From: Jeff Layton <jlayton@redhat.com>
Date: Fri, 13 Mar 2009 16:44:16 +0000 (-0400)
Subject: libtirpc: set r_netid and r_owner in __rpcb_findaddr_timed
X-Git-Tag: 0.0.10~2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1c8c2bf2f0b81b0fa1992894679786619c048a1e;p=libtirpc

libtirpc: set r_netid and r_owner in __rpcb_findaddr_timed

These fields in the rpcbind GETADDR call are being passed uninitialized
to CLNT_CALL. In the case of x86_64 at least, this usually leads to a
segfault. On x86, it sometimes causes segfaults and other times causes
garbage to be sent on the wire.

rpcbind generally ignores the r_owner field for calls that come in over
the wire, so it really doesn't matter what we send in that slot. We just
need to send something. The reference implementation from Sun seems to
send a blank string. Have ours follow suit.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
---

diff --git a/src/rpcb_clnt.c b/src/rpcb_clnt.c
index ed16f00..b1c0038 100644
--- a/src/rpcb_clnt.c
+++ b/src/rpcb_clnt.c
@@ -749,6 +749,13 @@ __rpcb_findaddr_timed(program, version, nconf, host, clpp, tp)
 	parms.r_addr = NULL;
 	parms.r_prog = program;
 	parms.r_vers = version;
+	parms.r_netid = nconf->nc_netid;
+
+	/*
+	 * According to wire captures, the reference implementation
+	 * (OpenSolaris) sends a blank string here too.
+	 */
+	parms.r_owner = "";
 
 	/*
 	 * Use default total timeout if no timeout is specified.