Date: Wed, 30 Sep 2015 13:13:31 -0700 From: Xin Li <delphij@delphij.net> To: Robert Blayzor <rblayzor.bulk@inoc.net>, d@delphij.net Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-15:24.rpcbind Message-ID: <560C426B.1000608@delphij.net> In-Reply-To: <20BCBD1F-D22E-4878-AB6C-CBE9F7FD4BF2@inoc.net> References: <20150929183942.569F311FD@freefall.freebsd.org> <B821DB04-67A9-4F7C-85E1-8ABCF72C6D46@inoc.net> <560C33B7.70100@delphij.net> <AE3C0342-75F1-4703-A685-561A303C3C76@inoc.net> <560C39B3.1020806@delphij.net> <AC5D1DD3-8AD9-49F8-9ECB-5B239E1B97F6@inoc.net> <560C3DF2.5070608@delphij.net> <20BCBD1F-D22E-4878-AB6C-CBE9F7FD4BF2@inoc.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --26W7StUUQMFgPLQQokSa7oFWaF9eBlqoj Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 09/30/15 13:03, Robert Blayzor wrote: > On Sep 30, 2015, at 3:54 PM, Xin Li <delphij@delphij.net> wrote: >> >> Can you make this change and see if it helps? >> >> Index: rpcb_svc_com.c >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >> --- rpcb_svc_com.c (revision 288421) >> +++ rpcb_svc_com.c (working copy) >> @@ -1052,7 +1052,7 @@ static bool_t >> netbuf_copybuf(struct netbuf *dst, const struct netbuf *src) >> { >> >> - assert(dst->buf =3D=3D NULL); >> + assert(dst->len =3D=3D 0 || dst->buf =3D=3D NULL); > =85 >=20 >=20 > Same result: >=20 >=20 > Assertion failed: (dst->len =3D=3D 0 || dst->buf =3D=3D NULL), function= netbuf_copybuf, file rpcb_svc_com.c, line 1056. Hmm this suggests there were either a use-after-free or a memory leak with existing code. I will need some time to further investigate this. In the meantime, please comment out the assertion (which turns the crash back into memory leak in the worst case). Cheers, --=20 Xin LI <delphij@delphij.net> https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die --26W7StUUQMFgPLQQokSa7oFWaF9eBlqoj Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.8 (FreeBSD) iQIcBAEBCgAGBQJWDEJsAAoJEJW2GBstM+nsBtgP/0kmSJ7cc4io5sRCYL7T+Yzb rtsN+eKD/RHLnrzcXt0OwxQNzsvpoSCGliaOS+Q42FJ+UuJKdz3H9SOWdN2O4yDX gQiTzspkh3SQ0gj0+vfqJ7bjrvPN7EePXZJ1hKEomOvV+XOyxDS0AlOCN/ciIhcX b6i3L028DXUmsJHATVmTmGAHK2zmLUCSMgNF1jHE+S1zWQ2ordgKXo13Erfx6IgH iDeF6pSK29Cs9lNT0kcmUuvxysXBHtYpvhgJbpJt89ym7R71nl36EahbXBAOkrjt Ih0PzONmPMRxRWVTUD6EYu/ulZlQ2uwH6E/7NlwDmNdf6lw7MZWiAkWUQy9/yBbs 7VElXsLpTzCKIoLFPxK/cjdbFovQ4aRiT2e27hhpvehMfumtkf2r0wqS+e5Zi7N6 GC6eTsuiF9Q5A+hJBo/G1aWGqOo99fRWi8Lv4griqEnJSF6VOxPLcEbK+C0YiDZI fhl7OIuSwDULuoPLqQqIFWpDAEBHL6cLHRDxpB+vbbMs9wufhFWyqOHWMO7N5Eaa j7bWw8wWEkOzK8D6obI+1RBaJ+Pz4XI9qQ4pWW9jF5A9oDuDEjxJrqBVwK69P/S9 bswQ8tFxuiMhiDAcVozX+1b/iCtYi3MCpZGp497OmmOJmXu4391zjY04ZlaRw51J izI2qQbns4C1CCho0hcI =t5Ab -----END PGP SIGNATURE----- --26W7StUUQMFgPLQQokSa7oFWaF9eBlqoj--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?560C426B.1000608>