From 9dafa4324c0f2fdbb3d48136cb9617cc2c0d9f44 Mon Sep 17 00:00:00 2001
From: Andy Walsh <andy.walsh44+github@gmail.com>
Date: Wed, 27 Mar 2019 13:18:26 +0100
Subject: [PATCH] rpcbind: fix warmstart option, CVE-2017-8779

* always build with warmstart options
* fix CVE-2017-8779

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
---
 net/rpcbind/Makefile                          | 17 +++--------
 ...2017-8779-dos-via-memory-consumption.patch | 29 +++++++++++++++++++
 2 files changed, 33 insertions(+), 13 deletions(-)
 create mode 100644 net/rpcbind/patches/001-CVE-2017-8779-dos-via-memory-consumption.patch

diff --git a/net/rpcbind/Makefile b/net/rpcbind/Makefile
index 434f7a974..24d31d20c 100644
--- a/net/rpcbind/Makefile
+++ b/net/rpcbind/Makefile
@@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=rpcbind
 PKG_VERSION:=1.2.5
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE_URL:=@SF/rpcbind
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
@@ -16,8 +16,7 @@ PKG_REMOVE_FILES:=autogen.sh aclocal.m4
 PKG_INSTALL:=1
 
 PKG_CONFIG_DEPENDS:= \
-	CONFIG_RPCBIND_LIBWRAP \
-	CONFIG_RPCBIND_WARMSTARTS
+	CONFIG_RPCBIND_LIBWRAP
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -43,27 +42,19 @@ if PACKAGE_rpcbind
 	config RPCBIND_LIBWRAP
 		bool "Enable libwrap (TCP wrappers) support."
 		default y
-
-	config RPCBIND_WARMSTARTS
-		bool "Enable warmstarts support"
-		default y
-		help
-		  The warmstart feature saves RPC registrations on termination.
 endif
 endef
 
 CONFIGURE_ARGS += \
 	--with-rpcuser=rpc \
-	--without-systemdsystemunitdir
+	--without-systemdsystemunitdir \
+	--enable-warmstarts
 
 ifeq ($(CONFIG_RPCBIND_LIBWRAP),y)
 	CONFIGURE_ARGS += --enable-libwrap
 else
 	CONFIGURE_ARGS += --disable-libwrap
 endif
-ifeq ($(CONFIG_RPCBIND_WARMSTARTS),y)
-	CONFIGURE_ARGS += --enable-warmstarts
-endif
 
 define Package/rpcbind/install
 	$(INSTALL_DIR) $(1)/usr/bin
diff --git a/net/rpcbind/patches/001-CVE-2017-8779-dos-via-memory-consumption.patch b/net/rpcbind/patches/001-CVE-2017-8779-dos-via-memory-consumption.patch
new file mode 100644
index 000000000..d8137d3c9
--- /dev/null
+++ b/net/rpcbind/patches/001-CVE-2017-8779-dos-via-memory-consumption.patch
@@ -0,0 +1,29 @@
+Submitted By: Ken Moffat <ken at linuxfromscratch dot org>
+Date: 2017-05-29
+Initial Package Version: 0.2.4 (also affects earlier versions)
+Upstream Status: Unknown
+Origin: Guido Vranken
+Description: Fixes CVE-2017-8779 (DOS by remote attackers - memory consumption
+without subsequent free).
+
+diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c
+index 5862c26..e11f61b 100644
+--- a/src/rpcb_svc_com.c
++++ b/src/rpcb_svc_com.c
+@@ -48,6 +48,7 @@
+ #include <rpc/rpc.h>
+ #include <rpc/rpcb_prot.h>
+ #include <rpc/svc_dg.h>
++#include <rpc/rpc_com.h>
+ #include <netconfig.h>
+ #include <errno.h>
+ #include <syslog.h>
+@@ -432,7 +433,7 @@ rpcbproc_taddr2uaddr_com(void *arg, struct svc_req *rqstp /*__unused*/,
+ static bool_t
+ xdr_encap_parms(XDR *xdrs, struct encap_parms *epp)
+ {
+-	return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), ~0));
++	return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), RPC_MAXDATASIZE));
+ }
+ 
+ /*