LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
Browse Source

rpcbind: fix warmstart option, CVE-2017-8779 

* always build with warmstart options
* fix CVE-2017-8779

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
lilik-openwrt-22.03
Andy Walsh 6 years ago
parent
4f1e48001f
commit
9dafa4324c
2 changed files with 33 additions and 13 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +4
    -13
      net/rpcbind/Makefile
  2. +29
    -0
      net/rpcbind/patches/001-CVE-2017-8779-dos-via-memory-consumption.patch

+ 4
- 13
net/rpcbind/Makefile View File

@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=rpcbind PKG_NAME:=rpcbind
PKG_VERSION:=1.2.5 PKG_VERSION:=1.2.5
PKG_RELEASE:=1
PKG_RELEASE:=2
PKG_SOURCE_URL:=@SF/rpcbind PKG_SOURCE_URL:=@SF/rpcbind
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
@ -16,8 +16,7 @@ PKG_REMOVE_FILES:=autogen.sh aclocal.m4
PKG_INSTALL:=1 PKG_INSTALL:=1
PKG_CONFIG_DEPENDS:= \ PKG_CONFIG_DEPENDS:= \
CONFIG_RPCBIND_LIBWRAP \
CONFIG_RPCBIND_WARMSTARTS
CONFIG_RPCBIND_LIBWRAP
include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/package.mk
@ -43,27 +42,19 @@ if PACKAGE_rpcbind
config RPCBIND_LIBWRAP config RPCBIND_LIBWRAP
bool "Enable libwrap (TCP wrappers) support." bool "Enable libwrap (TCP wrappers) support."
default y default y
config RPCBIND_WARMSTARTS
bool "Enable warmstarts support"
default y
help
The warmstart feature saves RPC registrations on termination.
endif endif
endef endef
CONFIGURE_ARGS += \ CONFIGURE_ARGS += \
--with-rpcuser=rpc \ --with-rpcuser=rpc \
--without-systemdsystemunitdir
--without-systemdsystemunitdir \
--enable-warmstarts
ifeq ($(CONFIG_RPCBIND_LIBWRAP),y) ifeq ($(CONFIG_RPCBIND_LIBWRAP),y)
CONFIGURE_ARGS += --enable-libwrap CONFIGURE_ARGS += --enable-libwrap
else else
CONFIGURE_ARGS += --disable-libwrap CONFIGURE_ARGS += --disable-libwrap
endif endif
ifeq ($(CONFIG_RPCBIND_WARMSTARTS),y)
CONFIGURE_ARGS += --enable-warmstarts
endif
define Package/rpcbind/install define Package/rpcbind/install
$(INSTALL_DIR) $(1)/usr/bin $(INSTALL_DIR) $(1)/usr/bin


+ 29
- 0
net/rpcbind/patches/001-CVE-2017-8779-dos-via-memory-consumption.patch View File

@ -0,0 +1,29 @@
Submitted By: Ken Moffat <ken at linuxfromscratch dot org>
Date: 2017-05-29
Initial Package Version: 0.2.4 (also affects earlier versions)
Upstream Status: Unknown
Origin: Guido Vranken
Description: Fixes CVE-2017-8779 (DOS by remote attackers - memory consumption
without subsequent free).
diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c
index 5862c26..e11f61b 100644
--- a/src/rpcb_svc_com.c
+++ b/src/rpcb_svc_com.c
@@ -48,6 +48,7 @@
#include <rpc/rpc.h>
#include <rpc/rpcb_prot.h>
#include <rpc/svc_dg.h>
+#include <rpc/rpc_com.h>
#include <netconfig.h>
#include <errno.h>
#include <syslog.h>
@@ -432,7 +433,7 @@ rpcbproc_taddr2uaddr_com(void *arg, struct svc_req *rqstp /*__unused*/,
static bool_t
xdr_encap_parms(XDR *xdrs, struct encap_parms *epp)
{
- return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), ~0));
+ return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), RPC_MAXDATASIZE));
}
/*

Write Preview
Loading…
Cancel
Save