FreeBSD Security Advisory FreeBSD-SA-15:24.rpcbind
Xin Li
delphij at delphij.net
Wed Sep 30 20:13:49 UTC 2015
On 09/30/15 13:03, Robert Blayzor wrote:
> On Sep 30, 2015, at 3:54 PM, Xin Li <delphij at delphij.net> wrote:
>>
>> Can you make this change and see if it helps?
>>
>> Index: rpcb_svc_com.c
>> ===================================================================
>> --- rpcb_svc_com.c (revision 288421)
>> +++ rpcb_svc_com.c (working copy)
>> @@ -1052,7 +1052,7 @@ static bool_t
>> netbuf_copybuf(struct netbuf *dst, const struct netbuf *src)
>> {
>>
>> - assert(dst->buf == NULL);
>> + assert(dst->len == 0 || dst->buf == NULL);
> …
>
>
> Same result:
>
>
> Assertion failed: (dst->len == 0 || dst->buf == NULL), function netbuf_copybuf, file rpcb_svc_com.c, line 1056.
Hmm this suggests there were either a use-after-free or a memory leak
with existing code. I will need some time to further investigate this.
In the meantime, please comment out the assertion (which turns the crash
back into memory leak in the worst case).
Cheers,
--
Xin LI <delphij at delphij.net> https://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20150930/40a5bc84/attachment.bin>
More information about the freebsd-security
mailing list