Fix a bug in clnt broadcast Before calling the replyproc function on a broadcast reply, we convert the server-provided address using uaddr2taddr. This may fail (eg if the server provided a garbage address), and return NULL. In this case, we should not call the replyproc function - because the caller expects the address netbuf to be a valid pointer, rather than NULL. Signed-off-by: Olaf Kirch Signed-off-by: Steve Dickson diff --git a/lib/libc/rpc/clnt_bcast.c b/lib/libc/rpc/clnt_bcast.c index 3e748e769081..b3571ed14a87 100644 --- a/lib/libc/rpc/clnt_bcast.c +++ b/lib/libc/rpc/clnt_bcast.c @@ -609,9 +609,11 @@ rpc_broadcast_exp(rpcprog_t prog, rpcvers_t vers, rpcproc_t proc, #endif np = uaddr2taddr( fdlist[i].nconf, uaddrp); - done = (*eachresult)(resultsp, - np, fdlist[i].nconf); - free(np); + if (np != NULL) { + done = (*eachresult)(resultsp, + np, fdlist[i].nconf); + free(np); + } #ifdef PORTMAP } #endif /* PORTMAP */