Page MenuHomeFreeBSD
Differential D54825

xdr_string: don't leak strings with xdr_free
ClosedPublic
Actions

Authored by brooks on Jan 22 2026, 10:12 AM.
Tags
None
Referenced Files
F145713384: D54825.id170262.diff
Mon, Feb 23, 12:27 PM
F145713338: D54825.diff
Mon, Feb 23, 12:26 PM
Unknown Object (File)
Wed, Feb 18, 4:03 PM
Unknown Object (File)
Wed, Feb 18, 4:03 PM
Unknown Object (File)
Sun, Feb 15, 8:55 AM
Unknown Object (File)
Mon, Feb 2, 1:59 AM
Unknown Object (File)
Sun, Feb 1, 2:42 AM
Unknown Object (File)
Sun, Feb 1, 12:07 AM
View All 19 Files
Subscribers
imp

Details

Reviewers
kib
markj
Group Reviewers
cheri
Commits
rGe17d7ab869bb: xdr_string: don't leak strings with xdr_free
Summary

Historically (and in a small amount of older software such as OpenAFS),
developers would attempt tofree XDR strings with
xdr_free((xdrproc_t)xdr_string, &string)

This resulted in xdr_free calling xdr_string with only two intentional
arguments and what ever was left in the third argument register. If the
register held a sufficently small number, xdr_string would return FALSE
and not free the string (noone checks the return values).

Software should instead free strings with:
xdr_free((xdrproc_t)xdr_wrapstring, &string)

Because buggy software exists in the wild, act as though xdr_wrapstring
was used in the XDR_FREE case and plug these leaks.

Effort: CHERI upstreaming
Sponsored by: Innovate UK

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 70056
Build 66939: arc lint + arc unit

Revision Contents
Changeset List

PathSize
lib/
libc/
xdr/
7 lines
sys/
xdr/
7 lines

Diff 170230

View Options

lib/libc/xdr/xdr.c

Loading...
View Options

sys/xdr/xdr.c

Loading...