rpms/libtirpc/devel libtirpc-0.1.7-taddr2uaddr-segflt.patch, NONE, 1.1 libtirpc.spec, 1.34, 1.35
Steve Dickson
steved at fedoraproject.org
Mon Oct 27 17:17:35 UTC 2008
Author: steved
Update of /cvs/pkgs/rpms/libtirpc/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv26774
Modified Files:
libtirpc.spec
Added Files:
libtirpc-0.1.7-taddr2uaddr-segflt.patch
Log Message:
- Fix bad assumption taddr2uaddr processing that
caused a segfault (bz468014)
libtirpc-0.1.7-taddr2uaddr-segflt.patch:
--- NEW FILE libtirpc-0.1.7-taddr2uaddr-segflt.patch ---
commit 338af7f9f00e096b65a6d823f885c4eeaf1d1f8c
Author: Steve Dickson <steved at redhat.com>
Date: Mon Oct 27 12:46:54 2008 -0400
__rpc_taddr2uaddr_af() assumes the netbuf to always have a
non-zero data. This is a bad assumption and can lead to a
seg-fault. This patch adds a check for zero length and returns
NULL when found.
Signed-off-by: Steve Dickson <steved at redhat.com>
diff --git a/src/rpc_generic.c b/src/rpc_generic.c
index 3aad018..27de254 100644
--- a/src/rpc_generic.c
+++ b/src/rpc_generic.c
@@ -603,6 +603,9 @@ __rpc_taddr2uaddr_af(int af, const struct netbuf *nbuf)
#endif
u_int16_t port;
+ if (nbuf->len <= 0)
+ return NULL;
+
switch (af) {
case AF_INET:
sin = nbuf->buf;
Index: libtirpc.spec
===================================================================
RCS file: /cvs/pkgs/rpms/libtirpc/devel/libtirpc.spec,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -r1.34 -r1.35
--- libtirpc.spec 16 Sep 2008 16:05:33 -0000 1.34
+++ libtirpc.spec 27 Oct 2008 17:17:04 -0000 1.35
@@ -1,6 +1,6 @@
Name: libtirpc
Version: 0.1.9
-Release: 5%{?dist}
+Release: 6%{?dist}
Summary: Transport Independent RPC Library
Group: System Environment/Libraries
License: SISSL
@@ -34,6 +34,7 @@
Patch02: libtirpc-0.1.9-ipv6-socket.patch
Patch03: libtirpc-0.1.9-taddr2addr-typo.patch
Patch04: libtirpc-0.1.9-warnings.patch
+Patch05: libtirpc-0.1.7-taddr2uaddr-segflt.patch
Patch100: libtirpc-0.1.7-compile.patch
@@ -48,6 +49,8 @@
%patch02 -p1
%patch03 -p1
%patch04 -p1
+# 468014: rpcbind DoS in the taddr2uaddr XDR_DECODE
+%patch05 -p1
%patch100 -p1
@@ -146,12 +149,16 @@
%{_mandir}/*/*
%changelog
+* Mon Oct 27 2008 Steve Dickson <steved at redhat.com> 0.1.8-6
+- Fix bad assumption taddr2uaddr processing that
+ caused a segfault (bz468014)
+
* Tue Sep 16 2008 Steve Dickson <steved at redhat.com> 0.1.9-5
- Fix for taddr2addr conversion bug of local addresses
- Fixed some of warnings in: src/auth_time.c, src/clnt_dg.c and
- src/clnt_raw.c
+ src/clnt_raw.c
- Added some #ifdef NOTUSED around some code in src/rpbc_clnt.c
- that was not being used...
+ that was not being used...
* Thu Sep 4 2008 Steve Dickson <steved at redhat.com> 0.1.9-4
- Always make IPv6 sockets V6ONLY
More information about the scm-commits
mailing list