Skip to content
Commit 55df1000 authored by Florian Weimer's avatar Florian Weimer Committed by Mike Frysinger
Browse files

sunrpc: Avoid use-after-free read access in clntudp_call [BZ #21115] 

After commit bc779a1a
(CVE-2016-4429: sunrpc: Do not use alloca in clntudp_call
[BZ #20112]), ancillary data is stored on the heap,
but it is accessed after it has been freed.

The test case must be run under a heap debugger such as valgrind
to observe the invalid access.  A malloc implementation which
immediately calls munmap on free would catch this bug as well.

(cherry picked from commit d42eed4a)
(cherry picked from commit 045e3687)
parent 0232af1a
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment