#
319615 |
|
06-Jun-2017 |
delphij |
MFC r319369:
* limit size of buffers to RPC_MAXDATASIZE * don't leak memory * be more picky about bad parameters
From:
https://raw.githubusercontent.com/guidovranken/rpcbomb/master/libtirpc_patch.txt https://github.com/guidovranken/rpcbomb/blob/master/rpcbind_patch.txt
via NetBSD.
|
#
309506 |
|
03-Dec-2016 |
ngie |
MFC r301770: r301770 (by pfg):
rpcbind(8): Make use of some xdr_* macros.
xdr_rpcproc, xdr_rpcprog and xdr_rpcvers were broken in older versions of FreeBSD but fixed in r296394. Give them some use hoping they help make the code somewhat more readable.
|
#
288511 |
|
02-Oct-2015 |
delphij |
Fix a regression with SA-15:24 patch that prevented NIS from working.
|
#
288384 |
|
29-Sep-2015 |
delphij |
The Sun RPC framework uses a netbuf structure to represent the transport specific form of a universal transport address. The structure is expected to be opaque to consumers. In the current implementation, the structure contains a pointer to a buffer that holds the actual address.
In rpcbind(8), netbuf structures are copied directly, which would result in two netbuf structures that reference to one shared address buffer. When one of the two netbuf structures is freed, access to the other netbuf structure would result in an undefined result that may crash the rpcbind(8) daemon.
Fix this by making a copy of the buffer that is going to be freed instead of doing a shallow copy.
Security: FreeBSD-SA-15:24.rpcbind Security: CVE-2015-7236
|
#
288511 |
|
02-Oct-2015 |
delphij |
Fix a regression with SA-15:24 patch that prevented NIS from working.
|
#
288384 |
|
29-Sep-2015 |
delphij |
The Sun RPC framework uses a netbuf structure to represent the transport specific form of a universal transport address. The structure is expected to be opaque to consumers. In the current implementation, the structure contains a pointer to a buffer that holds the actual address.
In rpcbind(8), netbuf structures are copied directly, which would result in two netbuf structures that reference to one shared address buffer. When one of the two netbuf structures is freed, access to the other netbuf structure would result in an undefined result that may crash the rpcbind(8) daemon.
Fix this by making a copy of the buffer that is going to be freed instead of doing a shallow copy.
Security: FreeBSD-SA-15:24.rpcbind Security: CVE-2015-7236
|