__svc_vc_dodestroy: close memory leak

A rendezvouser socket is defined by a
xp_port value of (u_short)-1 which does
not work because xp_port is overwritten
by svc_com_create() and 65535 is a valid
port value.

To ensure actual connections get freed
properly in __svc_vc_dodestroy(), compare
the xp_recv value to rendezvous_request.

Reported-by: Michael Theall <mtheall@us.ibm.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/lib/libc/rpc/svc_vc.c b/lib/libc/rpc/svc_vc.c
index 6e141317be84..0dcb72b08fc2 100644
--- a/lib/libc/rpc/svc_vc.c
+++ b/lib/libc/rpc/svc_vc.c
@@ -382,6 +382,13 @@ svc_vc_destroy(SVCXPRT *xprt)
 	__svc_vc_dodestroy(xprt);
 }
 
+static bool_t
+__svc_rendezvous_socket(xprt)
+	SVCXPRT *xprt;
+{
+	return (xprt->xp_ops->xp_recv == rendezvous_request);
+}
+
 static void
 __svc_vc_dodestroy(SVCXPRT *xprt)
 {
@@ -392,7 +399,7 @@ __svc_vc_dodestroy(SVCXPRT *xprt)
 
 	if (xprt->xp_fd != RPC_ANYFD)
 		(void)_close(xprt->xp_fd);
-	if (xprt->xp_port != 0) {
+	if (__svc_rendezvous_socket(xprt)) {
 		/* a rendezvouser socket */
 		r = (struct cf_rendezvous *)xprt->xp_p1;
 		mem_free(r, sizeof (struct cf_rendezvous));