From: Olaf Kirch Date: Tue, 16 Dec 2014 18:38:33 +0000 (-0500) Subject: Fix a bug in clnt broadcast X-Git-Tag: libtirpc-0-2-6-rc2~4 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=cdb1bc68e10d9a9b1595f855ba2660fe84d3b7cc;p=libtirpc Fix a bug in clnt broadcast Before calling the replyproc function on a broadcast reply, we convert the server-provided address using uaddr2taddr. This may fail (eg if the server provided a garbage address), and return NULL. In this case, we should not call the replyproc function - because the caller expects the address netbuf to be a valid pointer, rather than NULL. Signed-off-by: Olaf Kirch Signed-off-by: Steve Dickson --- diff --git a/src/clnt_bcast.c b/src/clnt_bcast.c index 373d8a5..1ae637d 100644 --- a/src/clnt_bcast.c +++ b/src/clnt_bcast.c @@ -588,9 +588,11 @@ rpc_broadcast_exp(prog, vers, proc, xargs, argsp, xresults, resultsp, LIBTIRPC_DEBUG(3, ("rpc_broadcast_exp: uaddr %s\n", uaddrp)); np = uaddr2taddr( fdlist[i].nconf, uaddrp); - done = (*eachresult)(resultsp, - np, fdlist[i].nconf); - free(np); + if (np != NULL) { + done = (*eachresult)(resultsp, + np, fdlist[i].nconf); + free(np); + } #ifdef PORTMAP } #endif /* PORTMAP */