[PATCH 0/4] Fix two sunrpc buffer overflows
Florian Weimer
fweimer@redhat.com
Wed Jan 12 17:00:48 GMT 2022
The first one was reported by Martin Sebor in 2017, but we didn't fix
it. Grepping for sun_path I found another similar one.
Tested on i686-linux-gnu, x86_64-linux-gnu. Built with
build-many-glibcs.py.
Thanks,
Florian
Florian Weimer (3):
socket: Add the __sockaddr_un_set function
sunrpc: Fix buffer overflow in clnt_create for "unix" (bug 22542)
sunrpc: Fix path buffer overflow in svcunix_create (bug 28768)
Martin Sebor (1):
sunrpc: Test case for clnt_create "unix" buffer overflow (bug 22542)
NEWS | 7 +++-
include/sys/un.h | 12 +++++++
socket/Makefile | 6 +++-
socket/sockaddr_un_set.c | 41 ++++++++++++++++++++++++
socket/tst-sockaddr_un_set.c | 62 ++++++++++++++++++++++++++++++++++++
sunrpc/Makefile | 5 ++-
sunrpc/clnt_gen.c | 10 ++++--
sunrpc/svc_unix.c | 11 +++----
sunrpc/tst-bug22542.c | 44 +++++++++++++++++++++++++
sunrpc/tst-bug28768.c | 42 ++++++++++++++++++++++++
10 files changed, 227 insertions(+), 13 deletions(-)
create mode 100644 socket/sockaddr_un_set.c
create mode 100644 socket/tst-sockaddr_un_set.c
create mode 100644 sunrpc/tst-bug22542.c
create mode 100644 sunrpc/tst-bug28768.c
base-commit: 0005e54f762b2ec65cee2c4ecf1e9d42612030f0
--
2.34.1
More information about the Libc-alpha
mailing list