diff --git a/SOURCES/libtirpc-1.1.4-dgcall-free.patch b/SOURCES/libtirpc-1.1.4-dgcall-free.patch new file mode 100644 index 0000000..0f0f1a4 --- /dev/null +++ b/SOURCES/libtirpc-1.1.4-dgcall-free.patch @@ -0,0 +1,14 @@ +diff -up libtirpc-1.1.4/src/clnt_dg.c.orig libtirpc-1.1.4/src/clnt_dg.c +--- libtirpc-1.1.4/src/clnt_dg.c.orig 2022-05-31 08:14:09.408762537 -0400 ++++ libtirpc-1.1.4/src/clnt_dg.c 2022-05-31 08:17:28.950764885 -0400 +@@ -478,9 +478,9 @@ get_reply: + cmsg = CMSG_NXTHDR (&msg, cmsg)) + if (cmsg->cmsg_level == SOL_IP && cmsg->cmsg_type == IP_RECVERR) + { +- mem_free(cbuf, (outlen + 256)); + e = (struct sock_extended_err *) CMSG_DATA(cmsg); + cu->cu_error.re_errno = e->ee_errno; ++ mem_free(cbuf, (outlen + 256)); + release_fd_lock(cu->cu_fd, mask); + return (cu->cu_error.re_status = RPC_CANTRECV); + } diff --git a/SPECS/libtirpc.spec b/SPECS/libtirpc.spec index ff7f46c..8c687fe 100644 --- a/SPECS/libtirpc.spec +++ b/SPECS/libtirpc.spec @@ -2,7 +2,7 @@ Name: libtirpc Version: 1.1.4 -Release: 6%{?dist} +Release: 7%{?dist} Summary: Transport Independent RPC Library Group: System Environment/Libraries License: SISSL and BSD @@ -37,6 +37,12 @@ Patch005: libtirpc-1.1.4-disallow-auth_refresh.patch # bz 1940341 Patch006: libtirpc-1.1.4-dos-fix.patch +# +# RHEL 8.7 +# +# bz 2042196 +Patch007: libtirpc-1.1.4-dgcall-free.patch + BuildRequires: automake, autoconf, libtool, pkgconfig BuildRequires: krb5-devel @@ -156,6 +162,9 @@ mv %{buildroot}%{_mandir}/man3 %{buildroot}%{_mandir}/man3t %{_mandir}/*/* %changelog +* Tue May 31 2022 Steve Dickson 1.1.4-7 +- clnt_dg_call: Fix use-after-free accessing the error number (bz 2042196) + * Thu Dec 2 2021 Steve Dickson 1.1.4-6 - Fix DoS vulnerability in libtirpc (bz 1940341)