aboutsummaryrefslogtreecommitdiff
path: root/src/lib/rpc/clnt_raw.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/rpc/clnt_raw.c')
-rw-r--r--src/lib/rpc/clnt_raw.c17
1 files changed, 16 insertions, 1 deletions
diff --git a/src/lib/rpc/clnt_raw.c b/src/lib/rpc/clnt_raw.c
index ec5fa6f..44fbf5d 100644
--- a/src/lib/rpc/clnt_raw.c
+++ b/src/lib/rpc/clnt_raw.c
@@ -169,8 +169,23 @@ call_again:
msg.acpted_rply.ar_verf = _null_auth;
msg.acpted_rply.ar_results.where = resultsp;
msg.acpted_rply.ar_results.proc = xresults;
- if (! xdr_replymsg(xdrs, &msg))
+ if (! xdr_replymsg(xdrs, &msg)) {
+ /*
+ * It's possible for xdr_replymsg() to fail partway
+ * through its attempt to decode the result from the
+ * server. If this happens, it will leave the reply
+ * structure partially populated with dynamically
+ * allocated memory. (This can happen if someone uses
+ * clntudp_bufcreate() to create a CLIENT handle and
+ * specifies a receive buffer size that is too small.)
+ * This memory must be free()ed to avoid a leak.
+ */
+ int op = xdrs->x_op;
+ xdrs->x_op = XDR_FREE;
+ xdr_replymsg(xdrs, &msg);
+ xdrs->x_op = op;
return (RPC_CANTDECODERES);
+ }
sunrpc_seterr_reply(&msg, &error);
status = error.re_status;
generated by cgit v1.1 at 2024-08-05 01:40:58 +0000