Protect from buffer overflow in the GSS code. (bz 362121)
This commit is contained in:
parent
dff27d92cb
commit
2b23012f5d
|
@ -0,0 +1,35 @@
|
|||
commit 3cf1a3ce1a409e647f9b8ca4497c26e6d066f293
|
||||
Author: Steve Dickson <steved@redhat.com>
|
||||
Date: Thu Jan 24 15:01:22 2008 -0500
|
||||
|
||||
Protect from buffer overflow in the GSS code.
|
||||
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
|
||||
diff -up libtirpc-0.1.7/src/svc_auth_gss.c.orig libtirpc-0.1.7/src/svc_auth_gss.c
|
||||
--- libtirpc-0.1.7/src/svc_auth_gss.c.orig 2008-01-24 14:41:21.000000000 -0500
|
||||
+++ libtirpc-0.1.7/src/svc_auth_gss.c 2008-01-24 14:59:31.000000000 -0500
|
||||
@@ -294,6 +294,15 @@ svcauth_gss_validate(struct svc_rpc_gss_
|
||||
memset(rpchdr, 0, sizeof(rpchdr));
|
||||
|
||||
/* XXX - Reconstruct RPC header for signing (from xdr_callmsg). */
|
||||
+ oa = &msg->rm_call.cb_cred;
|
||||
+ if (oa->oa_length > MAX_AUTH_BYTES)
|
||||
+ return (FALSE);
|
||||
+
|
||||
+ /* 8 XDR units from the IXDR macro calls. */
|
||||
+ if (sizeof(rpchdr) < (8 * BYTES_PER_XDR_UNIT +
|
||||
+ RNDUP(oa->oa_length)))
|
||||
+ return (FALSE);
|
||||
+
|
||||
buf = (int32_t *)rpchdr;
|
||||
IXDR_PUT_LONG(buf, msg->rm_xid);
|
||||
IXDR_PUT_ENUM(buf, msg->rm_direction);
|
||||
@@ -301,7 +310,6 @@ svcauth_gss_validate(struct svc_rpc_gss_
|
||||
IXDR_PUT_LONG(buf, msg->rm_call.cb_prog);
|
||||
IXDR_PUT_LONG(buf, msg->rm_call.cb_vers);
|
||||
IXDR_PUT_LONG(buf, msg->rm_call.cb_proc);
|
||||
- oa = &msg->rm_call.cb_cred;
|
||||
IXDR_PUT_ENUM(buf, oa->oa_flavor);
|
||||
IXDR_PUT_LONG(buf, oa->oa_length);
|
||||
if (oa->oa_length) {
|
|
@ -1,6 +1,6 @@
|
|||
Name: libtirpc
|
||||
Version: 0.1.7
|
||||
Release: 14%{?dist}
|
||||
Release: 15%{?dist}
|
||||
Summary: Transport Independent RPC Library
|
||||
Group: System Environment/Libraries
|
||||
License: GPL
|
||||
|
@ -44,6 +44,7 @@ Patch11: libtirpc-0.1.7-bindresvport-ntohs.patch
|
|||
Patch12: libtirpc-0.1.7-dgcall-iprecverr.patch
|
||||
Patch13: libtirpc-0.1.7-svc-rtaddr.patch
|
||||
Patch14: libtirpc-0.1.7-arm.patch
|
||||
Patch15: libtirpc-0.1.7-bufoverflow.patch
|
||||
|
||||
Patch100: libtirpc-0.1.7-compile.patch
|
||||
|
||||
|
@ -68,6 +69,7 @@ developing programs which use the tirpc library.
|
|||
%patch12 -p1
|
||||
%patch13 -p1
|
||||
%patch14 -p1
|
||||
%patch15 -p1
|
||||
|
||||
%patch100 -p1
|
||||
|
||||
|
@ -147,6 +149,9 @@ rm -rf %{buildroot}
|
|||
%{_includedir}/tirpc/un-namespace.h
|
||||
|
||||
%changelog
|
||||
* Thu Jan 24 2008 Steve Dickson <steved@redhat.com> 0.1.7-15
|
||||
- Protect from buffer overflow in the GSS code. (bz 362121)
|
||||
|
||||
* Mon Dec 17 2007 Steve Dickson <steved@redhat.com> 0.1.7-14
|
||||
- Fixed typo in /etc/netconfig file (bz 414471)
|
||||
|
||||
|
|
Loading…
Reference in New Issue