mbox series

[v2,0/4] CVE-2022-23218, CVE-2022-23219: sunrpc buffer overflows

Message ID cover.1642148513.git.fweimer@redhat.com
Headers show
Series CVE-2022-23218, CVE-2022-23219: sunrpc buffer overflows | expand

Message

Florian Weimer Jan. 14, 2022, 8:23 a.m. UTC
The first one was reported by Martin Sebor in 2017, but we didn't fix
it.  Grepping for sun_path I found another similar one.

v2: Add CVE IDs.

Thanks,
Florian

Florian Weimer (3):
  socket: Add the __sockaddr_un_set function
  CVE-2022-23219: Buffer overflow in sunrpc clnt_create for "unix" (bug
    22542)
  CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bug 28768)

Martin Sebor (1):
  sunrpc: Test case for clnt_create "unix" buffer overflow (bug 22542)

 NEWS                         |  7 +++-
 include/sys/un.h             | 12 +++++++
 socket/Makefile              |  6 +++-
 socket/sockaddr_un_set.c     | 41 ++++++++++++++++++++++++
 socket/tst-sockaddr_un_set.c | 62 ++++++++++++++++++++++++++++++++++++
 sunrpc/Makefile              |  5 ++-
 sunrpc/clnt_gen.c            | 10 ++++--
 sunrpc/svc_unix.c            | 11 +++----
 sunrpc/tst-bug22542.c        | 44 +++++++++++++++++++++++++
 sunrpc/tst-bug28768.c        | 42 ++++++++++++++++++++++++
 10 files changed, 227 insertions(+), 13 deletions(-)
 create mode 100644 socket/sockaddr_un_set.c
 create mode 100644 socket/tst-sockaddr_un_set.c
 create mode 100644 sunrpc/tst-bug22542.c
 create mode 100644 sunrpc/tst-bug28768.c


base-commit: a78e6a10d0b50d0ca80309775980fc99944b1727