It also fixes reproducibility.
Submitted by: brooks
Approved by: re (gjb)
Differential Revision: https://reviews.freebsd.org/D6455
xdr_rpcproc, xdr_rpcprog and xdr_rpcvers were broken in older
versions of FreeBSD but fixed in r296394. Give them some use
hoping they help make the code somewhat more readable.
xdr_rpcprog and xdr_rpcvers were broken in older versions of FreeBSD
but were fixed in r296394. Give them some use hoping they help make
the code somewhat more readable.
I accidentally glossed over the fact that tmp is manipulated via strchr, so
if we tried to free `tmp` after r300385, it would have crashed.
Create a separate pointer (tmp2) to track the original allocation of `tmp`,
and free `tmp2` if `p->nc_lookups` can't be malloced
MFC after: 4 days
X-MFC with: r300385
Reported by: Coverity
CID: 1356026
Sponsored by: EMC / Isilon Storage Division
The previous code overwrote outbuf_pmap's memory with malloc once per
loop iteration, which leaked its memory; use reallocf instead to ensure
that memory is properly free'd each loop iteration.
Add a outbuf_pmap = NULL in the failure case to avoid a double-free
at the bottom of the function.
Differential Revision: https://reviews.freebsd.org/D6495
MFC after: 1 week
Reported by: Coverity
CID: 1038776
Reviewed by: markj, pfgj
Sponsored by: EMC / Isilon Storage Division
If the buffer couldn't be adequately resized to accomodate an additional "\n",
it would leak resultbuf by breaking from the loop early
MFC after: 2 weeks
Reported by: Coverity
CID: 1016702
Sponsored by: EMC / Isilon Storage Division
was NULL
This would theoretically happen if the netconfig protocol family and protocol
semantics were never matched.
MFC after: 2 weeks
Reported by: Coverity
CID: 978179
Sponsored by: EMC / Isilon Storage Division
This mutes a false positive with cppcheck, but also helps eliminate future
potential issues with this variable
MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
According to style(9):
> normally, include <sys/types.h> OR <sys/param.h>, but not both.
(<sys/param.h> already includes <sys/types.h> when LOCORE is not defined).
While here also cleanup some surrounding code; particularly
drop some malloc() casts.
Found with devel/coccinelle.
Reviewed by: bde (previous version - all new bugs are mine)
Avoid casting gymnastics that lead to pointer aliasing by introducing an
inline function as done in NetBSD (but without #if0'd WIP code).
Obtained from: NetBSD (CVS Rev. 1.24, 1.25)
This fixes the potential NULL pointer dereference properly, and also fixes
memory leaks encountered in the process of iterating through `*rp`.
MFC after: 1 week
Found by: Valgrind
Reported by: Dan Roberts <dan.roberts@isilon.com>
Submitted by: Miles Ohlrich <miles.ohlrich@isilon.com>
Sponsored by: EMC / Isilon Storage Division
__rpcbind_is_up(..) if getnetconfig(3) is partly successful in allocating
resources, but not completely successful by moving the endnetconfig(3) call
up before we return from the function if nconf == NULL.
MFC after: 1 week
Reported by: Coverity
Submitted by: Miles Ohlrich <miles.ohlrich@isilon.com>
Sponsored by: EMC / Isilon Storage Division
In the event that the getconfig(3) call in svcunix_create is partly successful,
some of the netconfig(3) resources allocated might be leaked if the call returns
NULL as endnetconfig(3) wasn't called explicitly in that case. Ensure that the
resources are fully cleaned up by going to the `done` label, which will call
endnetconfig(3) for us.
MFC after: 1 week
Reported by: Coverity
Submitted by: Miles Ohlrich <miles.ohlrich@isilon.com>
Sponsored by: EMC / Isilon Storage Division
When accepting a connection on underlying tcp socket rpc vc
transporter fails to populate local address. This change rectifies
this problem by modifying rendezvous_request() to fill out the xptr
structure member with appropriate information.
Submitted by: Alex Burlyga <alex.burlyga.ietf@gmail.com>
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D4206
These were found by gcc 5.0 on Dragonfly BSD, however I
made no attempt to silence the false positives.
Obtained from: DragonFly (cf515c3a6f3a8964ad592e524442bc628f8ed63b)
if not already defined. This allows building libc from outside of
lib/libc using a reach-over makefile.
A typical use-case is to build a standard ILP32 version and a COMPAT32
version in a single iteration by building the COMPAT32 version using a
reach-over makefile.
Obtained from: Juniper Networks, Inc.