LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
15509 Commits
1 Branch
46 MiB
Tree: a91c4aa395
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a91c4aa395'
${ noResults }
openwrt-packages-dist/net/rpcbind/patches/001-CVE-2017-8779-dos-via-m...

29 lines
938 B
Raw Normal View History

rpcbind: fix warmstart option, CVE-2017-8779 * always build with warmstart options * fix CVE-2017-8779 Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
6 years ago
 
  1. Submitted By: Ken Moffat <ken at linuxfromscratch dot org>
  2. Date: 2017-05-29
  3. Initial Package Version: 0.2.4 (also affects earlier versions)
  4. Upstream Status: Unknown
  5. Origin: Guido Vranken
  6. Description: Fixes CVE-2017-8779 (DOS by remote attackers - memory consumption
  7. without subsequent free).
  8. 

  9. diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c

  10. index 5862c26..e11f61b 100644

  11. --- a/src/rpcb_svc_com.c

  12. +++ b/src/rpcb_svc_com.c

  13. @@ -48,6 +48,7 @@

  14.  #include <rpc/rpc.h>
  15.  #include <rpc/rpcb_prot.h>
  16.  #include <rpc/svc_dg.h>
  17. +#include <rpc/rpc_com.h>

  18.  #include <netconfig.h>
  19.  #include <errno.h>
  20.  #include <syslog.h>
  21. @@ -432,7 +433,7 @@ rpcbproc_taddr2uaddr_com(void *arg, struct svc_req *rqstp /*__unused*/,

  22.  static bool_t
  23.  xdr_encap_parms(XDR *xdrs, struct encap_parms *epp)
  24.  {
  25. -	return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), ~0));

  26. +	return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), RPC_MAXDATASIZE));

  27.  }
  28.  
  29.  /*