This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
[PATCH] fix xdr routines to utilize the already defined limits forcertain YP requests
- From: Patsy Franklin <pfrankli at redhat dot com>
- To: libc-alpha at sourceware dot org
- Date: Mon, 01 Oct 2012 14:12:23 -0400
- Subject: [PATCH] fix xdr routines to utilize the already defined limits forcertain YP requests
- Reply-to: pfrankli at redhat dot com
Hi,
It was recently reported that an xdr request with an incorrect length
field could cause glibc to allocate huge amounts of memory when parsing
the xdr request.
This bug exposed the fact that the xdr_ functions were allocating memory
based on the length in the xdr request rather than the maximum size
specified by the YP protocol.
This patch fixes various xdr routines to utilize the already defined
limits for certain YP requests.
Thanks!
Patsy Franklin
2012-09-25 Patsy Franklin <pfrankli@redhat.com>
Honza Horak <hhorak@redhat.com>
* nis/yp_xdr.c (xdr_domainname): Use YPMAXDOMAIN as maxsize.
(xdr_mapname): Use YPMAXMAP as maxsize.
(xdr_peername): Use YPMAXPEER as maxsize.
(xdr_keydat): Use YPAXRECORD as maxsize.
(xdr_valdat): Use YPMAXRECORD as maxsize.
diff -up glibc-2.12-2-gc4ccff1/nis/yp_xdr.c.xdrnislimit
glibc-2.12-2-gc4ccff1/nis/yp_xdr.c
--- glibc-2.12-2-gc4ccff1/nis/yp_xdr.c.xdrnislimit 2012-08-16
10:49:07.984560650 +0200
+++ glibc-2.12-2-gc4ccff1/nis/yp_xdr.c 2012-08-16 10:51:05.779369033 +0200
@@ -47,21 +47,21 @@ libnsl_hidden_def (xdr_ypxfrstat)
bool_t
xdr_domainname (XDR *xdrs, domainname *objp)
{
- return xdr_string (xdrs, objp, ~0);
+ return xdr_string (xdrs, objp, YPMAXDOMAIN);
}
libnsl_hidden_def (xdr_domainname)
bool_t
xdr_mapname (XDR *xdrs, mapname *objp)
{
- return xdr_string (xdrs, objp, ~0);
+ return xdr_string (xdrs, objp, YPMAXMAP);
}
libnsl_hidden_def (xdr_mapname)
bool_t
xdr_peername (XDR *xdrs, peername *objp)
{
- return xdr_string (xdrs, objp, ~0);
+ return xdr_string (xdrs, objp, YPMAXPEER);
}
libnsl_hidden_def (xdr_peername)
@@ -69,7 +69,7 @@ bool_t
xdr_keydat (XDR *xdrs, keydat *objp)
{
return xdr_bytes (xdrs, (char **) &objp->keydat_val,
- (u_int *) &objp->keydat_len, ~0);
+ (u_int *) &objp->keydat_len, YPMAXRECORD);
}
libnsl_hidden_def (xdr_keydat)
@@ -77,7 +77,7 @@ bool_t
xdr_valdat (XDR *xdrs, valdat *objp)
{
return xdr_bytes (xdrs, (char **) &objp->valdat_val,
- (u_int *) &objp->valdat_len, ~0);
+ (u_int *) &objp->valdat_len, YPMAXRECORD);
}
libnsl_hidden_def (xdr_valdat)