ykohut/rpcbind
1
0
Fork 0
forked from rpms/rpcbind
Code Pull Requests Activity

Fixed stack buffer overflow in rpcinfo (bz 1637562)

Browse Source 
Signed-off-by: Steve Dickson <steved@redhat.com>
This commit is contained in:
Steve Dickson 2018-10-09 10:07:32 -04:00
parent ce8c000bb1
commit aa31180791
2 changed files with 72 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
rpcbind-1.2.5-rpcinfo-bufoverflow.patch Normal file
View File

@ -0,0 +1,64 @@
commit 0bc1c0ae7ce61a7ac8a8e9a9b2086268f011abf0
Author: Steve Dickson <steved@redhat.com>
Date: Tue Oct 9 09:19:50 2018 -0400
rpcinfo: Fix stack buffer overflow
*** buffer overflow detected ***: rpcinfo terminated
======= Backtrace: =========
/lib64/libc.so.6(+0x721af)[0x7ff24c4451af]
/lib64/libc.so.6(__fortify_fail+0x37)[0x7ff24c4ccdc7]
/lib64/libc.so.6(+0xf8050)[0x7ff24c4cb050]
rpcinfo(+0x435f)[0xef3be2635f]
rpcinfo(+0x1c62)[0xef3be23c62]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7ff24c3f36e5]
rpcinfo(+0x2739)[0xef3be24739]
======= Memory map: ========
...
The patch below fixes it.
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Thomas Blume <thomas.blume@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/src/rpcinfo.c b/src/rpcinfo.c
index 9b46864..cfdba88 100644
--- a/src/rpcinfo.c
+++ b/src/rpcinfo.c
@@ -973,6 +973,7 @@ rpcbdump (dumptype, netid, argc, argv)
(" program version(s) netid(s) service owner\n");
for (rs = rs_head; rs; rs = rs->next)
{
+ size_t netidmax = sizeof(buf) - 1;
char *p = buf;
printf ("%10ld ", rs->prog);
@@ -985,12 +986,22 @@ rpcbdump (dumptype, netid, argc, argv)
}
printf ("%-10s", buf);
buf[0] = '\0';
- for (nl = rs->nlist; nl; nl = nl->next)
- {
- strcat (buf, nl->netid);
- if (nl->next)
- strcat (buf, ",");
- }
+
+ for (nl = rs->nlist; nl; nl = nl->next)
+ {
+ strncat (buf, nl->netid, netidmax);
+ if (strlen (nl->netid) < netidmax)
+ netidmax -= strlen(nl->netid);
+ else
+ break;
+
+ if (nl->next && netidmax > 1)
+ {
+ strncat (buf, ",", netidmax);
+ netidmax --;
+ }
+ }
+
printf ("%-32s", buf);
rpc = getrpcbynumber (rs->prog);
if (rpc)

9
rpcbind.spec
View File

@ -4,7 +4,7 @@
Name: rpcbind Name: rpcbind
Version: 1.2.5 Version: 1.2.5
Release: 0%{?dist} Release: 1%{?dist}
Summary: Universal Addresses to RPC Program Number Mapper Summary: Universal Addresses to RPC Program Number Mapper
Group: System Environment/Daemons Group: System Environment/Daemons
License: BSD License: BSD
@ -22,6 +22,8 @@ Requires(post): chkconfig systemd
Requires(preun): systemd Requires(preun): systemd
Requires(postun): systemd coreutils Requires(postun): systemd coreutils
Patch001: rpcbind-1.2.5-rpcinfo-bufoverflow.patch
Patch100: rpcbind-0.2.3-systemd-envfile.patch Patch100: rpcbind-0.2.3-systemd-envfile.patch
Patch101: rpcbind-0.2.3-systemd-tmpfiles.patch Patch101: rpcbind-0.2.3-systemd-tmpfiles.patch
Patch102: rpcbind-0.2.4-runstatdir.patch Patch102: rpcbind-0.2.4-runstatdir.patch
@ -38,6 +40,8 @@ RPC calls on a server on that machine.
%prep %prep
%setup -q %setup -q
# 1637562 - rpcinfo: Fix stack buffer overflow
%patch001 -p1
%patch100 -p1 %patch100 -p1
%patch101 -p1 %patch101 -p1
@ -124,6 +128,9 @@ fi
%attr(0700, %{rpcbind_user_group}, %{rpcbind_user_group}) %dir %{rpcbind_state_dir} %attr(0700, %{rpcbind_user_group}, %{rpcbind_user_group}) %dir %{rpcbind_state_dir}
%changelog %changelog
* Tue Oct 9 2018 Steve Dickson <steved@redhat.com> - 1.2.5-1
- Fixed stack buffer overflow in rpcinfo (bz 1637562)
* Wed Aug 15 2018 Steve Dickson <steved@redhat.com> - 1.2.5-0 * Wed Aug 15 2018 Steve Dickson <steved@redhat.com> - 1.2.5-0
- Updated to latest upstream release: 1_2_5 - Updated to latest upstream release: 1_2_5