Patch RPC library to avoid possible denial of service attacks as described

recently in BUGTRAQ. If a stream oriented transport fails to properly decode
an RPC message header structure where there should be one, it should mark
the stream as dead so that the connection will be dropped.

2 files changed, 4 insertions, 2 deletions

diff --git a/lib/libc/rpc/svc_tcp.c b/lib/libc/rpc/svc_tcp.c
index 1387ee1..bafa6c3 100644
--- a/lib/libc/rpc/svc_tcp.c
+++ b/lib/libc/rpc/svc_tcp.c
@@ -30,7 +30,7 @@
 #if defined(LIBC_SCCS) && !defined(lint)
 /*static char *sccsid = "from: @(#)svc_tcp.c 1.21 87/08/11 Copyr 1984 Sun Micro";*/
 /*static char *sccsid = "from: @(#)svc_tcp.c	2.2 88/08/01 4.0 RPCSRC";*/
-static char *rcsid = "$Id: svc_tcp.c,v 1.8 1996/12/30 15:19:08 peter Exp $";
+static char *rcsid = "$Id: svc_tcp.c,v 1.11 1997/05/28 05:05:30 wpaul Exp $";
 #endif
 
 /*
@@ -404,6 +404,7 @@ svctcp_recv(xprt, msg)
 		cd->x_id = msg->rm_xid;
 		return (TRUE);
 	}
+	cd->strm_stat = XPRT_DIED;	/* XXXX */
 	return (FALSE);
 }
 
diff --git a/lib/libc/rpc/svc_unix.c b/lib/libc/rpc/svc_unix.c
index 04e3223..eb2e8f2 100644
--- a/lib/libc/rpc/svc_unix.c
+++ b/lib/libc/rpc/svc_unix.c
@@ -30,7 +30,7 @@
 #if defined(LIBC_SCCS) && !defined(lint)
 /*static char *sccsid = "from: @(#)svc_unix.c 1.21 87/08/11 Copyr 1984 Sun Micro";*/
 /*static char *sccsid = "from: @(#)svc_unix.c	2.2 88/08/01 4.0 RPCSRC";*/
-static char *rcsid = "$Id: svc_unix.c,v 1.8 1996/12/30 15:19:08 peter Exp $";
+static char *rcsid = "$Id: svc_unix.c,v 1.2 1997/05/28 05:05:31 wpaul Exp $";
 #endif
 
 /*
@@ -467,6 +467,7 @@ svcunix_recv(xprt, msg)
 		msg->rm_call.cb_verf.oa_length = sizeof(cm);
 		return (TRUE);
 	}
+	cd->strm_stat = XPRT_DIED;	/* XXXX */
 	return (FALSE);
 }