Blame SOURCES/rpcbind-0.2.0-CVE20157236-memcorrup.patch

bec77d
diff -up rpcbind-0.2.0/src/rpcb_svc_com.c.orig rpcbind-0.2.0/src/rpcb_svc_com.c
bec77d
--- rpcbind-0.2.0/src/rpcb_svc_com.c.orig	2015-11-30 14:57:10.267576072 -0500
bec77d
+++ rpcbind-0.2.0/src/rpcb_svc_com.c	2015-11-30 14:59:06.305393416 -0500
bec77d
@@ -1204,12 +1204,33 @@ check_rmtcalls(struct pollfd *pfds, int
bec77d
 	return (ncallbacks_found);
bec77d
 }
bec77d
 
bec77d
+/*
bec77d
+ * This is really a helper function defined in libtirpc, 
bec77d
+ * but unfortunately, it hasn't been exported yet.
bec77d
+ */
bec77d
+static struct netbuf *
bec77d
+__rpc_set_netbuf(struct netbuf *nb, const void *ptr, size_t len)
bec77d
+{
bec77d
+	if (nb->len != len) {
bec77d
+		if (nb->len)
bec77d
+			mem_free(nb->buf, nb->len);
bec77d
+		nb->buf = mem_alloc(len);
bec77d
+		if (nb->buf == NULL)
bec77d
+			return NULL;
bec77d
+
bec77d
+		nb->maxlen = nb->len = len;
bec77d
+	}
bec77d
+	memcpy(nb->buf, ptr, len);
bec77d
+	return nb;
bec77d
+}
bec77d
+
bec77d
 static void
bec77d
 xprt_set_caller(SVCXPRT *xprt, struct finfo *fi)
bec77d
 {
bec77d
+	const struct netbuf *caller = fi->caller_addr;
bec77d
 	u_int32_t *xidp;
bec77d
 
bec77d
-	*(svc_getrpccaller(xprt)) = *(fi->caller_addr);
bec77d
+	__rpc_set_netbuf(svc_getrpccaller(xprt), caller->buf, caller->len);
bec77d
 	xidp = __rpcb_get_dg_xidp(xprt);
bec77d
 	*xidp = fi->caller_xid;
bec77d
 }