summaryrefslogtreecommitdiff
path: root/source/n/rpcbind/0001-rpcinfo-Fix-stack-buffer-overflow.patch
diff options
context:
space:
mode:
authorPatrick J Volkerding <volkerdi@slackware.com>2019-09-17 21:01:20 +0000
committerEric Hameleers <alien@slackware.com>2019-09-18 08:59:50 +0200
commitba153cf4c6b9f6375a86058735337776cc361669 (patch)
tree5437be9116827d1401a4f5bf30487bb20cfcf575 /source/n/rpcbind/0001-rpcinfo-Fix-stack-buffer-overflow.patch
parent6d3daa25f6bab4720130798050ca40c9d31cd7b1 (diff)
downloadcurrent-ba153cf4c6b9f6375a86058735337776cc361669.tar.gz
Tue Sep 17 21:01:20 UTC 201920190917210120
a/eudev-3.2.8-x86_64-2.txz: Rebuilt. Blacklisted mlx_wdt in watchdog.conf. Thanks to Robby Workman. l/libical-3.0.6-x86_64-1.txz: Upgraded. n/rpcbind-1.2.5-x86_64-2.txz: Rebuilt. Added patch from git master to fix a segfault. Fixed application of the next patch. Thanks to Robby Workman. x/freeglut-3.2.0-x86_64-1.txz: Upgraded. x/mesa-19.1.7-x86_64-1.txz: Upgraded.
Diffstat (limited to 'source/n/rpcbind/0001-rpcinfo-Fix-stack-buffer-overflow.patch')
-rw-r--r--source/n/rpcbind/0001-rpcinfo-Fix-stack-buffer-overflow.patch69
1 files changed, 69 insertions, 0 deletions
diff --git a/source/n/rpcbind/0001-rpcinfo-Fix-stack-buffer-overflow.patch b/source/n/rpcbind/0001-rpcinfo-Fix-stack-buffer-overflow.patch
new file mode 100644
index 00000000..14fd88c8
--- /dev/null
+++ b/source/n/rpcbind/0001-rpcinfo-Fix-stack-buffer-overflow.patch
@@ -0,0 +1,69 @@
+From 0bc1c0ae7ce61a7ac8a8e9a9b2086268f011abf0 Mon Sep 17 00:00:00 2001
+From: Steve Dickson <steved@redhat.com>
+Date: Tue, 9 Oct 2018 09:19:50 -0400
+Subject: [PATCH] rpcinfo: Fix stack buffer overflow
+
+*** buffer overflow detected ***: rpcinfo terminated
+======= Backtrace: =========
+/lib64/libc.so.6(+0x721af)[0x7ff24c4451af]
+/lib64/libc.so.6(__fortify_fail+0x37)[0x7ff24c4ccdc7]
+/lib64/libc.so.6(+0xf8050)[0x7ff24c4cb050]
+rpcinfo(+0x435f)[0xef3be2635f]
+rpcinfo(+0x1c62)[0xef3be23c62]
+/lib64/libc.so.6(__libc_start_main+0xf5)[0x7ff24c3f36e5]
+rpcinfo(+0x2739)[0xef3be24739]
+======= Memory map: ========
+...
+The patch below fixes it.
+
+Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
+Signed-off-by: Thomas Blume <thomas.blume@suse.com>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ src/rpcinfo.c | 23 +++++++++++++++++------
+ 1 file changed, 17 insertions(+), 6 deletions(-)
+
+diff --git a/src/rpcinfo.c b/src/rpcinfo.c
+index 9b46864..cfdba88 100644
+--- a/src/rpcinfo.c
++++ b/src/rpcinfo.c
+@@ -973,6 +973,7 @@ rpcbdump (dumptype, netid, argc, argv)
+ (" program version(s) netid(s) service owner\n");
+ for (rs = rs_head; rs; rs = rs->next)
+ {
++ size_t netidmax = sizeof(buf) - 1;
+ char *p = buf;
+
+ printf ("%10ld ", rs->prog);
+@@ -985,12 +986,22 @@ rpcbdump (dumptype, netid, argc, argv)
+ }
+ printf ("%-10s", buf);
+ buf[0] = '\0';
+- for (nl = rs->nlist; nl; nl = nl->next)
+- {
+- strcat (buf, nl->netid);
+- if (nl->next)
+- strcat (buf, ",");
+- }
++
++ for (nl = rs->nlist; nl; nl = nl->next)
++ {
++ strncat (buf, nl->netid, netidmax);
++ if (strlen (nl->netid) < netidmax)
++ netidmax -= strlen(nl->netid);
++ else
++ break;
++
++ if (nl->next && netidmax > 1)
++ {
++ strncat (buf, ",", netidmax);
++ netidmax --;
++ }
++ }
++
+ printf ("%-32s", buf);
+ rpc = getrpcbynumber (rs->prog);
+ if (rpc)
+--
+2.22.0
+