Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 146830 Details for
Bug 214208
net-libs/libtirpc RPC library buffer overflow (CVE-2007-3999)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
libtirpc-0.1.7-CVE-2007-3999.patch
libtirpc-0.1.7-CVE-2007-3999.patch (text/plain), 1.27 KB, created by
Robert Buchholz (RETIRED)
on 2008-03-22 01:41:37 UTC
(
hide
)
Description:
libtirpc-0.1.7-CVE-2007-3999.patch
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2008-03-22 01:41:37 UTC
Size:
1.27 KB
patch
obsolete
>commit 3cf1a3ce1a409e647f9b8ca4497c26e6d066f293 >Author: Steve Dickson <steved@redhat.com> >Date: Thu Jan 24 15:01:22 2008 -0500 > > Protect from buffer overflow in the GSS code. > > Signed-off-by: Steve Dickson <steved@redhat.com> > >diff -up libtirpc-0.1.7/src/svc_auth_gss.c.orig libtirpc-0.1.7/src/svc_auth_gss.c >--- libtirpc-0.1.7/src/svc_auth_gss.c.orig 2008-01-24 14:41:21.000000000 -0500 >+++ libtirpc-0.1.7/src/svc_auth_gss.c 2008-01-24 14:59:31.000000000 -0500 >@@ -294,6 +294,15 @@ svcauth_gss_validate(struct svc_rpc_gss_ > memset(rpchdr, 0, sizeof(rpchdr)); > > /* XXX - Reconstruct RPC header for signing (from xdr_callmsg). */ >+ oa = &msg->rm_call.cb_cred; >+ if (oa->oa_length > MAX_AUTH_BYTES) >+ return (FALSE); >+ >+ /* 8 XDR units from the IXDR macro calls. */ >+ if (sizeof(rpchdr) < (8 * BYTES_PER_XDR_UNIT + >+ RNDUP(oa->oa_length))) >+ return (FALSE); >+ > buf = (int32_t *)rpchdr; > IXDR_PUT_LONG(buf, msg->rm_xid); > IXDR_PUT_ENUM(buf, msg->rm_direction); >@@ -301,7 +310,6 @@ svcauth_gss_validate(struct svc_rpc_gss_ > IXDR_PUT_LONG(buf, msg->rm_call.cb_prog); > IXDR_PUT_LONG(buf, msg->rm_call.cb_vers); > IXDR_PUT_LONG(buf, msg->rm_call.cb_proc); >- oa = &msg->rm_call.cb_cred; > IXDR_PUT_ENUM(buf, oa->oa_flavor); > IXDR_PUT_LONG(buf, oa->oa_length); > if (oa->oa_length) {
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 214208
: 146830