On Wed, Oct 02, 2002 at 12:49:43PM -0400, Robert Watson wrote: > > crash1# rpcbind > Oct 2 12:47:15 crash1 rpcbind: cannot bind (null) on udp6: Address > already in use > Segmentation fault > Oct 2 12:47:15 crash1 kernel: pid 1595 (rpcbind), uid 0: exited on signal > 11 > crash1# > > I'm having trouble extracting a core so won't be able to follow-up just > yet, but it looks like it might not be too hard to track down.
The error-handling code in rpcbind was bogus..there were failure paths
that would continue to execute with a null pointer that eventually
causes the crash.
Kris
Index: rpcbind.c
===================================================================
RCS file: /usr/home/ncvs/src/usr.sbin/rpcbind/rpcbind.c,v
retrieving revision 1.4
diff -u -r1.4 rpcbind.c
--- rpcbind.c 22 Jul 2002 15:22:53 -0000 1.4
+++ rpcbind.c 3 Oct 2002 03:32:39 -0000
@@ -359,17 +359,18 @@
servname, &hints, &res)) != 0) {
syslog(LOG_ERR, "cannot get local address for %s: %s",
nconf->nc_netid, gai_strerror(aicode));
- continue;
+ goto error;
}
addrlen = res->ai_addrlen;
sa = (struct sockaddr *)res->ai_addr;
oldmask = umask(S_IXUSR|S_IXGRP|S_IXOTH);
if (bind(fd, sa, addrlen) != 0) {
syslog(LOG_ERR, "cannot bind %s on %s: %m",
- hosts[nhostsbak], nconf->nc_netid);
+ (hosts[nhostsbak] = NULL) ? hosts[nhostsbak] : "*",
+ nconf->nc_netid);
if (res != NULL)
freeaddrinfo(res);
- continue;
+ goto error;
} else
checkbind++;
(void) umask(oldmask);
@@ -382,7 +383,7 @@
nconf->nc_netid);
if (res != NULL)
freeaddrinfo(res);
- return 1;
+ goto error;
}
memcpy(taddr.addr.buf, sa, addrlen);
#ifdef ND_DEBUG
msg43791/pgp00000.pgp
Description: PGP signature
