autofs-5.0.6 - fix initialization in rpc create_client() From: Ian Kent Sometimes the RPC function create_client() gets a non-null stack variable passed in which can cause a SEGV. Fix it by initializing the passed in variable. --- CHANGELOG | 1 + lib/rpc_subs.c | 11 ++++++++--- 2 files changed, 9 insertions(+), 3 deletions(-) --- autofs-5.0.6.orig/CHANGELOG +++ autofs-5.0.6/CHANGELOG @@ -40,6 +40,7 @@ - fix sss wildcard match. - fix dlopen() error handling in sss module. - fix configure string length tests for sss library. +- fix initialization in rpc create_client(). 28/06/2011 autofs-5.0.6 ----------------------- --- autofs-5.0.6.orig/lib/rpc_subs.c +++ autofs-5.0.6/lib/rpc_subs.c @@ -316,6 +316,7 @@ static int create_client(struct conn_inf int fd, ret; fd = RPC_ANYSOCK; + *client = NULL; if (info->client) { if (!clnt_control(info->client, CLGET_FD, (char *) &fd)) { @@ -344,7 +345,10 @@ static int create_client(struct conn_inf memset(&hints, 0, sizeof(hints)); hints.ai_flags = AI_ADDRCONFIG; hints.ai_family = AF_UNSPEC; - hints.ai_socktype = SOCK_DGRAM; + if (info->proto->p_proto == IPPROTO_UDP) + hints.ai_socktype = SOCK_DGRAM; + else + hints.ai_socktype = SOCK_STREAM; ret = getaddrinfo(info->host, NULL, &hints, &ai); if (ret) { @@ -377,12 +381,13 @@ static int create_client(struct conn_inf freeaddrinfo(ai); +done: if (!*client) { info->client = NULL; ret = -ENOTCONN; goto out_close; } -done: + /* Close socket fd on destroy, as is default for rpcowned fds */ if (!clnt_control(*client, CLSET_FD_CLOSE, NULL)) { clnt_destroy(*client); @@ -800,7 +805,7 @@ static int rpc_get_exports_proto(struct (xdrproc_t) xdr_void, NULL, (xdrproc_t) xdr_exports, (caddr_t) exp, info->timeout); - if (status != RPC_PROGVERSMISMATCH) + if (status == RPC_SUCCESS) break; if (++vers_entry > 2) break;