diff options
| author | Marcel Telka <marcel@telka.sk> | 2017-05-20 07:22:06 +0200 |
|---|---|---|
| committer | Robert Mustacchi <rm@joyent.com> | 2017-05-29 16:28:55 +0000 |
| commit | 45681b8b0e59cad83c1547d78e25d4b7f218d635 (patch) | |
| tree | 73657a7a91e790bdaa69ae34eefa60bb346b3df3 /usr/src/lib/libnsl/rpc/rpc_callmsg.c | |
| parent | d1aea6f139360e9e7f1504facb24f8521047b15c (diff) | |
| download | illumos-gate-45681b8b0e59cad83c1547d78e25d4b7f218d635.tar.gz | |
8238 xdr_callmsg() should clear residual bytes
Reviewed by: Toomas Soome <tsoome@me.com>
Reviewed by: Yuri Pankov <yuripv@gmx.com>
Reviewed by: Gary Mills <gary_mills@fastmail.fm>
Approved by: Robert Mustacchi <rm@joyent.com>
Diffstat (limited to 'usr/src/lib/libnsl/rpc/rpc_callmsg.c')
| -rw-r--r-- | usr/src/lib/libnsl/rpc/rpc_callmsg.c | 37 |
1 files changed, 19 insertions, 18 deletions
diff --git a/usr/src/lib/libnsl/rpc/rpc_callmsg.c b/usr/src/lib/libnsl/rpc/rpc_callmsg.c index 20dcf02e49..3a0e8859f8 100644 --- a/usr/src/lib/libnsl/rpc/rpc_callmsg.c +++ b/usr/src/lib/libnsl/rpc/rpc_callmsg.c @@ -33,8 +33,6 @@ * California. */ -#pragma ident "%Z%%M% %I% %E% SMI" - #include "mt.h" #include <stdlib.h> #include <sys/param.h> @@ -54,14 +52,17 @@ xdr_callmsg(XDR *xdrs, struct rpc_msg *cmsg) struct opaque_auth *oa; if (xdrs->x_op == XDR_ENCODE) { + uint_t credrndup; + uint_t verfrndup; + if (cmsg->rm_call.cb_cred.oa_length > MAX_AUTH_BYTES) return (FALSE); if (cmsg->rm_call.cb_verf.oa_length > MAX_AUTH_BYTES) return (FALSE); - buf = XDR_INLINE(xdrs, 8 * BYTES_PER_XDR_UNIT - + RNDUP(cmsg->rm_call.cb_cred.oa_length) - + 2 * BYTES_PER_XDR_UNIT - + RNDUP(cmsg->rm_call.cb_verf.oa_length)); + credrndup = RNDUP(cmsg->rm_call.cb_cred.oa_length); + verfrndup = RNDUP(cmsg->rm_call.cb_verf.oa_length); + buf = XDR_INLINE(xdrs, 8 * BYTES_PER_XDR_UNIT + + credrndup + 2 * BYTES_PER_XDR_UNIT + verfrndup); if (buf != NULL) { IXDR_PUT_INT32(buf, cmsg->rm_xid); IXDR_PUT_ENUM(buf, cmsg->rm_direction); @@ -78,18 +79,20 @@ xdr_callmsg(XDR *xdrs, struct rpc_msg *cmsg) IXDR_PUT_INT32(buf, oa->oa_length); if (oa->oa_length) { (void) memcpy(buf, oa->oa_base, oa->oa_length); - buf += RNDUP(oa->oa_length) / sizeof (int32_t); + buf += credrndup / BYTES_PER_XDR_UNIT; + if ((credrndup -= oa->oa_length) > 0) + (void) memset((char *)buf - credrndup, + 0, credrndup); } oa = &cmsg->rm_call.cb_verf; IXDR_PUT_ENUM(buf, oa->oa_flavor); IXDR_PUT_INT32(buf, oa->oa_length); if (oa->oa_length) { (void) memcpy(buf, oa->oa_base, oa->oa_length); - /* - * no real need.... - * buf += RNDUP(oa->oa_length) / sizeof - * (int32_t); - */ + buf += verfrndup / BYTES_PER_XDR_UNIT; + if ((verfrndup -= oa->oa_length) > 0) + (void) memset((char *)buf - verfrndup, + 0, verfrndup); } return (TRUE); } @@ -116,9 +119,8 @@ xdr_callmsg(XDR *xdrs, struct rpc_msg *cmsg) if (oa->oa_base == NULL) { oa->oa_base = malloc(oa->oa_length); if (oa->oa_base == NULL) { - syslog(LOG_ERR, - "xdr_callmsg : " - "out of memory."); + syslog(LOG_ERR, "xdr_callmsg : " + "out of memory."); return (FALSE); } } @@ -153,9 +155,8 @@ xdr_callmsg(XDR *xdrs, struct rpc_msg *cmsg) if (oa->oa_base == NULL) { oa->oa_base = malloc(oa->oa_length); if (oa->oa_base == NULL) { - syslog(LOG_ERR, - "xdr_callmsg : " - "out of memory."); + syslog(LOG_ERR, "xdr_callmsg : " + "out of memory."); return (FALSE); } } |