diff options
Diffstat (limited to 'source/n/rpcbind/0001-rpcinfo-Fix-stack-buffer-overflow.patch')
-rw-r--r-- | source/n/rpcbind/0001-rpcinfo-Fix-stack-buffer-overflow.patch | 69 |
1 files changed, 0 insertions, 69 deletions
diff --git a/source/n/rpcbind/0001-rpcinfo-Fix-stack-buffer-overflow.patch b/source/n/rpcbind/0001-rpcinfo-Fix-stack-buffer-overflow.patch deleted file mode 100644 index 14fd88c8..00000000 --- a/source/n/rpcbind/0001-rpcinfo-Fix-stack-buffer-overflow.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 0bc1c0ae7ce61a7ac8a8e9a9b2086268f011abf0 Mon Sep 17 00:00:00 2001 -From: Steve Dickson <steved@redhat.com> -Date: Tue, 9 Oct 2018 09:19:50 -0400 -Subject: [PATCH] rpcinfo: Fix stack buffer overflow - -*** buffer overflow detected ***: rpcinfo terminated -======= Backtrace: ========= -/lib64/libc.so.6(+0x721af)[0x7ff24c4451af] -/lib64/libc.so.6(__fortify_fail+0x37)[0x7ff24c4ccdc7] -/lib64/libc.so.6(+0xf8050)[0x7ff24c4cb050] -rpcinfo(+0x435f)[0xef3be2635f] -rpcinfo(+0x1c62)[0xef3be23c62] -/lib64/libc.so.6(__libc_start_main+0xf5)[0x7ff24c3f36e5] -rpcinfo(+0x2739)[0xef3be24739] -======= Memory map: ======== -... -The patch below fixes it. - -Reviewed-by: Chuck Lever <chuck.lever@oracle.com> -Signed-off-by: Thomas Blume <thomas.blume@suse.com> -Signed-off-by: Steve Dickson <steved@redhat.com> ---- - src/rpcinfo.c | 23 +++++++++++++++++------ - 1 file changed, 17 insertions(+), 6 deletions(-) - -diff --git a/src/rpcinfo.c b/src/rpcinfo.c -index 9b46864..cfdba88 100644 ---- a/src/rpcinfo.c -+++ b/src/rpcinfo.c -@@ -973,6 +973,7 @@ rpcbdump (dumptype, netid, argc, argv) - (" program version(s) netid(s) service owner\n"); - for (rs = rs_head; rs; rs = rs->next) - { -+ size_t netidmax = sizeof(buf) - 1; - char *p = buf; - - printf ("%10ld ", rs->prog); -@@ -985,12 +986,22 @@ rpcbdump (dumptype, netid, argc, argv) - } - printf ("%-10s", buf); - buf[0] = '\0'; -- for (nl = rs->nlist; nl; nl = nl->next) -- { -- strcat (buf, nl->netid); -- if (nl->next) -- strcat (buf, ","); -- } -+ -+ for (nl = rs->nlist; nl; nl = nl->next) -+ { -+ strncat (buf, nl->netid, netidmax); -+ if (strlen (nl->netid) < netidmax) -+ netidmax -= strlen(nl->netid); -+ else -+ break; -+ -+ if (nl->next && netidmax > 1) -+ { -+ strncat (buf, ",", netidmax); -+ netidmax --; -+ } -+ } -+ - printf ("%-32s", buf); - rpc = getrpcbynumber (rs->prog); - if (rpc) --- -2.22.0 - |