rpms/libtirpc/devel libtirpc-0.1.7-taddr2uaddr-segflt.patch, NONE, 1.1 libtirpc.spec, 1.34, 1.35

Steve Dickson steved at fedoraproject.org
Mon Oct 27 17:17:35 UTC 2008 

Author: steved

Update of /cvs/pkgs/rpms/libtirpc/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv26774

Modified Files:
	libtirpc.spec 
Added Files:
	libtirpc-0.1.7-taddr2uaddr-segflt.patch 
Log Message:
- Fix bad assumption taddr2uaddr processing that 
  caused a segfault (bz468014)


libtirpc-0.1.7-taddr2uaddr-segflt.patch:

--- NEW FILE libtirpc-0.1.7-taddr2uaddr-segflt.patch ---
commit 338af7f9f00e096b65a6d823f885c4eeaf1d1f8c
Author: Steve Dickson <steved at redhat.com>
Date:   Mon Oct 27 12:46:54 2008 -0400

    __rpc_taddr2uaddr_af() assumes the netbuf to always have a
    non-zero data. This is a bad assumption and can lead to a
    seg-fault. This patch adds a check for zero length and returns
    NULL when found.
    
    Signed-off-by: Steve Dickson <steved at redhat.com>

diff --git a/src/rpc_generic.c b/src/rpc_generic.c
index 3aad018..27de254 100644
--- a/src/rpc_generic.c
+++ b/src/rpc_generic.c
@@ -603,6 +603,9 @@ __rpc_taddr2uaddr_af(int af, const struct netbuf *nbuf)
 #endif
 	u_int16_t port;
 
+	if (nbuf->len <= 0)
+		return NULL;
+
 	switch (af) {
 	case AF_INET:
 		sin = nbuf->buf;


Index: libtirpc.spec
===================================================================
RCS file: /cvs/pkgs/rpms/libtirpc/devel/libtirpc.spec,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -r1.34 -r1.35
--- libtirpc.spec	16 Sep 2008 16:05:33 -0000	1.34
+++ libtirpc.spec	27 Oct 2008 17:17:04 -0000	1.35
@@ -1,6 +1,6 @@
 Name:		   libtirpc
 Version:		0.1.9
-Release:		5%{?dist}
+Release:		6%{?dist}
 Summary:		Transport Independent RPC Library
 Group:		  	System Environment/Libraries
 License:		SISSL
@@ -34,6 +34,7 @@
 Patch02:  libtirpc-0.1.9-ipv6-socket.patch
 Patch03:  libtirpc-0.1.9-taddr2addr-typo.patch
 Patch04:  libtirpc-0.1.9-warnings.patch
+Patch05:  libtirpc-0.1.7-taddr2uaddr-segflt.patch
 
 Patch100: libtirpc-0.1.7-compile.patch
 
@@ -48,6 +49,8 @@
 %patch02	-p1
 %patch03	-p1
 %patch04	-p1
+# 468014: rpcbind DoS in the taddr2uaddr XDR_DECODE
+%patch05	-p1
 
 %patch100	-p1
 
@@ -146,12 +149,16 @@
 %{_mandir}/*/*
 
 %changelog
+* Mon Oct 27 2008 Steve Dickson  <steved at redhat.com> 0.1.8-6
+- Fix bad assumption taddr2uaddr processing that 
+  caused a segfault (bz468014)
+
 * Tue Sep 16 2008 Steve Dickson <steved at redhat.com> 0.1.9-5
 - Fix for taddr2addr conversion bug of local addresses
 - Fixed some of warnings in: src/auth_time.c, src/clnt_dg.c and
-	src/clnt_raw.c
+  src/clnt_raw.c
 - Added some #ifdef NOTUSED around some code in src/rpbc_clnt.c
-	that was not being used...
+  that was not being used...
 
 * Thu Sep  4 2008 Steve Dickson <steved at redhat.com> 0.1.9-4
 - Always make IPv6 sockets V6ONLY

More information about the scm-commits mailing list