158340 – [rpc] Possible dereference of null pointer by code that calls replay_find()...

Bug 158340 - [rpc] Possible dereference of null pointer by code that calls replay_find()...

Summary: [rpc] Possible dereference of null pointer by code that calls replay_find()...

Status:	Closed Overcome By Events

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	Unspecified
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	Bugmeister

URL:
Keywords:

Depends on:
Blocks:

Reported:	2011-06-27 13:50 UTC by Greg Becker
Modified:	2024-01-18 16:01 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Greg Becker 2011-06-27 13:50:07 UTC

In replay_find() (src/sys/rpc/replay.c), if a message is found in the DRC but does not have a body then mp is left untouched.  The only caller of replay_find() is svc_getreq(), which assumes that replay_find() returns a valid pointer in this argument.

Now, I don't know if rce_repbody can legitimately be NULL, but for completeness svc_getreq() should probably set repbody to NULL and then check it after the call to replay_find(), and avoid making the call to SVC_REPLY() if repbody is NULL.

replay_find() also should set *mp = NULL if rce_repbody is NULL.

Comment 1 Eitan Adler freebsd_committer

2017-12-31 07:59:22 UTC

For bugs matching the following criteria:

Status: In Progress Changed: (is less than) 2014-06-01

Reset to default assignee and clear in-progress tags.

Mail being skipped

Comment 2 Greg Becker 2024-01-13 14:36:00 UTC

There is probably little need to fix this bug so may as well just close it.