mirror of git://sourceware.org/git/glibc.git
ed6b0fe710
If xports is NULL in xprt_register we malloc it but if sock > _rpc_dtablesize() that memory does not get initialised and may in theory contain any value. Later we make a conditional jump in svc_getreq_common based on the uninitialised memory and this caused a general protection fault in rpc.statd on an older version of glibc but this code has not changed since that version. Following is the valgrind warning. ==26802== Conditional jump or move depends on uninitialised value(s) ==26802== at 0x5343A25: svc_getreq_common (in /lib64/libc-2.5.so) ==26802== by 0x534357B: svc_getreqset (in /lib64/libc-2.5.so) ==26802== by 0x10DE1F: ??? (in /sbin/rpc.statd) ==26802== by 0x10D0EF: main (in /sbin/rpc.statd) ==26802== Uninitialised value was created by a heap allocation ==26802== at 0x4C2210C: malloc (vg_replace_malloc.c:195) ==26802== by 0x53438BE: xprt_register (in /lib64/libc-2.5.so) ==26802== by 0x53450DF: svcudp_bufcreate (in /lib64/libc-2.5.so) ==26802== by 0x10FE32: ??? (in /sbin/rpc.statd) ==26802== by 0x10D13E: main (in /sbin/rpc.statd) |
||
|---|---|---|
| .. | ||
| rpc | ||
| rpcsvc | ||
| Makefile | ||
| Versions | ||
| auth_des.c | ||
| auth_none.c | ||
| auth_unix.c | ||
| authdes_prot.c | ||
| authuxprot.c | ||
| bindrsvprt.c | ||
| clnt_gen.c | ||
| clnt_perr.c | ||
| clnt_raw.c | ||
| clnt_simp.c | ||
| clnt_tcp.c | ||
| clnt_udp.c | ||
| clnt_unix.c | ||
| create_xid.c | ||
| des_crypt.c | ||
| des_impl.c | ||
| des_soft.c | ||
| etc.rpc | ||
| get_myaddr.c | ||
| getrpcbyname.c | ||
| getrpcbyname_r.c | ||
| getrpcbynumber.c | ||
| getrpcbynumber_r.c | ||
| getrpcent.c | ||
| getrpcent_r.c | ||
| getrpcport.c | ||
| key_call.c | ||
| key_prot.c | ||
| netname.c | ||
| openchild.c | ||
| pm_getmaps.c | ||
| pm_getport.c | ||
| pmap_clnt.c | ||
| pmap_prot.c | ||
| pmap_prot2.c | ||
| pmap_rmt.c | ||
| proto.h | ||
| publickey.c | ||
| rpc_clntout.c | ||
| rpc_cmsg.c | ||
| rpc_common.c | ||
| rpc_cout.c | ||
| rpc_dtable.c | ||
| rpc_hout.c | ||
| rpc_main.c | ||
| rpc_parse.c | ||
| rpc_parse.h | ||
| rpc_prot.c | ||
| rpc_sample.c | ||
| rpc_scan.c | ||
| rpc_scan.h | ||
| rpc_svcout.c | ||
| rpc_tblout.c | ||
| rpc_thread.c | ||
| rpc_util.c | ||
| rpc_util.h | ||
| rpcgen.c | ||
| rpcinfo.c | ||
| rtime.c | ||
| svc.c | ||
| svc_auth.c | ||
| svc_authux.c | ||
| svc_raw.c | ||
| svc_run.c | ||
| svc_simple.c | ||
| svc_tcp.c | ||
| svc_udp.c | ||
| svc_unix.c | ||
| svcauth_des.c | ||
| test-rpcent.c | ||
| thrsvc.c | ||
| tst-getmyaddr.c | ||
| tst-xdrmem.c | ||
| tst-xdrmem2.c | ||
| xcrypt.c | ||
| xdr.c | ||
| xdr_array.c | ||
| xdr_float.c | ||
| xdr_intXX_t.c | ||
| xdr_mem.c | ||
| xdr_rec.c | ||
| xdr_ref.c | ||
| xdr_sizeof.c | ||
| xdr_stdio.c | ||