| Message ID | cover.1642148513.git.fweimer@redhat.com |
|---|---|
| Headers |
Return-Path: <libc-alpha-bounces+patchwork=sourceware.org@sourceware.org> X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 0DA2A3857C4F for <patchwork@sourceware.org>; Fri, 14 Jan 2022 08:24:27 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 0DA2A3857C4F DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1642148667; bh=speOLEDEQxsFUNh3Njaei10Y9forlUac4YXNiH9iigw=; h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:From; b=a8n+WlKpeL1s5Qi0ivX6wuQUbhjXmEm7Clc/dsgWJvLnC5NjbhhjUtGIQpOMVD4ik IDFTLRKGY0Z1JYmt6qAtrVHpMVYxx6sFjdbDi2lthwHztlBss2NiXvy3RLlTRgjh0a ilg8YGBp2hmChrTFgS2H1ucgvkkpQhcrenHXBSRU= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTPS id 205D3385842F for <libc-alpha@sourceware.org>; Fri, 14 Jan 2022 08:23:54 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 205D3385842F Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-607-W9g08rzmPgS7sPfKlZazSA-1; Fri, 14 Jan 2022 03:23:50 -0500 X-MC-Unique: W9g08rzmPgS7sPfKlZazSA-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id D15391083F62 for <libc-alpha@sourceware.org>; Fri, 14 Jan 2022 08:23:49 +0000 (UTC) Received: from oldenburg.str.redhat.com (unknown [10.39.192.49]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 351B01F300 for <libc-alpha@sourceware.org>; Fri, 14 Jan 2022 08:23:49 +0000 (UTC) To: libc-alpha@sourceware.org Subject: [PATCH v2 0/4] CVE-2022-23218, CVE-2022-23219: sunrpc buffer overflows X-From-Line: 4e87feed87235e9143778454147e04469a1e7380 Mon Sep 17 00:00:00 2001 Message-Id: <cover.1642148513.git.fweimer@redhat.com> Date: Fri, 14 Jan 2022 09:23:47 +0100 User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain X-Spam-Status: No, score=-6.4 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org> List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>, <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe> List-Archive: <https://sourceware.org/pipermail/libc-alpha/> List-Post: <mailto:libc-alpha@sourceware.org> List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help> List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>, <mailto:libc-alpha-request@sourceware.org?subject=subscribe> From: Florian Weimer via Libc-alpha <libc-alpha@sourceware.org> Reply-To: Florian Weimer <fweimer@redhat.com> Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org Sender: "Libc-alpha" <libc-alpha-bounces+patchwork=sourceware.org@sourceware.org> |
| Series |
CVE-2022-23218, CVE-2022-23219: sunrpc buffer overflows
|
|
Message
Florian Weimer
Jan. 14, 2022, 8:23 a.m. UTC
The first one was reported by Martin Sebor in 2017, but we didn't fix
it. Grepping for sun_path I found another similar one.
v2: Add CVE IDs.
Thanks,
Florian
Florian Weimer (3):
socket: Add the __sockaddr_un_set function
CVE-2022-23219: Buffer overflow in sunrpc clnt_create for "unix" (bug
22542)
CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bug 28768)
Martin Sebor (1):
sunrpc: Test case for clnt_create "unix" buffer overflow (bug 22542)
NEWS | 7 +++-
include/sys/un.h | 12 +++++++
socket/Makefile | 6 +++-
socket/sockaddr_un_set.c | 41 ++++++++++++++++++++++++
socket/tst-sockaddr_un_set.c | 62 ++++++++++++++++++++++++++++++++++++
sunrpc/Makefile | 5 ++-
sunrpc/clnt_gen.c | 10 ++++--
sunrpc/svc_unix.c | 11 +++----
sunrpc/tst-bug22542.c | 44 +++++++++++++++++++++++++
sunrpc/tst-bug28768.c | 42 ++++++++++++++++++++++++
10 files changed, 227 insertions(+), 13 deletions(-)
create mode 100644 socket/sockaddr_un_set.c
create mode 100644 socket/tst-sockaddr_un_set.c
create mode 100644 sunrpc/tst-bug22542.c
create mode 100644 sunrpc/tst-bug28768.c
base-commit: a78e6a10d0b50d0ca80309775980fc99944b1727