diff --git a/SOURCES/libtirpc-0.2.4-makefd_xprt-fd.patch b/SOURCES/libtirpc-0.2.4-makefd_xprt-fd.patch new file mode 100644 index 0000000..4913bea --- /dev/null +++ b/SOURCES/libtirpc-0.2.4-makefd_xprt-fd.patch @@ -0,0 +1,93 @@ +diff -up libtirpc-0.2.4/src/rtime.c.orig libtirpc-0.2.4/src/rtime.c +--- libtirpc-0.2.4/src/rtime.c.orig 2013-12-09 15:59:51.000000000 -0500 ++++ libtirpc-0.2.4/src/rtime.c 2017-02-25 12:29:25.227847702 -0500 +@@ -46,6 +46,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -67,7 +68,8 @@ rtime(addrp, timep, timeout) + struct timeval *timeout; + { + int s; +- fd_set readfds; ++ struct pollfd fd; ++ int milliseconds; + int res; + unsigned long thetime; + struct sockaddr_in from; +@@ -94,31 +96,32 @@ rtime(addrp, timep, timeout) + addrp->sin_port = serv->s_port; + + if (type == SOCK_DGRAM) { +- res = sendto(s, (char *)&thetime, sizeof(thetime), 0, ++ res = sendto(s, (char *)&thetime, sizeof(thetime), 0, + (struct sockaddr *)addrp, sizeof(*addrp)); + if (res < 0) { + do_close(s); +- return(-1); ++ return(-1); + } +- do { +- FD_ZERO(&readfds); +- FD_SET(s, &readfds); +- res = select(_rpc_dtablesize(), &readfds, +- (fd_set *)NULL, (fd_set *)NULL, timeout); +- } while (res < 0 && errno == EINTR); ++ ++ milliseconds = (timeout->tv_sec * 1000) + (timeout->tv_usec / 1000); ++ fd.fd = s; ++ fd.events = POLLIN; ++ do ++ res = poll (&fd, 1, milliseconds); ++ while (res < 0 && errno == EINTR); + if (res <= 0) { + if (res == 0) { + errno = ETIMEDOUT; + } + do_close(s); +- return(-1); ++ return(-1); + } + fromlen = sizeof(from); +- res = recvfrom(s, (char *)&thetime, sizeof(thetime), 0, ++ res = recvfrom(s, (char *)&thetime, sizeof(thetime), 0, + (struct sockaddr *)&from, &fromlen); + do_close(s); + if (res < 0) { +- return(-1); ++ return(-1); + } + } else { + if (connect(s, (struct sockaddr *)addrp, sizeof(*addrp)) < 0) { +diff -up libtirpc-0.2.4/src/svc_vc.c.orig libtirpc-0.2.4/src/svc_vc.c +--- libtirpc-0.2.4/src/svc_vc.c.orig 2017-02-25 12:26:55.430978326 -0500 ++++ libtirpc-0.2.4/src/svc_vc.c 2017-02-25 12:29:25.227847702 -0500 +@@ -260,14 +260,8 @@ makefd_xprt(fd, sendsize, recvsize) + struct cf_conn *cd; + const char *netid; + struct __rpc_sockinfo si; +- +- assert(fd != -1); + +- if (fd >= FD_SETSIZE) { +- warnx("svc_vc: makefd_xprt: fd too high\n"); +- xprt = NULL; +- goto done; +- } ++ assert(fd != -1); + + xprt = mem_alloc(sizeof(SVCXPRT)); + if (xprt == NULL) { +@@ -340,6 +334,8 @@ again: + */ + + newxprt = makefd_xprt(sock, r->sendsize, r->recvsize); ++ if (!newxprt) ++ return (FALSE); + + if (!__rpc_set_netbuf(&newxprt->xp_rtaddr, &addr, len)) + return (FALSE); diff --git a/SPECS/libtirpc.spec b/SPECS/libtirpc.spec index ca4ed39..36151e1 100644 --- a/SPECS/libtirpc.spec +++ b/SPECS/libtirpc.spec @@ -2,7 +2,7 @@ Name: libtirpc Version: 0.2.4 -Release: 0.8%{?dist} +Release: 0.10%{?dist} Summary: Transport Independent RPC Library Group: System Environment/Libraries License: SISSL and BSD @@ -34,9 +34,10 @@ Patch006: libtirpc-0.2.4-svc-gss-memleaks.patch Patch007: libtirpc-0.2.4-clnt-mthr-create.patch # -# RHEL7.3-Z +# RHEL7.4 # -Patch008: libtirpc-0.2.4-CVE-2017-8779.patch +Patch008: libtirpc-0.2.4-makefd_xprt-fd.patch +Patch009: libtirpc-0.2.4-CVE-2017-8779.patch %description This package contains SunLib's implementation of transport-independent @@ -77,8 +78,10 @@ developing programs which use the tirpc library. %patch006 -p1 # 1342545 - Threads specifically interacting with libtirpc library... %patch007 -p1 -# 1449462 - CVE-2017-8779 rpcbind: libtirpc, libntirpc: Memory leak... +# 1410617 - makefd_xprt: remove obsolete check for fd number %patch008 -p1 +# CVE-2017-8779 libtirpc: libtirpc, libntirpc: Memory leak.... +%patch009 -p1 # Remove .orig files find . -name "*.orig" | xargs rm -f @@ -167,8 +170,11 @@ rm -rf %{buildroot} %{_mandir}/*/* %changelog -* Wed May 17 2017 Steve Dickson 0.2.4-0.8_3 -- Fixed for CVE-2017-8779 (bz 1449462) +* Wed May 17 2017 Steve Dickson 0.2.4-0.10 +- Fix for CVE-2017-8779 (bz 1449463) + +* Sat Feb 25 2017 Steve Dickson 0.2.4-0.9 +- makefd_xprt: remove obsolete check for fd number (bz 1410617) * Mon Jun 6 2016 Steve Dickson 0.2.4-0.8 - handle concurrent connect calls in clnt_vc_create() (bz 1342545)