|
@ -1,64 +0,0 @@ |
|
|
From 0bc1c0ae7ce61a7ac8a8e9a9b2086268f011abf0 Mon Sep 17 00:00:00 2001 |
|
|
|
|
|
From: Steve Dickson <steved@redhat.com> |
|
|
|
|
|
Date: Tue, 9 Oct 2018 09:19:50 -0400 |
|
|
|
|
|
Subject: [PATCH] rpcinfo: Fix stack buffer overflow |
|
|
|
|
|
|
|
|
|
|
|
buffer overflow detected: rpcinfo terminated |
|
|
|
|
|
======= Backtrace: =========
|
|
|
|
|
|
/lib64/libc.so.6(+0x721af)[0x7ff24c4451af] |
|
|
|
|
|
/lib64/libc.so.6(__fortify_fail+0x37)[0x7ff24c4ccdc7] |
|
|
|
|
|
/lib64/libc.so.6(+0xf8050)[0x7ff24c4cb050] |
|
|
|
|
|
rpcinfo(+0x435f)[0xef3be2635f] |
|
|
|
|
|
rpcinfo(+0x1c62)[0xef3be23c62] |
|
|
|
|
|
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7ff24c3f36e5] |
|
|
|
|
|
rpcinfo(+0x2739)[0xef3be24739] |
|
|
|
|
|
======= Memory map: ========
|
|
|
|
|
|
... |
|
|
|
|
|
The patch below fixes it. |
|
|
|
|
|
|
|
|
|
|
|
Reviewed-by: Chuck Lever <chuck.lever@oracle.com> |
|
|
|
|
|
Signed-off-by: Thomas Blume <thomas.blume@suse.com> |
|
|
|
|
|
Signed-off-by: Steve Dickson <steved@redhat.com> |
|
|
|
|
|
---
|
|
|
|
|
|
src/rpcinfo.c | 23 +++++++++++++++++------ |
|
|
|
|
|
1 file changed, 17 insertions(+), 6 deletions(-) |
|
|
|
|
|
|
|
|
|
|
|
--- a/src/rpcinfo.c
|
|
|
|
|
|
+++ b/src/rpcinfo.c
|
|
|
|
|
|
@@ -973,6 +973,7 @@ rpcbdump (dumptype, netid, argc, argv)
|
|
|
|
|
|
(" program version(s) netid(s) service owner\n"); |
|
|
|
|
|
for (rs = rs_head; rs; rs = rs->next) |
|
|
|
|
|
{ |
|
|
|
|
|
+ size_t netidmax = sizeof(buf) - 1;
|
|
|
|
|
|
char *p = buf; |
|
|
|
|
|
|
|
|
|
|
|
printf ("%10ld ", rs->prog); |
|
|
|
|
|
@@ -985,12 +986,22 @@ rpcbdump (dumptype, netid, argc, argv)
|
|
|
|
|
|
} |
|
|
|
|
|
printf ("%-10s", buf); |
|
|
|
|
|
buf[0] = '\0'; |
|
|
|
|
|
- for (nl = rs->nlist; nl; nl = nl->next)
|
|
|
|
|
|
- {
|
|
|
|
|
|
- strcat (buf, nl->netid);
|
|
|
|
|
|
- if (nl->next)
|
|
|
|
|
|
- strcat (buf, ",");
|
|
|
|
|
|
- }
|
|
|
|
|
|
+
|
|
|
|
|
|
+ for (nl = rs->nlist; nl; nl = nl->next)
|
|
|
|
|
|
+ {
|
|
|
|
|
|
+ strncat (buf, nl->netid, netidmax);
|
|
|
|
|
|
+ if (strlen (nl->netid) < netidmax)
|
|
|
|
|
|
+ netidmax -= strlen(nl->netid);
|
|
|
|
|
|
+ else
|
|
|
|
|
|
+ break;
|
|
|
|
|
|
+
|
|
|
|
|
|
+ if (nl->next && netidmax > 1)
|
|
|
|
|
|
+ {
|
|
|
|
|
|
+ strncat (buf, ",", netidmax);
|
|
|
|
|
|
+ netidmax --;
|
|
|
|
|
|
+ }
|
|
|
|
|
|
+ }
|
|
|
|
|
|
+
|
|
|
|
|
|
printf ("%-32s", buf); |
|
|
|
|
|
rpc = getrpcbynumber (rs->prog); |
|
|
|
|
|
if (rpc) |
|
|
|