From f38772fb2a32514dfbe9f1eb31d326836f25411e Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Aug 06 2019 11:04:48 +0000
Subject: import rpcbind-0.2.0-48.el7


---

diff --git a/SOURCES/rpcbind-0.2.0-rpcinfo-buf-overflow.patch b/SOURCES/rpcbind-0.2.0-rpcinfo-buf-overflow.patch
new file mode 100644
index 0000000..f865959
--- /dev/null
+++ b/SOURCES/rpcbind-0.2.0-rpcinfo-buf-overflow.patch
@@ -0,0 +1,40 @@
+diff -up rpcbind-0.2.0/src/rpcinfo.c.orig rpcbind-0.2.0/src/rpcinfo.c
+--- rpcbind-0.2.0/src/rpcinfo.c.orig	2009-05-29 09:38:22.000000000 -0400
++++ rpcbind-0.2.0/src/rpcinfo.c	2019-01-22 11:43:16.000000000 -0500
+@@ -984,6 +984,7 @@ rpcbdump (dumptype, netid, argc, argv)
+ 	("   program version(s) netid(s)                         service     owner\n");
+       for (rs = rs_head; rs; rs = rs->next)
+ 	{
++	  size_t netidmax = sizeof(buf) - 1;
+ 	  char *p = buf;
+ 
+ 	  printf ("%10ld  ", rs->prog);
+@@ -996,12 +997,22 @@ rpcbdump (dumptype, netid, argc, argv)
+ 	    }
+ 	  printf ("%-10s", buf);
+ 	  buf[0] = '\0';
+-	  for (nl = rs->nlist; nl; nl = nl->next)
+-	    {
+-	      strcat (buf, nl->netid);
+-	      if (nl->next)
+-		strcat (buf, ",");
+-	    }
++
++          for (nl = rs->nlist; nl; nl = nl->next)
++            {
++              strncat (buf, nl->netid, netidmax);
++              if (strlen (nl->netid) < netidmax)
++                netidmax -= strlen(nl->netid);
++              else
++                break;
++
++              if (nl->next && netidmax > 1)
++                {
++                  strncat (buf, ",", netidmax);
++                  netidmax --;
++                }
++            }
++
+ 	  printf ("%-32s", buf);
+ 	  rpc = getrpcbynumber (rs->prog);
+ 	  if (rpc)
diff --git a/SPECS/rpcbind.spec b/SPECS/rpcbind.spec
index 0840f0e..4aec408 100644
--- a/SPECS/rpcbind.spec
+++ b/SPECS/rpcbind.spec
@@ -1,6 +1,6 @@
 Name:           rpcbind
 Version:        0.2.0
-Release:        47%{?dist}
+Release:        48%{?dist}
 Summary:        Universal Addresses to RPC Program Number Mapper
 Group:          System Environment/Daemons
 License:        BSD
@@ -36,6 +36,10 @@ Patch011: rpcbind-0.2.0-xlog-warn.patch
 Patch012: rpcbind-0.2.0-i-warn.patch
 Patch013: rpcbind-0.2.0-memleaks.patch
 Patch014: rpcbind-0.2.0-freeing-static-memory.patch
+#
+# RHEL7.7
+#
+Patch015: rpcbind-0.2.0-rpcinfo-buf-overflow.patch
 
 
 Requires: glibc-common setup
@@ -84,6 +88,8 @@ RPC calls on a server on that machine.
 %patch013 -p1
 # 1454876 - rpcbind crash on start
 %patch014 -p1
+# 1637567 - rpcinfo: Fix stack buffer overflow
+%patch015 -p1
 
 %build
 %ifarch s390 s390x
@@ -197,6 +203,9 @@ fi
 %dir %attr(700,rpc,rpc) /var/lib/rpcbind
 
 %changelog
+* Tue Jan 22 2019 Steve Dickson <steved@redhat.com> - 0.2.0-48
+- rpcinfo: Fix stack buffer overflow (bz 1637567)
+
 * Sat Aug 25 2018 Steve Dickson <steved@redhat.com> - 0.2.0-47
 - rpcbind.service: Not pulling the rpcbind.target (bz 1613210)