Gitiles
Code Review Sign In
gerrit.cesnet.cz / github / buildroot / buildroot / 954509fb84cfbcf50a2f3020d817a118f7357d3a
commit954509fb84cfbcf50a2f3020d817a118f7357d3a[log] [tgz]
authorPeter Korsgaard <peter@korsgaard.com>Mon May 15 23:01:24 2017 +0200
committerThomas Petazzoni <thomas.petazzoni@free-electrons.com>Tue May 16 09:24:01 2017 +0200
tree08d7f3e5b626b096fe4215ae39ecbce0b5d6372d
parent1dd696ffe26fda96c315329e0dd3880273439e12 [diff]
rpcbind: add upstream security fix for CVE-2017-8779

CVE-2017-8779: rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc
through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC
data size during memory allocation for XDR strings, which allows remote
attackers to cause a denial of service (memory consumption with no
subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.

For more details, see:
https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/

Backport upstream fix to version 0.2.3 and unconditionally include syslog.h
to fix a build issue when RPCBIND_DEBUG is disabled (which it is in
Buildroot).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
1 file changed
tree: 08d7f3e5b626b096fe4215ae39ecbce0b5d6372d
  1. .defconfig
  2. .gitignore
  3. .gitlab-ci.yml
  4. .gitlab-ci.yml.in
  5. CHANGES
  6. COPYING
  7. Config.in
  8. Config.in.legacy
  9. DEVELOPERS
  10. Makefile
  11. Makefile.legacy
  12. README
  13. arch/
  14. board/
  15. boot/
  16. configs/
  17. docs/
  18. fs/
  19. linux/
  20. package/
  21. support/
  22. system/
  23. toolchain/