--- /dev/null
+From 0bc1c0ae7ce61a7ac8a8e9a9b2086268f011abf0 Mon Sep 17 00:00:00 2001
+From: Steve Dickson <steved@redhat.com>
+Date: Tue, 9 Oct 2018 09:19:50 -0400
+Subject: [PATCH 1/1] rpcinfo: Fix stack buffer overflow
+
+*** buffer overflow detected ***: rpcinfo terminated
+======= Backtrace: =========
+/lib64/libc.so.6(+0x721af)[0x7ff24c4451af]
+/lib64/libc.so.6(__fortify_fail+0x37)[0x7ff24c4ccdc7]
+/lib64/libc.so.6(+0xf8050)[0x7ff24c4cb050]
+rpcinfo(+0x435f)[0xef3be2635f]
+rpcinfo(+0x1c62)[0xef3be23c62]
+/lib64/libc.so.6(__libc_start_main+0xf5)[0x7ff24c3f36e5]
+rpcinfo(+0x2739)[0xef3be24739]
+======= Memory map: ========
+...
+The patch below fixes it.
+
+Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
+Signed-off-by: Thomas Blume <thomas.blume@suse.com>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ src/rpcinfo.c | 23 +++++++++++++++++------
+ 1 file changed, 17 insertions(+), 6 deletions(-)
+
+diff --git a/src/rpcinfo.c b/src/rpcinfo.c
+index 9b46864..cfdba88 100644
+--- a/src/rpcinfo.c
++++ b/src/rpcinfo.c
+@@ -973,6 +973,7 @@ rpcbdump (dumptype, netid, argc, argv)
+ (" program version(s) netid(s) service owner\n");
+ for (rs = rs_head; rs; rs = rs->next)
+ {
++ size_t netidmax = sizeof(buf) - 1;
+ char *p = buf;
+
+ printf ("%10ld ", rs->prog);
+@@ -985,12 +986,22 @@ rpcbdump (dumptype, netid, argc, argv)
+ }
+ printf ("%-10s", buf);
+ buf[0] = '\0';
+- for (nl = rs->nlist; nl; nl = nl->next)
+- {
+- strcat (buf, nl->netid);
+- if (nl->next)
+- strcat (buf, ",");
+- }
++
++ for (nl = rs->nlist; nl; nl = nl->next)
++ {
++ strncat (buf, nl->netid, netidmax);
++ if (strlen (nl->netid) < netidmax)
++ netidmax -= strlen(nl->netid);
++ else
++ break;
++
++ if (nl->next && netidmax > 1)
++ {
++ strncat (buf, ",", netidmax);
++ netidmax --;
++ }
++ }
++
+ printf ("%-32s", buf);
+ rpc = getrpcbynumber (rs->prog);
+ if (rpc)
+--
+1.8.3.1
+
projects / feed / packages.git / commitdiff