+2004-08-17 Tom Yu <tlyu@mit.edu>
+
+ * svc.c (svc_getreqset): Allocate cred and verf memory to
+ temporary pointers, and free the temporary pointers on exit.
+ Freeing the actual cred and verf pointers can cause corruption
+ because auth mechanisms can reassign the pointers.
+
2004-08-16 Tom Yu <tlyu@mit.edu>
* svc_auth_gss.c (gssrpc__svcauth_gss): Add some debug messages.
register SVCXPRT *xprt;
register int sock;
bool_t no_dispatch;
+ caddr_t rawcred, rawverf, cookedcred;
- msg.rm_call.cb_cred.oa_base = mem_alloc(MAX_AUTH_BYTES);
- msg.rm_call.cb_verf.oa_base = mem_alloc(MAX_AUTH_BYTES);
- r.rq_clntcred = mem_alloc(RQCRED_SIZE);
+ rawcred = mem_alloc(MAX_AUTH_BYTES);
+ rawverf = mem_alloc(MAX_AUTH_BYTES);
+ cookedcred = mem_alloc(RQCRED_SIZE);
+
+ if (rawcred == NULL || rawverf == NULL || cookedcred == NULL)
+ return;
+
+ msg.rm_call.cb_cred.oa_base = rawcred;
+ msg.rm_call.cb_verf.oa_base = rawverf;
+ r.rq_clntcred = cookedcred;
#ifdef FD_SETSIZE
for (sock = 0; sock <= max_xport; sock++) {
} while (stat == XPRT_MOREREQS);
}
}
- mem_free(msg.rm_call.cb_cred.oa_base, MAX_AUTH_BYTES);
- mem_free(msg.rm_call.cb_verf.oa_base, MAX_AUTH_BYTES);
- mem_free(r.rq_clntcred, RQCRED_SIZE);
+ mem_free(rawcred, MAX_AUTH_BYTES);
+ mem_free(rawverf, MAX_AUTH_BYTES);
+ mem_free(cookedcred, RQCRED_SIZE);
}