Page MenuHomeFreeBSD
Differential D54825

xdr_string: don't leak strings with xdr_free
ClosedPublic
Actions

Authored by brooks on Jan 22 2026, 10:12 AM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Mar 13, 9:06 AM
Unknown Object (File)
Wed, Mar 11, 9:20 AM
Unknown Object (File)
Wed, Mar 11, 6:18 AM
Unknown Object (File)
Mon, Mar 9, 6:57 PM
Unknown Object (File)
Fri, Mar 6, 5:22 AM
Unknown Object (File)
Tue, Feb 24, 9:19 AM
Unknown Object (File)
Tue, Feb 24, 8:22 AM
Unknown Object (File)
Tue, Feb 24, 7:05 AM
View All 28 Files
Subscribers
imp

Details

Reviewers
kib
markj
Group Reviewers
cheri
Commits
rGe17d7ab869bb: xdr_string: don't leak strings with xdr_free
Summary

Historically (and in a small amount of older software such as OpenAFS),
developers would attempt tofree XDR strings with
xdr_free((xdrproc_t)xdr_string, &string)

This resulted in xdr_free calling xdr_string with only two intentional
arguments and what ever was left in the third argument register. If the
register held a sufficently small number, xdr_string would return FALSE
and not free the string (noone checks the return values).

Software should instead free strings with:
xdr_free((xdrproc_t)xdr_wrapstring, &string)

Because buggy software exists in the wild, act as though xdr_wrapstring
was used in the XDR_FREE case and plug these leaks.

Effort: CHERI upstreaming
Sponsored by: Innovate UK

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 70056
Build 66939: arc lint + arc unit

Revision Contents
Changeset List

PathSize
lib/
libc/
xdr/
7 lines
sys/
xdr/
7 lines

Diff 170230

View Options

lib/libc/xdr/xdr.c

Loading...
View Options

sys/xdr/xdr.c

Loading...