Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-7927

[RHEL 9]rpcbind.c: init_transport(): realloc() may return NULL but not being checked

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • rhel-9.2.0
    • rpcbind
    • rhel-sst-filesystems
    • ssg_filesystems_storage_and_HA
    • 5
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • If docs needed, set a value
    • None

      Description of problem:

      if libcall realloc(hosts, nhostsbak * sizeof(char *)) returns 0, it may lead to an null pointer dereference in hosts[0].

      337 static int
      338 init_transport(struct netconfig *nconf)
      339 {

      <...snip...>

      466 if (nconf->nc_semantics == NC_TPI_CLTS) {
      467 /*
      468 * If no hosts were specified, just bind to INADDR_ANY. Otherwise
      469 * make sure 127.0.0.1 is added to the list.
      470 */
      471 nhostsbak = nhosts;
      472 nhostsbak++;
      473 hosts = realloc(hosts, nhostsbak * sizeof(char *)); // <- realloc may return NULL
      474 if (nhostsbak == 1)
      475 hosts[0] = "*";
      476 else {
      477 if (hints.ai_family == AF_INET)

      { 478 hosts[nhostsbak - 1] = "127.0.0.1"; 479 }

      else if (hints.ai_family == AF_INET6)

      { 480 hosts[nhostsbak - 1] = "::1"; 481 }

      else
      482 return 1;
      483 }
      <...snip...>

      Version-Release number of selected component (if applicable):

      rpcbind-1.2.6-5.el9.x86_64

              stevedatrhn Steve Dickson
              rh-ee-yieli Zhi Li
              Steve Dickson Steve Dickson
              Zhi Li Zhi Li
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: