| Message ID | cover.1642006428.git.fweimer@redhat.com |
|---|---|
| Headers |
Return-Path: <libc-alpha-bounces+patchwork=sourceware.org@sourceware.org> X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id D95A73940032 for <patchwork@sourceware.org>; Wed, 12 Jan 2022 17:01:17 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org D95A73940032 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1642006877; bh=DN8+3UoJ/ReQzeIgCsJE6nMAl7TrOF0nlqXalR7bk9M=; h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:Cc:From; b=Mg90WY35IyoHegxz8vfPMZQp7/+jxfLgWCGgHGXVBLgLjDIP5+Ycwpb+N0C3+Mpxv Wfi6ZwdRz2nfvHcbBwBZ4huSRbjP6dpn1KDeHhYMppHgKTL1cM9W6K/skuxzr2RjuA i8+dYeRk+Ly60WlGTEqfF7x/6uxr2efItweBd5nM= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by sourceware.org (Postfix) with ESMTPS id 975F43858406 for <libc-alpha@sourceware.org>; Wed, 12 Jan 2022 17:00:56 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 975F43858406 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-538-QKnTeWZVOJa8lE5GYlvb2A-1; Wed, 12 Jan 2022 12:00:51 -0500 X-MC-Unique: QKnTeWZVOJa8lE5GYlvb2A-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 152C28042A2 for <libc-alpha@sourceware.org>; Wed, 12 Jan 2022 17:00:51 +0000 (UTC) Received: from oldenburg.str.redhat.com (unknown [10.39.192.102]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 59ADC86C42; Wed, 12 Jan 2022 17:00:50 +0000 (UTC) To: libc-alpha@sourceware.org Subject: [PATCH 0/4] Fix two sunrpc buffer overflows X-From-Line: 55cb14a8b8be9da666fe20a6ffdb7e8bb9095f39 Mon Sep 17 00:00:00 2001 Message-Id: <cover.1642006428.git.fweimer@redhat.com> Date: Wed, 12 Jan 2022 18:00:48 +0100 User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain X-Spam-Status: No, score=-6.4 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org> List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>, <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe> List-Archive: <https://sourceware.org/pipermail/libc-alpha/> List-Post: <mailto:libc-alpha@sourceware.org> List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help> List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>, <mailto:libc-alpha-request@sourceware.org?subject=subscribe> From: Florian Weimer via Libc-alpha <libc-alpha@sourceware.org> Reply-To: Florian Weimer <fweimer@redhat.com> Cc: Martin Sebor <msebor@redhat.com> Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org Sender: "Libc-alpha" <libc-alpha-bounces+patchwork=sourceware.org@sourceware.org> |
| Series |
Fix two sunrpc buffer overflows
|
|
Message
Florian Weimer
Jan. 12, 2022, 5 p.m. UTC
The first one was reported by Martin Sebor in 2017, but we didn't fix it. Grepping for sun_path I found another similar one. Tested on i686-linux-gnu, x86_64-linux-gnu. Built with build-many-glibcs.py. Thanks, Florian Florian Weimer (3): socket: Add the __sockaddr_un_set function sunrpc: Fix buffer overflow in clnt_create for "unix" (bug 22542) sunrpc: Fix path buffer overflow in svcunix_create (bug 28768) Martin Sebor (1): sunrpc: Test case for clnt_create "unix" buffer overflow (bug 22542) NEWS | 7 +++- include/sys/un.h | 12 +++++++ socket/Makefile | 6 +++- socket/sockaddr_un_set.c | 41 ++++++++++++++++++++++++ socket/tst-sockaddr_un_set.c | 62 ++++++++++++++++++++++++++++++++++++ sunrpc/Makefile | 5 ++- sunrpc/clnt_gen.c | 10 ++++-- sunrpc/svc_unix.c | 11 +++---- sunrpc/tst-bug22542.c | 44 +++++++++++++++++++++++++ sunrpc/tst-bug28768.c | 42 ++++++++++++++++++++++++ 10 files changed, 227 insertions(+), 13 deletions(-) create mode 100644 socket/sockaddr_un_set.c create mode 100644 socket/tst-sockaddr_un_set.c create mode 100644 sunrpc/tst-bug22542.c create mode 100644 sunrpc/tst-bug28768.c base-commit: 0005e54f762b2ec65cee2c4ecf1e9d42612030f0