|
|
6657fd |
commit 0bc1c0ae7ce61a7ac8a8e9a9b2086268f011abf0
|
|
|
6657fd |
Author: Steve Dickson <steved@redhat.com>
|
|
|
6657fd |
Date: Tue Oct 9 09:19:50 2018 -0400
|
|
|
6657fd |
|
|
|
6657fd |
rpcinfo: Fix stack buffer overflow
|
|
|
6657fd |
|
|
|
6657fd |
*** buffer overflow detected ***: rpcinfo terminated
|
|
|
6657fd |
======= Backtrace: =========
|
|
|
6657fd |
/lib64/libc.so.6(+0x721af)[0x7ff24c4451af]
|
|
|
6657fd |
/lib64/libc.so.6(__fortify_fail+0x37)[0x7ff24c4ccdc7]
|
|
|
6657fd |
/lib64/libc.so.6(+0xf8050)[0x7ff24c4cb050]
|
|
|
6657fd |
rpcinfo(+0x435f)[0xef3be2635f]
|
|
|
6657fd |
rpcinfo(+0x1c62)[0xef3be23c62]
|
|
|
6657fd |
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7ff24c3f36e5]
|
|
|
6657fd |
rpcinfo(+0x2739)[0xef3be24739]
|
|
|
6657fd |
======= Memory map: ========
|
|
|
6657fd |
...
|
|
|
6657fd |
The patch below fixes it.
|
|
|
6657fd |
|
|
|
6657fd |
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
|
|
|
6657fd |
Signed-off-by: Thomas Blume <thomas.blume@suse.com>
|
|
|
6657fd |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
6657fd |
|
|
|
6657fd |
diff --git a/src/rpcinfo.c b/src/rpcinfo.c
|
|
|
6657fd |
index 9b46864..cfdba88 100644
|
|
|
6657fd |
--- a/src/rpcinfo.c
|
|
|
6657fd |
+++ b/src/rpcinfo.c
|
|
|
6657fd |
@@ -973,6 +973,7 @@ rpcbdump (dumptype, netid, argc, argv)
|
|
|
6657fd |
(" program version(s) netid(s) service owner\n");
|
|
|
6657fd |
for (rs = rs_head; rs; rs = rs->next)
|
|
|
6657fd |
{
|
|
|
6657fd |
+ size_t netidmax = sizeof(buf) - 1;
|
|
|
6657fd |
char *p = buf;
|
|
|
6657fd |
|
|
|
6657fd |
printf ("%10ld ", rs->prog);
|
|
|
6657fd |
@@ -985,12 +986,22 @@ rpcbdump (dumptype, netid, argc, argv)
|
|
|
6657fd |
}
|
|
|
6657fd |
printf ("%-10s", buf);
|
|
|
6657fd |
buf[0] = '\0';
|
|
|
6657fd |
- for (nl = rs->nlist; nl; nl = nl->next)
|
|
|
6657fd |
- {
|
|
|
6657fd |
- strcat (buf, nl->netid);
|
|
|
6657fd |
- if (nl->next)
|
|
|
6657fd |
- strcat (buf, ",");
|
|
|
6657fd |
- }
|
|
|
6657fd |
+
|
|
|
6657fd |
+ for (nl = rs->nlist; nl; nl = nl->next)
|
|
|
6657fd |
+ {
|
|
|
6657fd |
+ strncat (buf, nl->netid, netidmax);
|
|
|
6657fd |
+ if (strlen (nl->netid) < netidmax)
|
|
|
6657fd |
+ netidmax -= strlen(nl->netid);
|
|
|
6657fd |
+ else
|
|
|
6657fd |
+ break;
|
|
|
6657fd |
+
|
|
|
6657fd |
+ if (nl->next && netidmax > 1)
|
|
|
6657fd |
+ {
|
|
|
6657fd |
+ strncat (buf, ",", netidmax);
|
|
|
6657fd |
+ netidmax --;
|
|
|
6657fd |
+ }
|
|
|
6657fd |
+ }
|
|
|
6657fd |
+
|
|
|
6657fd |
printf ("%-32s", buf);
|
|
|
6657fd |
rpc = getrpcbynumber (rs->prog);
|
|
|
6657fd |
if (rpc)
|