diff options
author | delphij <delphij@FreeBSD.org> | 2017-06-06 07:21:33 +0000 |
---|---|---|
committer | delphij <delphij@FreeBSD.org> | 2017-06-06 07:21:33 +0000 |
commit | 31c59906ec81f862e5f8ce88378fa26e2ff3156b (patch) | |
tree | bc5ed9ac499610bee622336a6607191bdde3b6af /usr.sbin | |
parent | 1556d42b5bdc72d3b2a4d01c5f0e610c296a53cd (diff) | |
download | FreeBSD-src-31c59906ec81f862e5f8ce88378fa26e2ff3156b.zip FreeBSD-src-31c59906ec81f862e5f8ce88378fa26e2ff3156b.tar.gz |
MFC r319369:
* limit size of buffers to RPC_MAXDATASIZE
* don't leak memory
* be more picky about bad parameters
From:
https://raw.githubusercontent.com/guidovranken/rpcbomb/master/libtirpc_patch.txt
https://github.com/guidovranken/rpcbomb/blob/master/rpcbind_patch.txt
via NetBSD.
Approved by: re (kib)
Diffstat (limited to 'usr.sbin')
-rw-r--r-- | usr.sbin/rpcbind/rpcb_svc_com.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/usr.sbin/rpcbind/rpcb_svc_com.c b/usr.sbin/rpcbind/rpcb_svc_com.c index c86f75e..d5beb13 100644 --- a/usr.sbin/rpcbind/rpcb_svc_com.c +++ b/usr.sbin/rpcbind/rpcb_svc_com.c @@ -55,6 +55,7 @@ #include <stdio.h> #ifdef PORTMAP #include <netinet/in.h> +#include <rpc/rpc_com.h> #include <rpc/pmap_prot.h> #endif /* PORTMAP */ #include <string.h> @@ -418,7 +419,8 @@ rpcbproc_taddr2uaddr_com(void *arg, struct svc_req *rqstp __unused, static bool_t xdr_encap_parms(XDR *xdrs, struct encap_parms *epp) { - return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), ~0)); + return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), + RPC_MAXDATASIZE)); } /* |