On Wed, Oct 02, 2002 at 12:49:43PM -0400, Robert Watson wrote: > > crash1# rpcbind > Oct 2 12:47:15 crash1 rpcbind: cannot bind (null) on udp6: Address > already in use > Segmentation fault > Oct 2 12:47:15 crash1 kernel: pid 1595 (rpcbind), uid 0: exited on signal > 11 > crash1# > > I'm having trouble extracting a core so won't be able to follow-up just > yet, but it looks like it might not be too hard to track down.
The error-handling code in rpcbind was bogus..there were failure paths that would continue to execute with a null pointer that eventually causes the crash. Kris Index: rpcbind.c =================================================================== RCS file: /usr/home/ncvs/src/usr.sbin/rpcbind/rpcbind.c,v retrieving revision 1.4 diff -u -r1.4 rpcbind.c --- rpcbind.c 22 Jul 2002 15:22:53 -0000 1.4 +++ rpcbind.c 3 Oct 2002 03:32:39 -0000 @@ -359,17 +359,18 @@ servname, &hints, &res)) != 0) { syslog(LOG_ERR, "cannot get local address for %s: %s", nconf->nc_netid, gai_strerror(aicode)); - continue; + goto error; } addrlen = res->ai_addrlen; sa = (struct sockaddr *)res->ai_addr; oldmask = umask(S_IXUSR|S_IXGRP|S_IXOTH); if (bind(fd, sa, addrlen) != 0) { syslog(LOG_ERR, "cannot bind %s on %s: %m", - hosts[nhostsbak], nconf->nc_netid); + (hosts[nhostsbak] = NULL) ? hosts[nhostsbak] : "*", + nconf->nc_netid); if (res != NULL) freeaddrinfo(res); - continue; + goto error; } else checkbind++; (void) umask(oldmask); @@ -382,7 +383,7 @@ nconf->nc_netid); if (res != NULL) freeaddrinfo(res); - return 1; + goto error; } memcpy(taddr.addr.buf, sa, addrlen); #ifdef ND_DEBUG
msg43791/pgp00000.pgp
Description: PGP signature