Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp1286267pxb; Fri, 21 Jan 2022 14:23:21 -0800 (PST) X-Google-Smtp-Source: ABdhPJxHpvOd8vlmwYna6Zxfh/CTzNisv7TmoxDfzgGp4xk4+3SIYFIE/CaXSuMTHLPRe5T4piOh X-Received: by 2002:a63:b247:: with SMTP id t7mr4317149pgo.164.1642803801326; Fri, 21 Jan 2022 14:23:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1642803801; cv=none; d=google.com; s=arc-20160816; b=xocB4zn8N9aJCqiDVWNXkoLlEOmQAGw8DjHO0yRDmfMuONVLTDYkrLz2KWQ6s1fujH nZTXiKy2j9ISuuKW2JkfCUfgFTAT3RKI+OB5GGCzq7kJBHiEdN0MeJT5qDIe1g3ONJg3 adImikZZcP+/+/uL0kVA43hJlpfd7mSXvvkXLkcQ1QOscAVGl42f7+WUdViOw3Tj+fIM RyTFkYWV+TGzZKDVqIKJNAA5+Ctb04dlsh7/6ztIaSKS/ISqcJD5abPavKNeRx0EhKtS Cw1bQpUbEfOrrEHDn2SF3/XGdUi67ABDNHBhYUF0+SKn2ZUHjXsqVZLAhukbQqe654X1 Q+wA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=kPlMjOFPuoQTdvBhyDzgXZAnIO+rgfpDpnc3UimkWsY=; b=ZMFabJnpc8OhZ+xC4dzfwcjTQDwY2AbVkJ4R4ByOLMan1GLf2zhHKw0+7dM8YEVCUL UM9/qcafXFvR0lqU//2LZU8o+CRefNh21FuMQR5zUJIWHGyd6u3uJOKG0DrZ+OlLxNDz pLgz0RgDVB5k7BzmiQ43CF9qfUg9xxKJ9LmfB+fqZZpHH9eTUHpRWo0nRdiJe1Q+vnXw XGVi4JIfCnsTYIFnBsHJArTPiAPHlc0uaR1UJm0Qrfg5ltMGMX40JjJRG34RFjhbBmSk 0HuZTf22PcKZ48EKp8xGdwgryO/E5sH59/Bsj/alhkwYgLOBCERi9QNM+qZ6CPGZkUfE FK9g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=aUQG+deo; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d9si7655329pgb.583.2022.01.21.14.23.00; Fri, 21 Jan 2022 14:23:21 -0800 (PST) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=aUQG+deo; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1376817AbiATQAl (ORCPT + 99 others); Thu, 20 Jan 2022 11:00:41 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]:30654 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243632AbiATQAk (ORCPT ); Thu, 20 Jan 2022 11:00:40 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1642694439; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=kPlMjOFPuoQTdvBhyDzgXZAnIO+rgfpDpnc3UimkWsY=; b=aUQG+deoL/tWn8GZmXzqclDfKQGGLZsDGRmqFVwTTJFsdOAJ8hE2Ig/068bpO4qNntktUH dFd+nnGemNrVQClGLQei4b6E7zm06Km0W+1HSlnKoQt0d7T0Ek6X1eDye97dg7oo7KJwFn p2bYimnGItqQyDdEQhhLmPndIZlmH+c= Received: from mail-qt1-f198.google.com (mail-qt1-f198.google.com [209.85.160.198]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-533-K2-jIylgNiqmfnAwiqlx-Q-1; Thu, 20 Jan 2022 11:00:38 -0500 X-MC-Unique: K2-jIylgNiqmfnAwiqlx-Q-1 Received: by mail-qt1-f198.google.com with SMTP id u23-20020ac87517000000b002cdd58d2951so1087275qtq.15 for ; Thu, 20 Jan 2022 08:00:38 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:in-reply-to :content-transfer-encoding; bh=kPlMjOFPuoQTdvBhyDzgXZAnIO+rgfpDpnc3UimkWsY=; b=SPBS5KnSyEw33C0l74E1jsYpG0HUeBWxiLJpsk2t6nvLj1RHpY8u9yegH7cQcARNsX l60jmoP1I7RPXTK2A7OpCdUFAd75ywqDgeYQmYt2R6384DKGTJ5uDemzu8Z99NyXtvBb 1eGAtG01ZiDpRsq1vJ+/K5P067FZFx/uOb/h4PBQC51PDjSLsPjCKwcWiQ5+xax0cRWt KMwmyPMTDaqzuGL9KyKxqm6RcqpAP49otHve+hW2S4FP+GzBTUhfx1UZwG4gE5EKL3Ql otr+KaFJNLD5Jds9B6uP8lETxx4QjsP7EN67FBXT1YaF+CWTpzRSuLu4vPsc/B+W8tEH aJ1w== X-Gm-Message-State: AOAM530yW80CgJrQeLj1GKUeSGg8/BkeQ2Cn/rkI2twEy1QQkLUdujM2 D3Yw2j34j5l5KZPlSiZfVvIYg7ZXCmA8UUK0q+Hu+bAViRjrD/KwlEnVGgsEQx56FfckCLz1Cd2 T74ruHVU9Twnje35of75p X-Received: by 2002:a05:620a:2847:: with SMTP id h7mr23899366qkp.295.1642694437502; Thu, 20 Jan 2022 08:00:37 -0800 (PST) X-Received: by 2002:a05:620a:2847:: with SMTP id h7mr23899328qkp.295.1642694437138; Thu, 20 Jan 2022 08:00:37 -0800 (PST) Received: from [172.31.1.6] ([70.109.152.127]) by smtp.gmail.com with ESMTPSA id m8sm1720849qkp.88.2022.01.20.08.00.36 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 20 Jan 2022 08:00:36 -0800 (PST) Message-ID: <3710b69f-a77a-04e4-5989-b2cc3dd77929@redhat.com> Date: Thu, 20 Jan 2022 11:00:35 -0500 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.4.0 Subject: Re: [PATCH] libtirpc: Fix use-after-free accessing the error number Content-Language: en-US To: Frank Sorenson , libtirpc-devel@lists.sourceforge.net Cc: linux-nfs@vger.kernel.org References: <20220113193605.3361579-1-sorenson@redhat.com> From: Steve Dickson In-Reply-To: <20220113193605.3361579-1-sorenson@redhat.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org On 1/13/22 14:36, Frank Sorenson wrote: > Free the cbuf after obtaining the error number. > > Signed-off-by: Frank Sorenson Committed (tag: libtirpc-1-3-3-rc2) steved. > --- > src/clnt_dg.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/src/clnt_dg.c b/src/clnt_dg.c > index e1255de..b3d82e7 100644 > --- a/src/clnt_dg.c > +++ b/src/clnt_dg.c > @@ -456,9 +456,9 @@ get_reply: > cmsg = CMSG_NXTHDR (&msg, cmsg)) > if (cmsg->cmsg_level == SOL_IP && cmsg->cmsg_type == IP_RECVERR) > { > - mem_free(cbuf, (outlen + 256)); > e = (struct sock_extended_err *) CMSG_DATA(cmsg); > cu->cu_error.re_errno = e->ee_errno; > + mem_free(cbuf, (outlen + 256)); > release_fd_lock(cu->cu_fd_lock, mask); > return (cu->cu_error.re_status = RPC_CANTRECV); > }