Module Name: src
Committed By: martin
Date: Thu Jan 24 13:59:40 UTC 2019
Modified Files:
src/usr.sbin/rpcbind [netbsd-8]: util.c
Log Message:
Pull up following revision(s) (requested by christos in ticket #1167):
usr.sbin/rpcbind/util.c: revision 1.23
- fix wrong size allocation that triggers buffer overflow
- remove unneeded casts and assertions
XXX: pullup-8
To generate a diff of this commit:
cvs rdiff -u -r1.20 -r1.20.8.1 src/usr.sbin/rpcbind/util.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.sbin/rpcbind/util.c
diff -u src/usr.sbin/rpcbind/util.c:1.20 src/usr.sbin/rpcbind/util.c:1.20.8.1
--- src/usr.sbin/rpcbind/util.c:1.20 Sun Nov 8 16:36:28 2015
+++ src/usr.sbin/rpcbind/util.c Thu Jan 24 13:59:40 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: util.c,v 1.20 2015/11/08 16:36:28 christos Exp $ */
+/* $NetBSD: util.c,v 1.20.8.1 2019/01/24 13:59:40 martin Exp $ */
/*-
* Copyright (c) 2000 The NetBSD Foundation, Inc.
@@ -128,14 +128,14 @@ addrmerge(struct netbuf *caller, char *s
if (serv_nbp == NULL)
return NULL;
- serv_sa = (struct sockaddr *)serv_nbp->buf;
+ serv_sa = serv_nbp->buf;
if (clnt_uaddr != NULL) {
clnt_nbp = uaddr2taddr(nconf, clnt_uaddr);
if (clnt_nbp == NULL) {
free(serv_nbp);
return NULL;
}
- clnt_sa = (struct sockaddr *)clnt_nbp->buf;
+ clnt_sa = clnt_nbp->buf;
if (clnt_sa->sa_family == AF_LOCAL) {
free(serv_nbp);
free(clnt_nbp);
@@ -143,8 +143,12 @@ addrmerge(struct netbuf *caller, char *s
return strdup(serv_uaddr);
}
} else {
- clnt_sa = (struct sockaddr *)
- malloc(sizeof (struct sockaddr_storage));
+ clnt_sa = malloc(clnt->sa_len);
+ if (clnt_sa == NULL) {
+ free(serv_nbp);
+ free(clnt_nbp);
+ return 0;
+ }
memcpy(clnt_sa, clnt, clnt->sa_len);
}
@@ -262,7 +266,6 @@ found:
break;
#ifdef INET6
case AF_INET6:
- assert(newsin6);
memcpy(newsin6, ifsin6, clnt_sa->sa_len);
newsin6->sin6_port = servsin6->sin6_port;
tbuf.maxlen = sizeof (struct sockaddr_storage);
