From 4efbd5cb39dfa170056532185c724ab2ff545585 Mon Sep 17 00:00:00 2001 From: Ulrich Drepper Date: Sun, 4 Dec 2011 13:20:06 -0500 Subject: Fix aliasing issues in RPC code --- ChangeLog | 6 ++++++ sunrpc/clnt_tcp.c | 15 +++++++++++++++ sunrpc/clnt_udp.c | 3 +-- sunrpc/clnt_unix.c | 16 +++++++++++++++- 4 files changed, 37 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index ad891be..6416f9e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2011-12-04 Ulrich Drepper + + * sunrpc/clnt_unix.c (clntunix_control): Fix aliasing issues. + * sunrpc/clnt_tcp.c (clnttcp_control): Likewise. + * sunrpc/clnt_udp.c (clntudp_call): Likewise. + 2011-12-03 Ulrich Drepper * inet/netinet/in.h: Provide versions of IN6_IS_ADDR_UNSPECIFIED, diff --git a/sunrpc/clnt_tcp.c b/sunrpc/clnt_tcp.c index 7cfbe9e..d1fc43d 100644 --- a/sunrpc/clnt_tcp.c +++ b/sunrpc/clnt_tcp.c @@ -364,6 +364,8 @@ static bool_t clnttcp_control (CLIENT *cl, int request, char *info) { struct ct_data *ct = (struct ct_data *) cl->cl_private; + u_long *mcall_ptr; + u_long ul; switch (request) @@ -393,11 +395,24 @@ clnttcp_control (CLIENT *cl, int request, char *info) * first element in the call structure *. * This will get the xid of the PREVIOUS call */ +#if 0 + /* This original code has aliasing issues. */ *(u_long *)info = ntohl (*(u_long *)ct->ct_mcall); +#else + mcall_ptr = (u_long *)ct->ct_mcall; + ul = ntohl (*mcall_ptr); + memcpy (info, &ul, sizeof (ul)); +#endif break; case CLSET_XID: /* This will set the xid of the NEXT call */ +#if 0 + /* This original code has aliasing issues. */ *(u_long *)ct->ct_mcall = htonl (*(u_long *)info - 1); +#else + ul = ntohl (*(u_long *)info - 1); + memcpy (ct->ct_mcall, &ul, sizeof (ul)); +#endif /* decrement by 1 as clnttcp_call() increments once */ break; case CLGET_VERS: diff --git a/sunrpc/clnt_udp.c b/sunrpc/clnt_udp.c index babee9a..294e13a 100644 --- a/sunrpc/clnt_udp.c +++ b/sunrpc/clnt_udp.c @@ -473,8 +473,7 @@ send_again: /* see if reply transaction id matches sent id. Don't do this if we only wait for a replay */ if (xargs != NULL - && (*((u_int32_t *) (cu->cu_inbuf)) - != *((u_int32_t *) (cu->cu_outbuf)))) + && memcmp (cu->cu_inbuf, cu->cu_outbuf, sizeof (u_int32_t)) != 0) continue; /* we now assume we have the proper reply */ break; diff --git a/sunrpc/clnt_unix.c b/sunrpc/clnt_unix.c index 62dc8c6..282127b 100644 --- a/sunrpc/clnt_unix.c +++ b/sunrpc/clnt_unix.c @@ -338,7 +338,8 @@ static bool_t clntunix_control (CLIENT *cl, int request, char *info) { struct ct_data *ct = (struct ct_data *) cl->cl_private; - + u_long *mcall_ptr; + u_long ul; switch (request) { @@ -366,11 +367,24 @@ clntunix_control (CLIENT *cl, int request, char *info) * first element in the call structure *. * This will get the xid of the PREVIOUS call */ +#if 0 + /* This original code has aliasing issues. */ *(u_long *) info = ntohl (*(u_long *)ct->ct_mcall); +#else + mcall_ptr = (u_long *)ct->ct_mcall; + ul = ntohl (*mcall_ptr); + memcpy (info, &ul, sizeof (ul)); +#endif break; case CLSET_XID: /* This will set the xid of the NEXT call */ +#if 0 + /* This original code has aliasing issues. */ *(u_long *) ct->ct_mcall = htonl (*(u_long *)info - 1); +#else + ul = ntohl (*(u_long *)info - 1); + memcpy (ct->ct_mcall, &ul, sizeof (ul)); +#endif /* decrement by 1 as clntunix_call() increments once */ break; case CLGET_VERS: -- cgit v1.1