From 2865ae0149bc210aa79d18413d68b948d97cedc2 Mon Sep 17 00:00:00 2001
From: mjacob <mjacob@FreeBSD.org>
Date: Sat, 16 Jun 2007 05:42:26 +0000
Subject: [PATCH] Check for a NULL return from rpcclnt_buildheader- it can fail
 if the passed in auth_type is unacceptable to rpcauth_buildheader- this
 avoids a null pointer panic. Clean up allocations if this happens. This also
 quiets a gcc 4.2 complaint about ussing mheadend without it being
 initialized.

Reviewed by:	alfred
---
 sys/rpc/rpcclnt.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/sys/rpc/rpcclnt.c b/sys/rpc/rpcclnt.c
index d666e1b4f3a8..256929fbefb4 100644
--- a/sys/rpc/rpcclnt.c
+++ b/sys/rpc/rpcclnt.c
@@ -1180,6 +1180,18 @@ rpcclnt_request(rpc, mrest, procnum, td, cred, reply)
 
 	m = rpcclnt_buildheader(rpc, procnum, mrest, mrest_len, &xid, &mheadend,
 	    cred);
+	/*
+	 * This can happen if the auth_type is neither UNIX or NULL
+	 */
+	if (m == NULL) {
+#ifdef __OpenBSD__
+		pool_put(&rpctask_pool, task);
+#else
+		FREE(task, M_RPC);
+#endif
+		error = EPROTONOSUPPORT;
+		goto rpcmout;
+	}
 
 	/*
 	 * For stream protocols, insert a Sun RPC Record Mark.
@@ -1867,6 +1879,7 @@ rpcclnt_buildheader(rc, procid, mrest, mrest_len, xidp, mheadend, cred)
 	*tl++ = txdr_unsigned(procid);
 
 	if ((error = rpcauth_buildheader(rc->rc_auth, cred, &mb, &bpos))) {
+		m_freem(mreq);
 		RPCDEBUG("rpcauth_buildheader failed %d", error);
 		return NULL;
 	}