rtime.felk.cvut.cz Git - coffee/buildroot.git/commit

author	Ed Blake <ed.blake@sondrel.com>
	Thu, 18 Jan 2018 18:05:31 +0000 (18:05 +0000)
committer	Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
	Thu, 18 Jan 2018 21:08:39 +0000 (22:08 +0100)
commit	5a9a95d0eb15c189f1361c12c105eb0ba8842c77
tree	aba728224a526947b5e75aee996114afe7e16312	tree \| snapshot
parent	7d5796062f19db89880dac899030ac4cbc0372f2	commit \| diff

rpcbind: Backport fixes to memory leak security fix

Commit 954509f added a security fix for CVE-2017-8779, involving
pairing all svc_getargs() calls with svc_freeargs() to avoid a memory
leak.  However it also introduced a couple of issues:

- The call to svc_freeargs() from rpcbproc_callit_com() may result in
  an attempt to free static memory, resulting in undefined behaviour.

- A typo in the svc_freeargs() call from pmapproc_dump() causes NIS
  (aka ypbind) to fail.

Backport upstream fixes for these issues to version 0.2.3.

Signed-off-by: Ed Blake <ed.blake@sondrel.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

package/rpcbind/0005-rpcbproc_callit_com-Stop-freeing-a-static-pointer.patch	[new file with mode: 0644]	blob
package/rpcbind/0006-pmapproc_dump-Fixed-typo-in-memory-leak-patch.patch	[new file with mode: 0644]	blob