abc5c44d62
The svc_addr_len() helper function returns -EAFNOSUPPORT if it doesn't recognize the address family of the passed-in socket address. However, the return type of this function is size_t, which means -EAFNOSUPPORT is turned into a very large positive value in this case. The check in svc_udp_recvfrom() to see if the return value is less than zero therefore won't work at all. Additionally, handle_connect_req() passes this value directly to memset(). This could cause memset() to clobber a large chunk of memory if svc_addr_len() has returned an error. Currently the address family of these addresses, however, is known to be supported long before handle_connect_req() is called, so this isn't a real risk. Change the error return value of svc_addr_len() to zero, which fits in the range of size_t, and is safer to pass to memset() directly. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> |
||
---|---|---|
.. | ||
auth.h | ||
auth_gss.h | ||
cache.h | ||
clnt.h | ||
debug.h | ||
gss_api.h | ||
gss_asn1.h | ||
gss_err.h | ||
gss_krb5.h | ||
gss_spkm3.h | ||
Kbuild | ||
metrics.h | ||
msg_prot.h | ||
rpc_pipe_fs.h | ||
rpc_rdma.h | ||
sched.h | ||
stats.h | ||
svc.h | ||
svc_rdma.h | ||
svc_xprt.h | ||
svcauth.h | ||
svcauth_gss.h | ||
svcsock.h | ||
timer.h | ||
types.h | ||
xdr.h | ||
xprt.h | ||
xprtrdma.h | ||
xprtsock.h |