This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug network/20964] sunrpc: Stack-based buffer overflow in getrpcport with RES_USE_INET6
- From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Tue, 27 Dec 2016 15:47:41 +0000
- Subject: [Bug network/20964] sunrpc: Stack-based buffer overflow in getrpcport with RES_USE_INET6
- Auto-submitted: auto-generated
- References: <bug-20964-131@http.sourceware.org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=20964
--- Comment #2 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via 5c6e6747356f5d473c2c62e818bc24432ddef3e2 (commit)
from a36451ff4142b63a76cea9e52ffe4687290071a4 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5c6e6747356f5d473c2c62e818bc24432ddef3e2
commit 5c6e6747356f5d473c2c62e818bc24432ddef3e2
Author: Florian Weimer <fweimer@redhat.com>
Date: Tue Dec 27 16:44:15 2016 +0100
sunrpc: Always obtain AF_INET addresses from NSS [BZ #20964]
The new __libc_rpc_gethostbyname function calls gethostbyname2_r
with an AF_INET argument and is therefore not affected by the
RES_USE_INET6 flag.
Validated with the following test program, with and without
RES_OPTIONS=inet6, against a NFS server. (Link with -lrpcsvc.)
#include <rpc/clnt.h>
#include <rpcsvc/mount.h>
#include <stdio.h>
#include <string.h>
static void
usage (char **argv)
{
printf ("usage:\n"
" %1$s HOST getrpcport\n"
" %1$s HOST callrpc\n"
" %1$s HOST clnt_create\n",
argv[0]);
}
static void
dump_exports (struct exportnode *exports)
{
while (exports != NULL)
{
printf ("%s\n", exports->ex_dir);
exports = exports->ex_next;
}
}
int
main (int argc, char **argv)
{
if (argc != 3)
{
usage (argv);
return 1;
}
const char *host = argv[1];
const char *command = argv[2];
if (strcmp (command, "getrpcport") == 0)
{
int port = getrpcport (host, MOUNTPROG, MOUNTVERS, IPPROTO_UDP);
printf ("getrpcport: %d\n", port);
}
else if (strcmp (command, "callrpc") == 0)
{
struct exportnode *exports = NULL;
int ret = callrpc (host, MOUNTPROG, MOUNTVERS, MOUNTPROC_EXPORT,
(xdrproc_t) xdr_void, NULL,
(xdrproc_t) xdr_exports, (char *)&exports);
if (ret != 0)
{
clnt_perrno (ret);
puts ("");
return 1;
}
dump_exports (exports);
}
else if (strcmp (command, "clnt_create") == 0)
{
CLIENT *client = clnt_create
(host, MOUNTPROG, MOUNTVERS, "udp");
if (client == NULL)
{
printf ("error: clnt_create failed\n");
return 1;
}
struct exportnode *exports = NULL;
int ret = CLNT_CALL (client, MOUNTPROC_EXPORT,
(xdrproc_t) xdr_void, NULL,
(xdrproc_t) xdr_exports, (char *)&exports,
((struct timeval) {15, 0}));
if (ret != 0)
{
clnt_perrno (ret);
puts ("");
return 1;
}
dump_exports (exports);
}
else
{
usage (argv);
return 1;
}
return 0;
}
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 11 ++++++
include/rpc/rpc.h | 6 +++
sunrpc/Makefile | 3 +-
sunrpc/clnt_gen.c | 37 +---------------------
sunrpc/clnt_simp.c | 23 +------------
sunrpc/getrpcport.c | 40 ++++++++++++------------
sunrpc/rpc_gethostbyname.c | 73 ++++++++++++++++++++++++++++++++++++++++++++
7 files changed, 116 insertions(+), 77 deletions(-)
create mode 100644 sunrpc/rpc_gethostbyname.c
--
You are receiving this mail because:
You are on the CC list for the bug.