The branch main has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=f6dc363f6dd2f6daa8cb59ecff6964fb86064f9f
commit f6dc363f6dd2f6daa8cb59ecff6964fb86064f9f Author: Rick Macklem <[email protected]> AuthorDate: 2021-01-12 21:59:52 +0000 Commit: Rick Macklem <[email protected]> CommitDate: 2021-01-12 21:59:52 +0000 nfs-over-tls: handle res.gid.gid_val correctly for memory allocation When the server side nfs-over-tls does an upcall to rpc.tlsservd(8) for the handshake and the rpc.tlsservd "-u" command line option has been specified, a list of gids may be returned. The list will be returned in malloc'd memory pointed to by res.gid.gid_val. To ensure the malloc occurs, res.gid.gid_val must be NULL before the call. Then, the malloc'd memory needs to be free'd. mem_free() just calls free(9), so a NULL pointer argument is fine and a length argument == 0 is ok, since the "len" argument is not used. This bug would have only affected nfs-over-tls and only when rpc.tlsservd(8) is running with the "-u" command line option. --- sys/rpc/rpcsec_tls/rpctls_impl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sys/rpc/rpcsec_tls/rpctls_impl.c b/sys/rpc/rpcsec_tls/rpctls_impl.c index 638f27eaf350..110ba107540a 100644 --- a/sys/rpc/rpcsec_tls/rpctls_impl.c +++ b/sys/rpc/rpcsec_tls/rpctls_impl.c @@ -573,6 +573,7 @@ rpctls_server(SVCXPRT *xprt, struct socket *so, uint32_t *flags, uint64_t *sslp, mtx_unlock(&rpctls_server_lock); /* Do the server upcall. */ + res.gid.gid_val = NULL; stat = rpctlssd_connect_1(NULL, &res, cl); if (stat == RPC_SUCCESS) { *flags = res.flags; @@ -598,6 +599,7 @@ rpctls_server(SVCXPRT *xprt, struct socket *so, uint32_t *flags, uint64_t *sslp, soshutdown(so, SHUT_RD); } CLNT_RELEASE(cl); + mem_free(res.gid.gid_val, 0); /* Once the upcall is done, the daemon is done with the fp and so. */ mtx_lock(&rpctls_server_lock); _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all To unsubscribe, send any mail to "[email protected]"
