upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-28 04:12:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

The macro nfsm_reply() is supposed to allocate a reply in all cases,

Browse source 
but since the nfs cleanup, it hasn't done so in the case where
`error' is EBADRPC. Callers of this macro expect it to initialise
*mrq, and the `nfsmout' exit point expects a reply to be allocated
if error == 0. When nfsm_reply() was called with error = EBADRPC,
whatever junk was in *mrq (often a stale pointer to an old reply
mbuf) would be assumed to be a valid reply and passed to pru_sosend(),
causing a crash sooner or later.

Fix this by allocating a reply even in the EBADRPC case like we
used to do. This bug was specific to -current.
This commit is contained in:
Ian Dowse 2002-01-11 22:22:39 +00:00
parent 76980afbc0
commit 66b462a989
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
sys/nfsserver/nfsm_subs.h
View file

@ -134,12 +134,12 @@ do { \
m_freem(mrep); \
mrep = NULL; \
} \
mreq = nfs_rephead((s), nfsd, error, &mb, &bpos); \
*mrq = mreq; \
if (error == EBADRPC) { \
error = 0; \
goto nfsmout; \
} \
mreq = nfs_rephead((s), nfsd, error, &mb, &bpos); \
*mrq = mreq; \
} while (0)
#define nfsm_writereply(s) \