diff options
Diffstat (limited to 'src/lib/rpc/clnt_udp.c')
-rw-r--r-- | src/lib/rpc/clnt_udp.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/src/lib/rpc/clnt_udp.c b/src/lib/rpc/clnt_udp.c index 7ef61c9..6046942 100644 --- a/src/lib/rpc/clnt_udp.c +++ b/src/lib/rpc/clnt_udp.c @@ -379,6 +379,21 @@ send_again: } } /* end of valid reply message */ else { + /* + * It's possible for xdr_replymsg() to fail partway + * through its attempt to decode the result from the + * server. If this happens, it will leave the reply + * structure partially populated with dynamically + * allocated memory. (This can happen if someone uses + * clntudp_bufcreate() to create a CLIENT handle and + * specifies a receive buffer size that is too small.) + * This memory must be free()ed to avoid a leak. + */ + int op = reply_xdrs.x_op; + reply_xdrs.x_op = XDR_FREE; + xdr_replymsg(&reply_xdrs, &reply_msg); + reply_xdrs.x_op = op; + return (RPC_CANTDECODERES); cu->cu_error.re_status = RPC_CANTDECODERES; } return (cu->cu_error.re_status); |