MFC r319369:

* limit size of buffers to RPC_MAXDATASIZE * don't leak memory * be more picky about bad parameters From: https://raw.githubusercontent.com/guidovranken/rpcbomb/master/libtirpc_patch.txt https://github.com/guidovranken/rpcbomb/blob/master/rpcbind_patch.txt via NetBSD. Approved by: re (kib)
author: delphij <delphij@FreeBSD.org> 2017-06-06 07:21:33 +0000
committer: delphij <delphij@FreeBSD.org> 2017-06-06 07:21:33 +0000
commit: 31c59906ec81f862e5f8ce88378fa26e2ff3156b (patch)
tree: bc5ed9ac499610bee622336a6607191bdde3b6af /usr.sbin
parent: 1556d42b5bdc72d3b2a4d01c5f0e610c296a53cd (diff)
download: FreeBSD-src-31c59906ec81f862e5f8ce88378fa26e2ff3156b.zip
FreeBSD-src-31c59906ec81f862e5f8ce88378fa26e2ff3156b.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/usr.sbin/rpcbind/rpcb_svc_com.c b/usr.sbin/rpcbind/rpcb_svc_com.c
index c86f75e..d5beb13 100644
--- a/usr.sbin/rpcbind/rpcb_svc_com.c
+++ b/usr.sbin/rpcbind/rpcb_svc_com.c
@@ -55,6 +55,7 @@
 #include <stdio.h>
 #ifdef PORTMAP
 #include <netinet/in.h>
+#include <rpc/rpc_com.h>
 #include <rpc/pmap_prot.h>
 #endif /* PORTMAP */
 #include <string.h>
@@ -418,7 +419,8 @@ rpcbproc_taddr2uaddr_com(void *arg, struct svc_req *rqstp __unused,
 static bool_t
 xdr_encap_parms(XDR *xdrs, struct encap_parms *epp)
 {
-	return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), ~0));
+	return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen),
+	    RPC_MAXDATASIZE));
 }
 
 /*
author	delphij <delphij@FreeBSD.org>	2017-06-06 07:21:33 +0000
committer	delphij <delphij@FreeBSD.org>	2017-06-06 07:21:33 +0000
commit	31c59906ec81f862e5f8ce88378fa26e2ff3156b (patch)
tree	bc5ed9ac499610bee622336a6607191bdde3b6af /usr.sbin
parent	1556d42b5bdc72d3b2a4d01c5f0e610c296a53cd (diff)
download	FreeBSD-src-31c59906ec81f862e5f8ce88378fa26e2ff3156b.zip FreeBSD-src-31c59906ec81f862e5f8ce88378fa26e2ff3156b.tar.gz