diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2019-09-17 21:01:20 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2019-09-18 08:59:50 +0200 |
| commit | ba153cf4c6b9f6375a86058735337776cc361669 (patch) | |
| tree | 5437be9116827d1401a4f5bf30487bb20cfcf575 /source/n/rpcbind/0001-rpcinfo-Fix-stack-buffer-overflow.patch | |
| parent | 6d3daa25f6bab4720130798050ca40c9d31cd7b1 (diff) | |
| download | current-ba153cf4c6b9f6375a86058735337776cc361669.tar.gz current-ba153cf4c6b9f6375a86058735337776cc361669.tar.xz | |
Tue Sep 17 21:01:20 UTC 201920190917210120
a/eudev-3.2.8-x86_64-2.txz: Rebuilt.
Blacklisted mlx_wdt in watchdog.conf. Thanks to Robby Workman.
l/libical-3.0.6-x86_64-1.txz: Upgraded.
n/rpcbind-1.2.5-x86_64-2.txz: Rebuilt.
Added patch from git master to fix a segfault.
Fixed application of the next patch.
Thanks to Robby Workman.
x/freeglut-3.2.0-x86_64-1.txz: Upgraded.
x/mesa-19.1.7-x86_64-1.txz: Upgraded.
Diffstat (limited to 'source/n/rpcbind/0001-rpcinfo-Fix-stack-buffer-overflow.patch')
| -rw-r--r-- | source/n/rpcbind/0001-rpcinfo-Fix-stack-buffer-overflow.patch | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/source/n/rpcbind/0001-rpcinfo-Fix-stack-buffer-overflow.patch b/source/n/rpcbind/0001-rpcinfo-Fix-stack-buffer-overflow.patch new file mode 100644 index 000000000..14fd88c8d --- /dev/null +++ b/source/n/rpcbind/0001-rpcinfo-Fix-stack-buffer-overflow.patch @@ -0,0 +1,69 @@ +From 0bc1c0ae7ce61a7ac8a8e9a9b2086268f011abf0 Mon Sep 17 00:00:00 2001 +From: Steve Dickson <steved@redhat.com> +Date: Tue, 9 Oct 2018 09:19:50 -0400 +Subject: [PATCH] rpcinfo: Fix stack buffer overflow + +*** buffer overflow detected ***: rpcinfo terminated +======= Backtrace: ========= +/lib64/libc.so.6(+0x721af)[0x7ff24c4451af] +/lib64/libc.so.6(__fortify_fail+0x37)[0x7ff24c4ccdc7] +/lib64/libc.so.6(+0xf8050)[0x7ff24c4cb050] +rpcinfo(+0x435f)[0xef3be2635f] +rpcinfo(+0x1c62)[0xef3be23c62] +/lib64/libc.so.6(__libc_start_main+0xf5)[0x7ff24c3f36e5] +rpcinfo(+0x2739)[0xef3be24739] +======= Memory map: ======== +... +The patch below fixes it. + +Reviewed-by: Chuck Lever <chuck.lever@oracle.com> +Signed-off-by: Thomas Blume <thomas.blume@suse.com> +Signed-off-by: Steve Dickson <steved@redhat.com> +--- + src/rpcinfo.c | 23 +++++++++++++++++------ + 1 file changed, 17 insertions(+), 6 deletions(-) + +diff --git a/src/rpcinfo.c b/src/rpcinfo.c +index 9b46864..cfdba88 100644 +--- a/src/rpcinfo.c ++++ b/src/rpcinfo.c +@@ -973,6 +973,7 @@ rpcbdump (dumptype, netid, argc, argv) + (" program version(s) netid(s) service owner\n"); + for (rs = rs_head; rs; rs = rs->next) + { ++ size_t netidmax = sizeof(buf) - 1; + char *p = buf; + + printf ("%10ld ", rs->prog); +@@ -985,12 +986,22 @@ rpcbdump (dumptype, netid, argc, argv) + } + printf ("%-10s", buf); + buf[0] = '\0'; +- for (nl = rs->nlist; nl; nl = nl->next) +- { +- strcat (buf, nl->netid); +- if (nl->next) +- strcat (buf, ","); +- } ++ ++ for (nl = rs->nlist; nl; nl = nl->next) ++ { ++ strncat (buf, nl->netid, netidmax); ++ if (strlen (nl->netid) < netidmax) ++ netidmax -= strlen(nl->netid); ++ else ++ break; ++ ++ if (nl->next && netidmax > 1) ++ { ++ strncat (buf, ",", netidmax); ++ netidmax --; ++ } ++ } ++ + printf ("%-32s", buf); + rpc = getrpcbynumber (rs->prog); + if (rpc) +-- +2.22.0 + |