This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] sunrpc: xdr_bytes/xdr_string need to free buffer on error [BZ #21461]

From: Florian Weimer <fweimer at redhat dot com>
To: Andreas Schwab <schwab at suse dot de>
Cc: libc-alpha at sourceware dot org
Date: Wed, 6 Jun 2018 10:17:15 +0200
Subject: Re: [PATCH] sunrpc: xdr_bytes/xdr_string need to free buffer on error [BZ #21461]
References: <20170505131828.16EBC402C427D@oldenburg.str.redhat.com> <91e971f6-a9d6-f6d3-5202-5b6392e23c94@redhat.com> <mvmfugfu4i4.fsf@suse.de>

On 05/08/2017 10:39 AM, Andreas Schwab wrote:

On Mai 08 2017, Florian Weimer <fweimer@redhat.com> wrote:

+* The xdr_bytes and xdr_string routines free the internally allocated
+  buffer if deserialization of the buffer contents fails for any reason.


Isn't it the caller's responsibility to call the XDR functions with
XDR_FREE in any case?

I've decided to follow this interpretation and requested that MITRErejects CVE-2017-8804.


Thanks,
Florian

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]