- Fix bad assumption taddr2uaddr processing that caused a segfault
(bz468014)
This commit is contained in:
parent
417f73f30b
commit
0815621598
25
libtirpc-0.1.7-taddr2uaddr-segflt.patch
Normal file
25
libtirpc-0.1.7-taddr2uaddr-segflt.patch
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
commit 338af7f9f00e096b65a6d823f885c4eeaf1d1f8c
|
||||||
|
Author: Steve Dickson <steved@redhat.com>
|
||||||
|
Date: Mon Oct 27 12:46:54 2008 -0400
|
||||||
|
|
||||||
|
__rpc_taddr2uaddr_af() assumes the netbuf to always have a
|
||||||
|
non-zero data. This is a bad assumption and can lead to a
|
||||||
|
seg-fault. This patch adds a check for zero length and returns
|
||||||
|
NULL when found.
|
||||||
|
|
||||||
|
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||||
|
|
||||||
|
diff --git a/src/rpc_generic.c b/src/rpc_generic.c
|
||||||
|
index 3aad018..27de254 100644
|
||||||
|
--- a/src/rpc_generic.c
|
||||||
|
+++ b/src/rpc_generic.c
|
||||||
|
@@ -603,6 +603,9 @@ __rpc_taddr2uaddr_af(int af, const struct netbuf *nbuf)
|
||||||
|
#endif
|
||||||
|
u_int16_t port;
|
||||||
|
|
||||||
|
+ if (nbuf->len <= 0)
|
||||||
|
+ return NULL;
|
||||||
|
+
|
||||||
|
switch (af) {
|
||||||
|
case AF_INET:
|
||||||
|
sin = nbuf->buf;
|
@ -1,6 +1,6 @@
|
|||||||
Name: libtirpc
|
Name: libtirpc
|
||||||
Version: 0.1.9
|
Version: 0.1.9
|
||||||
Release: 5%{?dist}
|
Release: 6%{?dist}
|
||||||
Summary: Transport Independent RPC Library
|
Summary: Transport Independent RPC Library
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
License: SISSL
|
License: SISSL
|
||||||
@ -34,6 +34,7 @@ Patch01: libtirpc-0.1.9-rpc_getbroadifs-sizeof.patch
|
|||||||
Patch02: libtirpc-0.1.9-ipv6-socket.patch
|
Patch02: libtirpc-0.1.9-ipv6-socket.patch
|
||||||
Patch03: libtirpc-0.1.9-taddr2addr-typo.patch
|
Patch03: libtirpc-0.1.9-taddr2addr-typo.patch
|
||||||
Patch04: libtirpc-0.1.9-warnings.patch
|
Patch04: libtirpc-0.1.9-warnings.patch
|
||||||
|
Patch05: libtirpc-0.1.7-taddr2uaddr-segflt.patch
|
||||||
|
|
||||||
Patch100: libtirpc-0.1.7-compile.patch
|
Patch100: libtirpc-0.1.7-compile.patch
|
||||||
|
|
||||||
@ -48,6 +49,8 @@ developing programs which use the tirpc library.
|
|||||||
%patch02 -p1
|
%patch02 -p1
|
||||||
%patch03 -p1
|
%patch03 -p1
|
||||||
%patch04 -p1
|
%patch04 -p1
|
||||||
|
# 468014: rpcbind DoS in the taddr2uaddr XDR_DECODE
|
||||||
|
%patch05 -p1
|
||||||
|
|
||||||
%patch100 -p1
|
%patch100 -p1
|
||||||
|
|
||||||
@ -146,12 +149,16 @@ rm -rf %{buildroot}
|
|||||||
%{_mandir}/*/*
|
%{_mandir}/*/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Oct 27 2008 Steve Dickson <steved@redhat.com> 0.1.8-6
|
||||||
|
- Fix bad assumption taddr2uaddr processing that
|
||||||
|
caused a segfault (bz468014)
|
||||||
|
|
||||||
* Tue Sep 16 2008 Steve Dickson <steved@redhat.com> 0.1.9-5
|
* Tue Sep 16 2008 Steve Dickson <steved@redhat.com> 0.1.9-5
|
||||||
- Fix for taddr2addr conversion bug of local addresses
|
- Fix for taddr2addr conversion bug of local addresses
|
||||||
- Fixed some of warnings in: src/auth_time.c, src/clnt_dg.c and
|
- Fixed some of warnings in: src/auth_time.c, src/clnt_dg.c and
|
||||||
src/clnt_raw.c
|
src/clnt_raw.c
|
||||||
- Added some #ifdef NOTUSED around some code in src/rpbc_clnt.c
|
- Added some #ifdef NOTUSED around some code in src/rpbc_clnt.c
|
||||||
that was not being used...
|
that was not being used...
|
||||||
|
|
||||||
* Thu Sep 4 2008 Steve Dickson <steved@redhat.com> 0.1.9-4
|
* Thu Sep 4 2008 Steve Dickson <steved@redhat.com> 0.1.9-4
|
||||||
- Always make IPv6 sockets V6ONLY
|
- Always make IPv6 sockets V6ONLY
|
||||||
|
Loading…
Reference in New Issue
Block a user