Blame SOURCES/rpcbind-0.2.0-CVE20157236-memcorrup.patch

3a41bb
diff -up rpcbind-0.2.0/src/rpcb_svc_com.c.orig rpcbind-0.2.0/src/rpcb_svc_com.c
3a41bb
--- rpcbind-0.2.0/src/rpcb_svc_com.c.orig	2015-11-30 14:57:10.267576072 -0500
3a41bb
+++ rpcbind-0.2.0/src/rpcb_svc_com.c	2015-11-30 14:59:06.305393416 -0500
3a41bb
@@ -1204,12 +1204,33 @@ check_rmtcalls(struct pollfd *pfds, int
3a41bb
 	return (ncallbacks_found);
3a41bb
 }
3a41bb
 
3a41bb
+/*
3a41bb
+ * This is really a helper function defined in libtirpc, 
3a41bb
+ * but unfortunately, it hasn't been exported yet.
3a41bb
+ */
3a41bb
+static struct netbuf *
3a41bb
+__rpc_set_netbuf(struct netbuf *nb, const void *ptr, size_t len)
3a41bb
+{
3a41bb
+	if (nb->len != len) {
3a41bb
+		if (nb->len)
3a41bb
+			mem_free(nb->buf, nb->len);
3a41bb
+		nb->buf = mem_alloc(len);
3a41bb
+		if (nb->buf == NULL)
3a41bb
+			return NULL;
3a41bb
+
3a41bb
+		nb->maxlen = nb->len = len;
3a41bb
+	}
3a41bb
+	memcpy(nb->buf, ptr, len);
3a41bb
+	return nb;
3a41bb
+}
3a41bb
+
3a41bb
 static void
3a41bb
 xprt_set_caller(SVCXPRT *xprt, struct finfo *fi)
3a41bb
 {
3a41bb
+	const struct netbuf *caller = fi->caller_addr;
3a41bb
 	u_int32_t *xidp;
3a41bb
 
3a41bb
-	*(svc_getrpccaller(xprt)) = *(fi->caller_addr);
3a41bb
+	__rpc_set_netbuf(svc_getrpccaller(xprt), caller->buf, caller->len);
3a41bb
 	xidp = __rpcb_get_dg_xidp(xprt);
3a41bb
 	*xidp = fi->caller_xid;
3a41bb
 }