From 9dafa4324c0f2fdbb3d48136cb9617cc2c0d9f44 Mon Sep 17 00:00:00 2001 From: Andy Walsh Date: Wed, 27 Mar 2019 13:18:26 +0100 Subject: [PATCH] rpcbind: fix warmstart option, CVE-2017-8779 * always build with warmstart options * fix CVE-2017-8779 Signed-off-by: Andy Walsh --- net/rpcbind/Makefile | 17 +++-------- ...2017-8779-dos-via-memory-consumption.patch | 29 +++++++++++++++++++ 2 files changed, 33 insertions(+), 13 deletions(-) create mode 100644 net/rpcbind/patches/001-CVE-2017-8779-dos-via-memory-consumption.patch diff --git a/net/rpcbind/Makefile b/net/rpcbind/Makefile index 434f7a974..24d31d20c 100644 --- a/net/rpcbind/Makefile +++ b/net/rpcbind/Makefile @@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=rpcbind PKG_VERSION:=1.2.5 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE_URL:=@SF/rpcbind PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 @@ -16,8 +16,7 @@ PKG_REMOVE_FILES:=autogen.sh aclocal.m4 PKG_INSTALL:=1 PKG_CONFIG_DEPENDS:= \ - CONFIG_RPCBIND_LIBWRAP \ - CONFIG_RPCBIND_WARMSTARTS + CONFIG_RPCBIND_LIBWRAP include $(INCLUDE_DIR)/package.mk @@ -43,27 +42,19 @@ if PACKAGE_rpcbind config RPCBIND_LIBWRAP bool "Enable libwrap (TCP wrappers) support." default y - - config RPCBIND_WARMSTARTS - bool "Enable warmstarts support" - default y - help - The warmstart feature saves RPC registrations on termination. endif endef CONFIGURE_ARGS += \ --with-rpcuser=rpc \ - --without-systemdsystemunitdir + --without-systemdsystemunitdir \ + --enable-warmstarts ifeq ($(CONFIG_RPCBIND_LIBWRAP),y) CONFIGURE_ARGS += --enable-libwrap else CONFIGURE_ARGS += --disable-libwrap endif -ifeq ($(CONFIG_RPCBIND_WARMSTARTS),y) - CONFIGURE_ARGS += --enable-warmstarts -endif define Package/rpcbind/install $(INSTALL_DIR) $(1)/usr/bin diff --git a/net/rpcbind/patches/001-CVE-2017-8779-dos-via-memory-consumption.patch b/net/rpcbind/patches/001-CVE-2017-8779-dos-via-memory-consumption.patch new file mode 100644 index 000000000..d8137d3c9 --- /dev/null +++ b/net/rpcbind/patches/001-CVE-2017-8779-dos-via-memory-consumption.patch @@ -0,0 +1,29 @@ +Submitted By: Ken Moffat +Date: 2017-05-29 +Initial Package Version: 0.2.4 (also affects earlier versions) +Upstream Status: Unknown +Origin: Guido Vranken +Description: Fixes CVE-2017-8779 (DOS by remote attackers - memory consumption +without subsequent free). + +diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c +index 5862c26..e11f61b 100644 +--- a/src/rpcb_svc_com.c ++++ b/src/rpcb_svc_com.c +@@ -48,6 +48,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -432,7 +433,7 @@ rpcbproc_taddr2uaddr_com(void *arg, struct svc_req *rqstp /*__unused*/, + static bool_t + xdr_encap_parms(XDR *xdrs, struct encap_parms *epp) + { +- return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), ~0)); ++ return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), RPC_MAXDATASIZE)); + } + + /*