On Sun, Jan 31, 2021 at 09:43:41PM +0000, Edward Tomasz Napierala wrote: > The branch main has been updated by trasz: > > URL: > https://cgit.FreeBSD.org/src/commit/?id=5299d64b2b9f7a25e423ef1785d9402a0ef198d3 > > commit 5299d64b2b9f7a25e423ef1785d9402a0ef198d3 > Author: Edward Tomasz Napierala <tr...@freebsd.org> > AuthorDate: 2021-01-31 21:41:55 +0000 > Commit: Edward Tomasz Napierala <tr...@freebsd.org> > CommitDate: 2021-01-31 21:42:02 +0000 > > libc: fix buffer overrun in getrpcport(3) > > Reviewed By: markj > Sponsored by: NetApp, Inc. > Sponsored by: Klara, Inc. > Differential Revision: https://reviews.freebsd.org/D27332 > --- > lib/libc/rpc/getrpcport.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/lib/libc/rpc/getrpcport.c b/lib/libc/rpc/getrpcport.c > index 2b2d459c8887..4abc9a0c16af 100644 > --- a/lib/libc/rpc/getrpcport.c > +++ b/lib/libc/rpc/getrpcport.c > @@ -62,14 +62,14 @@ getrpcport(char *host, int prognum, int versnum, int > proto) > > assert(host != NULL); > > - if ((hp = gethostbyname(host)) == NULL) > + if ((hp = gethostbyname2(host, AF_INET)) == NULL) > return (0); > memset(&addr, 0, sizeof(addr)); > addr.sin_len = sizeof(struct sockaddr_in); > addr.sin_family = AF_INET; > addr.sin_port = 0; > - if (hp->h_length > addr.sin_len) > - hp->h_length = addr.sin_len; > + if (hp->h_length > sizeof(addr.sin_addr.s_addr)) > + hp->h_length = sizeof(addr.sin_addr.s_addr); > memcpy(&addr.sin_addr.s_addr, hp->h_addr, (size_t)hp->h_length); > /* Inconsistent interfaces need casts! :-( */ > return (pmap_getport(&addr, (u_long)prognum, (u_long)versnum,
Does a fix like this need to get a security advisory report? Also, any plans to MFC? Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD GPG Key ID: 0xFF2E67A277F8E1FA GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9 3633 C85B 0AF8 AB23 0FB2 https://git-01.md.hardenedbsd.org/HardenedBSD/pubkeys/src/branch/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
signature.asc
Description: PGP signature
