Page MenuHomeFreeBSD
Differential D6623

Bounds check rpcbs_rmtcall(..) to ensure rtype is less than RPCBVERS_STAT
ClosedPublic
Actions

Authored by ngie on May 29 2016, 6:43 AM.
Tags
None
Referenced Files
Unknown Object (File)
Sep 18 2025, 7:47 AM
Unknown Object (File)
Sep 15 2025, 12:21 PM
Unknown Object (File)
Sep 15 2025, 9:15 AM
Unknown Object (File)
Sep 15 2025, 7:01 AM
Unknown Object (File)
Sep 15 2025, 6:57 AM
Unknown Object (File)
Sep 15 2025, 6:55 AM
Unknown Object (File)
Sep 15 2025, 6:21 AM
Unknown Object (File)
Aug 20 2025, 5:08 AM
View All 42 Files
Subscribers
alfred
imp
markj
rmacklem
truckman

Details

Reviewers
truckman
Summary

Bounds check rpcbs_rmtcall(..) to ensure rtype is less than RPCBVERS_STAT

Not returning if rtype == RPCBVERS_STAT will cause us to overrun the inf array, as
it's defined to be exactly RPCBVERS_STAT elements in rpcb_prot.x:

include/rpc/rpcb_prot.x:typedef rpcb_stat rpcb_stat_byvers[RPCBVERS_STAT];

The proposed change also matches the rest of the rtype upper bound checks in the
file, so the original change was likely a typo.

MFC after: 2 weeks
Reported by: Coverity
CID: 1007567
Sponsored by: EMC / Isilon Storage Division

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

ngie updated this revision to Diff 17054.May 29 2016, 6:43 AM
ngie retitled this revision from to Bounds check rpcbs_rmtcall(..) to ensure rtype is less than RPCBVERS_STAT.
ngie updated this object.
ngie edited the test plan for this revision. (Show Details)
ngie set the repository for this revision to rS FreeBSD src repository - subversion.
ngie added subscribers: alfred, truckman, markj, rmacklem.
Herald added a subscriber: imp. · View Herald TranscriptMay 29 2016, 6:43 AM
truckman added a comment.May 30 2016, 8:59 PM

That looks correct to me.

truckman accepted this revision.May 30 2016, 9:00 PM
truckman added a reviewer: truckman.
This revision is now accepted and ready to land.May 30 2016, 9:00 PM
ngie closed this revision.Jun 8 2016, 12:45 PM

Revision Contents
Changeset List

PathSize
2 lines

Diff 17054

View Options

rpcb_stat.c

Loading...