This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] fix xdr routines to utilize the already defined limitsfor certain YP requests


On 10/01/2012 05:32 PM, Jeff Law wrote:
On 10/01/2012 12:12 PM, Patsy Franklin wrote:
Hi,

It was recently reported that an xdr request with an incorrect length
field could cause glibc to allocate huge amounts of memory when parsing
the xdr request.

This bug exposed the fact that the xdr_ functions were allocating memory
based on the length in the xdr request rather than the maximum size
specified by the YP protocol.

This patch fixes various xdr routines to utilize the already defined
limits for certain YP requests.

Thanks!
Patsy Franklin


2012-09-25 Patsy Franklin <pfrankli@redhat.com> Honza Horak <hhorak@redhat.com>

     * nis/yp_xdr.c (xdr_domainname): Use YPMAXDOMAIN as maxsize.
     (xdr_mapname): Use YPMAXMAP as maxsize.
     (xdr_peername): Use YPMAXPEER as maxsize.
     (xdr_keydat): Use YPAXRECORD as maxsize.
     (xdr_valdat): Use YPMAXRECORD as maxsize.
Just a note. When you post a patch, it should be a diff against the head of the official glibc sources. This diff is against a very old version of glibc.

I'm confirmed these changes build & regression test without problems. I've also confirmed that the OpenBSD sources use the same limits on these calls to xdr_string and xdr_bytes.

Honza also checked this patch avoids the large allocations when the xdr code is presented with the bogus/malicious xdr packet.

I've updated the patch to apply to the head of trunk and installed it. I'm attaching the installed patch to this message for archival purposes.

Jeff
Sorry about using the wrong tree for the patch. Thanks for fixing this Jeff!


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]