git: 5299d64b2b9f - main - libc: fix buffer overrun in getrpcport(3)

Shawn Webb shawn.webb at hardenedbsd.org
Sun Jan 31 21:55:59 UTC 2021 

On Sun, Jan 31, 2021 at 09:43:41PM +0000, Edward Tomasz Napierala wrote:
> The branch main has been updated by trasz:
> 
> URL: https://cgit.FreeBSD.org/src/commit/?id=5299d64b2b9f7a25e423ef1785d9402a0ef198d3
> 
> commit 5299d64b2b9f7a25e423ef1785d9402a0ef198d3
> Author:     Edward Tomasz Napierala <trasz at FreeBSD.org>
> AuthorDate: 2021-01-31 21:41:55 +0000
> Commit:     Edward Tomasz Napierala <trasz at FreeBSD.org>
> CommitDate: 2021-01-31 21:42:02 +0000
> 
>     libc: fix buffer overrun in getrpcport(3)
>     
>     Reviewed By:    markj
>     Sponsored by:   NetApp, Inc.
>     Sponsored by:   Klara, Inc.
>     Differential Revision: https://reviews.freebsd.org/D27332
> ---
>  lib/libc/rpc/getrpcport.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/lib/libc/rpc/getrpcport.c b/lib/libc/rpc/getrpcport.c
> index 2b2d459c8887..4abc9a0c16af 100644
> --- a/lib/libc/rpc/getrpcport.c
> +++ b/lib/libc/rpc/getrpcport.c
> @@ -62,14 +62,14 @@ getrpcport(char *host, int prognum, int versnum, int proto)
>  
>  	assert(host != NULL);
>  
> -	if ((hp = gethostbyname(host)) == NULL)
> +	if ((hp = gethostbyname2(host, AF_INET)) == NULL)
>  		return (0);
>  	memset(&addr, 0, sizeof(addr));
>  	addr.sin_len = sizeof(struct sockaddr_in);
>  	addr.sin_family = AF_INET;
>  	addr.sin_port =  0;
> -	if (hp->h_length > addr.sin_len)
> -		hp->h_length = addr.sin_len;
> +	if (hp->h_length > sizeof(addr.sin_addr.s_addr))
> +		hp->h_length = sizeof(addr.sin_addr.s_addr);
>  	memcpy(&addr.sin_addr.s_addr, hp->h_addr, (size_t)hp->h_length);
>  	/* Inconsistent interfaces need casts! :-( */
>  	return (pmap_getport(&addr, (u_long)prognum, (u_long)versnum, 

Does a fix like this need to get a security advisory report? Also, any
plans to MFC?

Thanks,

-- 
Shawn Webb
Cofounder / Security Engineer
HardenedBSD

GPG Key ID:          0xFF2E67A277F8E1FA
GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9  3633 C85B 0AF8 AB23 0FB2
https://git-01.md.hardenedbsd.org/HardenedBSD/pubkeys/src/branch/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/dev-commits-src-all/attachments/20210131/81d49f9f/attachment.sig>

More information about the dev-commits-src-all mailing list