[PATCH] [sunrpc] Fix possible null-pointer dereference.

Dmitry Chestnyh d.chestnyh@omp.ru
Thu Mar 31 14:10:48 GMT 2022


This issue was found by SVACE static analyzer.
In clntunix_call function there are no
obvious checks of xdr_results ptr value.
And seems that we can't be sure that this pointer
isn't NULL.
---
 sunrpc/clnt_unix.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sunrpc/clnt_unix.c b/sunrpc/clnt_unix.c
index 33a02cc8af..ef8ef5fb4d 100644
--- a/sunrpc/clnt_unix.c
+++ b/sunrpc/clnt_unix.c
@@ -44,6 +44,7 @@
  * Now go hang yourself.
  */
 
+#include <assert.h>
 #include <netdb.h>
 #include <errno.h>
 #include <stdio.h>
@@ -278,6 +279,7 @@ call_again:
   _seterr_reply (&reply_msg, &(ct->ct_error));
   if (ct->ct_error.re_status == RPC_SUCCESS)
     {
+      assert(xdr_results != NULL);
       if (!AUTH_VALIDATE (h->cl_auth, &reply_msg.acpted_rply.ar_verf))
 	{
 	  ct->ct_error.re_status = RPC_AUTHERROR;
-- 
2.25.1



More information about the Libc-alpha mailing list