rpms
/
libtirpc
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Protect from buffer overflow in the GSS code. (bz 362121)

This commit is contained in:
Steve Dickson 2008-01-24 20:11:52 +00:00
parent dff27d92cb
commit 2b23012f5d
2 changed files with 41 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
libtirpc-0.1.7-bufoverflow.patch Normal file
View File

@ -0,0 +1,35 @@
commit 3cf1a3ce1a409e647f9b8ca4497c26e6d066f293
Author: Steve Dickson <steved@redhat.com>
Date: Thu Jan 24 15:01:22 2008 -0500
Protect from buffer overflow in the GSS code.
Signed-off-by: Steve Dickson <steved@redhat.com>
diff -up libtirpc-0.1.7/src/svc_auth_gss.c.orig libtirpc-0.1.7/src/svc_auth_gss.c
--- libtirpc-0.1.7/src/svc_auth_gss.c.orig 2008-01-24 14:41:21.000000000 -0500
+++ libtirpc-0.1.7/src/svc_auth_gss.c 2008-01-24 14:59:31.000000000 -0500
@@ -294,6 +294,15 @@ svcauth_gss_validate(struct svc_rpc_gss_
memset(rpchdr, 0, sizeof(rpchdr));
/* XXX - Reconstruct RPC header for signing (from xdr_callmsg). */
+ oa = &msg->rm_call.cb_cred;
+ if (oa->oa_length > MAX_AUTH_BYTES)
+ return (FALSE);
+
+ /* 8 XDR units from the IXDR macro calls. */
+ if (sizeof(rpchdr) < (8 * BYTES_PER_XDR_UNIT +
+ RNDUP(oa->oa_length)))
+ return (FALSE);
+
buf = (int32_t *)rpchdr;
IXDR_PUT_LONG(buf, msg->rm_xid);
IXDR_PUT_ENUM(buf, msg->rm_direction);
@@ -301,7 +310,6 @@ svcauth_gss_validate(struct svc_rpc_gss_
IXDR_PUT_LONG(buf, msg->rm_call.cb_prog);
IXDR_PUT_LONG(buf, msg->rm_call.cb_vers);
IXDR_PUT_LONG(buf, msg->rm_call.cb_proc);
- oa = &msg->rm_call.cb_cred;
IXDR_PUT_ENUM(buf, oa->oa_flavor);
IXDR_PUT_LONG(buf, oa->oa_length);
if (oa->oa_length) {

7
libtirpc.spec
View File

@ -1,6 +1,6 @@
Name: libtirpc
Version: 0.1.7
Release: 14%{?dist}
Release: 15%{?dist}
Summary: Transport Independent RPC Library
Group: System Environment/Libraries
License: GPL
@ -44,6 +44,7 @@ Patch11: libtirpc-0.1.7-bindresvport-ntohs.patch
Patch12: libtirpc-0.1.7-dgcall-iprecverr.patch
Patch13: libtirpc-0.1.7-svc-rtaddr.patch
Patch14: libtirpc-0.1.7-arm.patch
Patch15: libtirpc-0.1.7-bufoverflow.patch
Patch100: libtirpc-0.1.7-compile.patch
@ -68,6 +69,7 @@ developing programs which use the tirpc library.
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch100 -p1
@ -147,6 +149,9 @@ rm -rf %{buildroot}
%{_includedir}/tirpc/un-namespace.h
%changelog
* Thu Jan 24 2008 Steve Dickson <steved@redhat.com> 0.1.7-15
- Protect from buffer overflow in the GSS code. (bz 362121)
* Mon Dec 17 2007 Steve Dickson <steved@redhat.com> 0.1.7-14
- Fixed typo in /etc/netconfig file (bz 414471)