Fix a bug in clnt broadcast

Before calling the replyproc function on a broadcast reply,
we convert the server-provided address using uaddr2taddr.
This may fail (eg if the server provided a garbage address),
and return NULL. In this case, we should not call the replyproc
function - because the caller expects the address netbuf to
be a valid pointer, rather than NULL.

Signed-off-by: Olaf Kirch <okir@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>

diff --git a/src/clnt_bcast.c b/src/clnt_bcast.c
index 373d8a52569b9f08e11cce3265516328295f7a8a..1ae637ddcb437cb5606b7bb064b607a08c114ca5 100644 (file)
--- a/src/clnt_bcast.c
+++ b/src/clnt_bcast.c
@@ -588,9 +588,11 @@ rpc_broadcast_exp(prog, vers, proc, xargs, argsp, xresults, resultsp,
                                                LIBTIRPC_DEBUG(3, ("rpc_broadcast_exp: uaddr %s\n", uaddrp));
                                                np = uaddr2taddr(
                                                    fdlist[i].nconf, uaddrp);
-                                               done = (*eachresult)(resultsp,
-                                                   np, fdlist[i].nconf);
-                                               free(np);
+                                               if (np != NULL) {
+                                                       done = (*eachresult)(resultsp,
+                                                           np, fdlist[i].nconf);
+                                                       free(np);
+                                               }
 #ifdef PORTMAP
                                        }
 #endif                         /* PORTMAP */