Sun Mar 31 20:26:33 2013 UTC ()
Pull up following revision(s) (requested by christos in ticket #854):
	lib/libc/rpc/clnt_vc.c: revision 1.19
PR/13082: Thorsten Brehm: Fix wrong memcpy that caused possible memory
corruption. XXX: pullup to 6.


(riz)
diff -r1.17.8.1 -r1.17.8.2 src/lib/libc/rpc/clnt_vc.c
cvs diff -r1.17.8.1 -r1.17.8.2 src/lib/libc/rpc/clnt_vc.c (expand / switch to unified diff)

--- src/lib/libc/rpc/clnt_vc.c 2013/03/14 22:03:09 1.17.8.1
+++ src/lib/libc/rpc/clnt_vc.c 2013/03/31 20:26:33 1.17.8.2
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: clnt_vc.c,v 1.17.8.1 2013/03/14 22:03:09 riz Exp $ */ 1/* $NetBSD: clnt_vc.c,v 1.17.8.2 2013/03/31 20:26:33 riz Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2010, Oracle America, Inc. 4 * Copyright (c) 2010, Oracle America, Inc.
5 * 5 *
6 * Redistribution and use in source and binary forms, with or without 6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are 7 * modification, are permitted provided that the following conditions are
8 * met: 8 * met:
9 * 9 *
10 * * Redistributions of source code must retain the above copyright 10 * * Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer. 11 * notice, this list of conditions and the following disclaimer.
12 * * Redistributions in binary form must reproduce the above 12 * * Redistributions in binary form must reproduce the above
13 * copyright notice, this list of conditions and the following 13 * copyright notice, this list of conditions and the following
14 * disclaimer in the documentation and/or other materials 14 * disclaimer in the documentation and/or other materials
@@ -28,27 +28,27 @@ @@ -28,27 +28,27 @@
28 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 28 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
29 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 29 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
30 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 30 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
31 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 31 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 */ 32 */
33 33
34#include <sys/cdefs.h> 34#include <sys/cdefs.h>
35#if defined(LIBC_SCCS) && !defined(lint) 35#if defined(LIBC_SCCS) && !defined(lint)
36#if 0 36#if 0
37static char *sccsid = "@(#)clnt_tcp.c 1.37 87/10/05 Copyr 1984 Sun Micro"; 37static char *sccsid = "@(#)clnt_tcp.c 1.37 87/10/05 Copyr 1984 Sun Micro";
38static char *sccsid = "@(#)clnt_tcp.c 2.2 88/08/01 4.0 RPCSRC"; 38static char *sccsid = "@(#)clnt_tcp.c 2.2 88/08/01 4.0 RPCSRC";
39static char sccsid[] = "@(#)clnt_vc.c 1.19 89/03/16 Copyr 1988 Sun Micro"; 39static char sccsid[] = "@(#)clnt_vc.c 1.19 89/03/16 Copyr 1988 Sun Micro";
40#else 40#else
41__RCSID("$NetBSD: clnt_vc.c,v 1.17.8.1 2013/03/14 22:03:09 riz Exp $"); 41__RCSID("$NetBSD: clnt_vc.c,v 1.17.8.2 2013/03/31 20:26:33 riz Exp $");
42#endif 42#endif
43#endif 43#endif
44  44
45/* 45/*
46 * clnt_tcp.c, Implements a TCP/IP based, client side RPC. 46 * clnt_tcp.c, Implements a TCP/IP based, client side RPC.
47 * 47 *
48 * Copyright (C) 1984, Sun Microsystems, Inc. 48 * Copyright (C) 1984, Sun Microsystems, Inc.
49 * 49 *
50 * TCP based RPC supports 'batched calls'. 50 * TCP based RPC supports 'batched calls'.
51 * A sequence of calls may be batched-up in a send buffer. The rpc call 51 * A sequence of calls may be batched-up in a send buffer. The rpc call
52 * return immediately to the client even though the call was not necessarily 52 * return immediately to the client even though the call was not necessarily
53 * sent. The batching occurs if the results' xdr routine is NULL (0) AND 53 * sent. The batching occurs if the results' xdr routine is NULL (0) AND
54 * the rpc timeout value is zero (see clnt.h, rpc). 54 * the rpc timeout value is zero (see clnt.h, rpc).
@@ -254,28 +254,28 @@ clnt_vc_create(fd, raddr, prog, vers, se @@ -254,28 +254,28 @@ clnt_vc_create(fd, raddr, prog, vers, se
254 goto fooy; 254 goto fooy;
255 255
256 ct->ct_closeit = FALSE; 256 ct->ct_closeit = FALSE;
257 257
258 /* 258 /*
259 * Set up private data struct 259 * Set up private data struct
260 */ 260 */
261 ct->ct_fd = fd; 261 ct->ct_fd = fd;
262 ct->ct_wait.tv_usec = 0; 262 ct->ct_wait.tv_usec = 0;
263 ct->ct_waitset = FALSE; 263 ct->ct_waitset = FALSE;
264 ct->ct_addr.buf = malloc((size_t)raddr->maxlen); 264 ct->ct_addr.buf = malloc((size_t)raddr->maxlen);
265 if (ct->ct_addr.buf == NULL) 265 if (ct->ct_addr.buf == NULL)
266 goto fooy; 266 goto fooy;
267 memcpy(ct->ct_addr.buf, &raddr->buf, (size_t)raddr->len); 267 memcpy(ct->ct_addr.buf, raddr->buf, (size_t)raddr->len);
268 ct->ct_addr.len = raddr->maxlen; 268 ct->ct_addr.len = raddr->len;
269 ct->ct_addr.maxlen = raddr->maxlen; 269 ct->ct_addr.maxlen = raddr->maxlen;
270 270
271 /* 271 /*
272 * Initialize call message 272 * Initialize call message
273 */ 273 */
274 call_msg.rm_xid = __RPC_GETXID(); 274 call_msg.rm_xid = __RPC_GETXID();
275 call_msg.rm_direction = CALL; 275 call_msg.rm_direction = CALL;
276 call_msg.rm_call.cb_rpcvers = RPC_MSG_VERSION; 276 call_msg.rm_call.cb_rpcvers = RPC_MSG_VERSION;
277 call_msg.rm_call.cb_prog = (u_int32_t)prog; 277 call_msg.rm_call.cb_prog = (u_int32_t)prog;
278 call_msg.rm_call.cb_vers = (u_int32_t)vers; 278 call_msg.rm_call.cb_vers = (u_int32_t)vers;
279 279
280 /* 280 /*
281 * pre-serialize the static part of the call msg and stash it away 281 * pre-serialize the static part of the call msg and stash it away