| b.liu | e958203 | 2025-04-17 19:18:16 +0800 | [diff] [blame^] | 1 | Submitted By: Ken Moffat <ken at linuxfromscratch dot org> |
| 2 | Date: 2017-05-29 |
| 3 | Initial Package Version: 0.2.4 (also affects earlier versions) |
| 4 | Upstream Status: Unknown |
| 5 | Origin: Guido Vranken |
| 6 | Description: Fixes CVE-2017-8779 (DOS by remote attackers - memory consumption |
| 7 | without subsequent free). |
| 8 | |
| 9 | --- a/src/rpcb_svc_com.c |
| 10 | +++ b/src/rpcb_svc_com.c |
| 11 | @@ -48,6 +48,7 @@ |
| 12 | #include <rpc/rpc.h> |
| 13 | #include <rpc/rpcb_prot.h> |
| 14 | #include <rpc/svc_dg.h> |
| 15 | +#include <rpc/rpc_com.h> |
| 16 | #include <netconfig.h> |
| 17 | #include <errno.h> |
| 18 | #include <syslog.h> |
| 19 | @@ -432,7 +433,7 @@ rpcbproc_taddr2uaddr_com(void *arg, stru |
| 20 | static bool_t |
| 21 | xdr_encap_parms(XDR *xdrs, struct encap_parms *epp) |
| 22 | { |
| 23 | - return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), ~0)); |
| 24 | + return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), RPC_MAXDATASIZE)); |
| 25 | } |
| 26 | |
| 27 | /* |