diff options
| author | Xin LI <delphij@FreeBSD.org> | 2017-06-01 06:12:25 +0000 |
|---|---|---|
| committer | Xin LI <delphij@FreeBSD.org> | 2017-06-01 06:12:25 +0000 |
| commit | 6448ec89e7391aee8ce76785e0ec520ba7abb1c8 (patch) | |
| tree | b46740f9ea572cd854ee87389eef91802c3ffae6 /lib/libc/rpc/rpcb_st_xdr.c | |
| parent | 26f923dca39acab33709d5073558846f0e1b67ae (diff) | |
* limit size of buffers to RPC_MAXDATASIZE
* don't leak memory
* be more picky about bad parameters
From:
https://raw.githubusercontent.com/guidovranken/rpcbomb/master/libtirpc_patch.txt
https://github.com/guidovranken/rpcbomb/blob/master/rpcbind_patch.txt
via NetBSD.
Reviewed by: emaste, cem (earlier version)
Differential Revision: https://reviews.freebsd.org/D10922
MFC after: 3 days
Notes
Notes:
svn path=/head/; revision=319369
Diffstat (limited to 'lib/libc/rpc/rpcb_st_xdr.c')
| -rw-r--r-- | lib/libc/rpc/rpcb_st_xdr.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/lib/libc/rpc/rpcb_st_xdr.c b/lib/libc/rpc/rpcb_st_xdr.c index 9abc0286f109..362184ec79ad 100644 --- a/lib/libc/rpc/rpcb_st_xdr.c +++ b/lib/libc/rpc/rpcb_st_xdr.c @@ -42,6 +42,7 @@ __FBSDID("$FreeBSD$"); #include "namespace.h" #include <rpc/rpc.h> +#include <rpc/rpc_com.h> #include "un-namespace.h" /* Link list of all the stats about getport and getaddr */ @@ -63,7 +64,7 @@ xdr_rpcbs_addrlist(XDR *xdrs, rpcbs_addrlist *objp) if (!xdr_int(xdrs, &objp->failure)) { return (FALSE); } - if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) { + if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) { return (FALSE); } @@ -115,7 +116,7 @@ xdr_rpcbs_rmtcalllist(XDR *xdrs, rpcbs_rmtcalllist *objp) IXDR_PUT_INT32(buf, objp->failure); IXDR_PUT_INT32(buf, objp->indirect); } - if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) { + if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) { return (FALSE); } pnext = &objp->next; @@ -154,7 +155,7 @@ xdr_rpcbs_rmtcalllist(XDR *xdrs, rpcbs_rmtcalllist *objp) objp->failure = (int)IXDR_GET_INT32(buf); objp->indirect = (int)IXDR_GET_INT32(buf); } - if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) { + if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) { return (FALSE); } if (!xdr_pointer(xdrs, (char **) pnext, @@ -182,7 +183,7 @@ xdr_rpcbs_rmtcalllist(XDR *xdrs, rpcbs_rmtcalllist *objp) if (!xdr_int(xdrs, &objp->indirect)) { return (FALSE); } - if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) { + if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) { return (FALSE); } if (!xdr_pointer(xdrs, (char **) pnext, |