commit e958203796650e3959a43708d67534bf36f4c83b
author b.liu <b.liu@mobiletek.cn> Thu Apr 17 19:18:16 2025 +0800
committer b.liu <b.liu@mobiletek.cn> Thu Apr 17 19:18:16 2025 +0800
tree b2d43b7c77053224287779c12b5e890cadc3d327
parent f51a5559b56d8fd47d9623531065443befb43e5b

ASR_BASE

Change-Id: Icf3719cc0afe3eeb3edc7fa80a2eb5199ca9dda1

external/subpack/net/rpcbind/patches/001-CVE-2017-8779-dos-via-memory-consumption.patch

diff --git a/external/subpack/net/rpcbind/patches/001-CVE-2017-8779-dos-via-memory-consumption.patch b/external/subpack/net/rpcbind/patches/001-CVE-2017-8779-dos-via-memory-consumption.patch
new file mode 100644
index 0000000..8986b14
--- /dev/null
+++ b/external/subpack/net/rpcbind/patches/001-CVE-2017-8779-dos-via-memory-consumption.patch
@@ -0,0 +1,27 @@
+Submitted By: Ken Moffat <ken at linuxfromscratch dot org>
+Date: 2017-05-29
+Initial Package Version: 0.2.4 (also affects earlier versions)
+Upstream Status: Unknown
+Origin: Guido Vranken
+Description: Fixes CVE-2017-8779 (DOS by remote attackers - memory consumption
+without subsequent free).
+
+--- a/src/rpcb_svc_com.c
++++ b/src/rpcb_svc_com.c
+@@ -48,6 +48,7 @@
+ #include <rpc/rpc.h>
+ #include <rpc/rpcb_prot.h>
+ #include <rpc/svc_dg.h>
++#include <rpc/rpc_com.h>
+ #include <netconfig.h>
+ #include <errno.h>
+ #include <syslog.h>
+@@ -432,7 +433,7 @@ rpcbproc_taddr2uaddr_com(void *arg, stru
+ static bool_t
+ xdr_encap_parms(XDR *xdrs, struct encap_parms *epp)
+ {
+-	return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), ~0));
++	return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), RPC_MAXDATASIZE));
+ }
+ 
+ /*