From eba093149c09a994d9a51b286c887c680ec69d8e Mon Sep 17 00:00:00 2001
From: ngie <ngie@FreeBSD.org>
Date: Tue, 24 May 2016 18:44:50 +0000
Subject: [PATCH] Use reallocf instead of malloc to fix leak with outbuf_pmap

The previous code overwrote outbuf_pmap's memory with malloc once per
loop iteration, which leaked its memory; use reallocf instead to ensure
that memory is properly free'd each loop iteration.

Add a outbuf_pmap = NULL in the failure case to avoid a double-free
at the bottom of the function.

Differential Revision: https://reviews.freebsd.org/D6495
MFC after: 1 week
Reported by: Coverity
CID: 1038776
Reviewed by: markj, pfgj
Sponsored by: EMC / Isilon Storage Division
---
 lib/libc/rpc/clnt_bcast.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/libc/rpc/clnt_bcast.c b/lib/libc/rpc/clnt_bcast.c
index 99f54082d002..33dc0c84a979 100644
--- a/lib/libc/rpc/clnt_bcast.c
+++ b/lib/libc/rpc/clnt_bcast.c
@@ -346,7 +346,9 @@ rpc_broadcast_exp(rpcprog_t prog, rpcvers_t vers, rpcproc_t proc,
 #ifdef PORTMAP
 		if (si.si_af == AF_INET && si.si_proto == IPPROTO_UDP) {
 			udpbufsz = fdlist[fdlistno].dsize;
-			if ((outbuf_pmap = malloc(udpbufsz)) == NULL) {
+			outbuf_pmap = reallocf(outbuf_pmap, udpbufsz);
+			if (outbuf_pmap == NULL) {
+				outbuf_pmap = NULL;
 				_close(fd);
 				stat = RPC_SYSTEMERROR;
 				goto done_broad;
-- 
2.41.0