This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[PATCH] fix xdr routines to utilize the already defined limits forcertain YP requests


Hi,

It was recently reported that an xdr request with an incorrect length field could cause glibc to allocate huge amounts of memory when parsing the xdr request.

This bug exposed the fact that the xdr_ functions were allocating memory based on the length in the xdr request rather than the maximum size specified by the YP protocol.

This patch fixes various xdr routines to utilize the already defined limits for certain YP requests.

Thanks!
Patsy Franklin


2012-09-25 Patsy Franklin <pfrankli@redhat.com> Honza Horak <hhorak@redhat.com>

    * nis/yp_xdr.c (xdr_domainname): Use YPMAXDOMAIN as maxsize.
    (xdr_mapname): Use YPMAXMAP as maxsize.
    (xdr_peername): Use YPMAXPEER as maxsize.
    (xdr_keydat): Use YPAXRECORD as maxsize.
    (xdr_valdat): Use YPMAXRECORD as maxsize.

diff -up glibc-2.12-2-gc4ccff1/nis/yp_xdr.c.xdrnislimit glibc-2.12-2-gc4ccff1/nis/yp_xdr.c
--- glibc-2.12-2-gc4ccff1/nis/yp_xdr.c.xdrnislimit 2012-08-16 10:49:07.984560650 +0200
+++ glibc-2.12-2-gc4ccff1/nis/yp_xdr.c 2012-08-16 10:51:05.779369033 +0200
@@ -47,21 +47,21 @@ libnsl_hidden_def (xdr_ypxfrstat)
bool_t
xdr_domainname (XDR *xdrs, domainname *objp)
{
- return xdr_string (xdrs, objp, ~0);
+ return xdr_string (xdrs, objp, YPMAXDOMAIN);
}
libnsl_hidden_def (xdr_domainname)


 bool_t
 xdr_mapname (XDR *xdrs, mapname *objp)
 {
-  return xdr_string (xdrs, objp, ~0);
+  return xdr_string (xdrs, objp, YPMAXMAP);
 }
 libnsl_hidden_def (xdr_mapname)

 bool_t
 xdr_peername (XDR *xdrs, peername *objp)
 {
-  return xdr_string (xdrs, objp, ~0);
+  return xdr_string (xdrs, objp, YPMAXPEER);
 }
 libnsl_hidden_def (xdr_peername)

@@ -69,7 +69,7 @@ bool_t
 xdr_keydat (XDR *xdrs, keydat *objp)
 {
   return xdr_bytes (xdrs, (char **) &objp->keydat_val,
-                   (u_int *) &objp->keydat_len, ~0);
+                   (u_int *) &objp->keydat_len, YPMAXRECORD);
 }
 libnsl_hidden_def (xdr_keydat)

@@ -77,7 +77,7 @@ bool_t
 xdr_valdat (XDR *xdrs, valdat *objp)
 {
   return xdr_bytes (xdrs, (char **) &objp->valdat_val,
-                   (u_int *) &objp->valdat_len, ~0);
+                   (u_int *) &objp->valdat_len, YPMAXRECORD);
 }
 libnsl_hidden_def (xdr_valdat)



Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]