aboutsummaryrefslogtreecommitdiff
path: root/src/lib/rpc/clnt_udp.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/rpc/clnt_udp.c')
-rw-r--r--src/lib/rpc/clnt_udp.c15
1 files changed, 15 insertions, 0 deletions
diff --git a/src/lib/rpc/clnt_udp.c b/src/lib/rpc/clnt_udp.c
index 7ef61c9..6046942 100644
--- a/src/lib/rpc/clnt_udp.c
+++ b/src/lib/rpc/clnt_udp.c
@@ -379,6 +379,21 @@ send_again:
}
} /* end of valid reply message */
else {
+ /*
+ * It's possible for xdr_replymsg() to fail partway
+ * through its attempt to decode the result from the
+ * server. If this happens, it will leave the reply
+ * structure partially populated with dynamically
+ * allocated memory. (This can happen if someone uses
+ * clntudp_bufcreate() to create a CLIENT handle and
+ * specifies a receive buffer size that is too small.)
+ * This memory must be free()ed to avoid a leak.
+ */
+ int op = reply_xdrs.x_op;
+ reply_xdrs.x_op = XDR_FREE;
+ xdr_replymsg(&reply_xdrs, &reply_msg);
+ reply_xdrs.x_op = op;
+ return (RPC_CANTDECODERES);
cu->cu_error.re_status = RPC_CANTDECODERES;
}
return (cu->cu_error.re_status);
generated by cgit v1.1 at 2024-07-10 13:21:59 +0000