|
|
- Submitted By: Ken Moffat <ken at linuxfromscratch dot org>
- Date: 2017-05-29
- Initial Package Version: 0.2.4 (also affects earlier versions)
- Upstream Status: Unknown
- Origin: Guido Vranken
- Description: Fixes CVE-2017-8779 (DOS by remote attackers - memory consumption
- without subsequent free).
-
- --- a/src/rpcb_svc_com.c
- +++ b/src/rpcb_svc_com.c
- @@ -48,6 +48,7 @@
- #include <rpc/rpc.h>
- #include <rpc/rpcb_prot.h>
- #include <rpc/svc_dg.h>
- +#include <rpc/rpc_com.h>
- #include <netconfig.h>
- #include <errno.h>
- #include <syslog.h>
- @@ -432,7 +433,7 @@ rpcbproc_taddr2uaddr_com(void *arg, stru
- static bool_t
- xdr_encap_parms(XDR *xdrs, struct encap_parms *epp)
- {
- - return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), ~0));
- + return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), RPC_MAXDATASIZE));
- }
-
- /*
|