svc_getargs(): Should not be freeing arg pointers on failures

commit 82cc2e61 (SVCAUTH_WRAP/SVCAUTH_UNWRAP) introduce a regression
that causes callers of svc_getargs() to crash when svc_freeargs() frees
args points that are allocated on the stack.

svc_getargs() should let the callers do the freeing and not make any
assumptions on the type of memory passed in.

Also see:
    https://bugzilla.redhat.com/show_bug.cgi?id=948378
and
    CVE-2013-1950 EMBARGOED rpcbind: invalid pointer free leads to crash

Signed-off-by: Steve Dickson <steved@redhat.com>

diff --git a/src/svc_dg.c b/src/svc_dg.c
index b1ac462969af0bfa791f97e369e93edb8567cec4..6e00191c9976396b276fa161fa85adc023f12e71 100644 (file)
--- a/src/svc_dg.c
+++ b/src/svc_dg.c
@@ -284,7 +284,6 @@ svc_dg_getargs(xprt, xdr_args, args_ptr)
 {
        if (! SVCAUTH_UNWRAP(xprt->xp_auth, &(su_data(xprt)->su_xdrs),
                             xdr_args, args_ptr)) {
-               (void)svc_freeargs(xprt, xdr_args, args_ptr);
                return FALSE;
        }
        return TRUE;