From patchwork Wed Nov  1 02:43:28 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marcel Lorenz <marcel.lorenz@ipfire.org>
X-Patchwork-Id: 1512
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (unknown [172.28.1.200])
	by web02.ipfire.org (Postfix) with ESMTP id 5E98A60DB1
	for <patchwork@ipfire.org>; Tue, 31 Oct 2017 16:43:45 +0100 (CET)
Received: from mail01.ipfire.org (localhost [IPv6:::1])
	by mail01.ipfire.org (Postfix) with ESMTP id BBD73248B;
	Tue, 31 Oct 2017 16:43:44 +0100 (CET)
Received: from localhost.localdomain (mail.ml-systec.de [87.140.105.15])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits))
	(Client did not present a certificate)
	by mail01.ipfire.org (Postfix) with ESMTPSA id 80FA4248B
	for <development@lists.ipfire.org>;
	Tue, 31 Oct 2017 16:43:42 +0100 (CET)
From: Marcel Lorenz <marcel.lorenz@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] rpcbind: update to 0.2.4 and add patch for CVE-2017-8779
Date: Tue, 31 Oct 2017 16:43:28 +0100
Message-Id: <20171031154328.6435-1-marcel.lorenz@ipfire.org>
X-Mailer: git-send-email 2.14.2
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
	<mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <https://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
	<mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org>
---
 lfs/rpcbind                                        | 10 ++++----
 .../rpcbind-0.2.4-vulnerability_fixes-1.patch      | 29 ++++++++++++++++++++++
 2 files changed, 34 insertions(+), 5 deletions(-)
 create mode 100644 src/patches/rpcbind-0.2.4-vulnerability_fixes-1.patch

diff --git a/lfs/rpcbind b/lfs/rpcbind
index 046121f36..f6bd05d9c 100644
--- a/lfs/rpcbind
+++ b/lfs/rpcbind
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2016  IPFire Team  <info@ipfire.org>                          #
+# Copyright (C) 2007-2017   IPFire Team  <info@ipfire.org>                    #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 0.2.3
+VER        = 0.2.4
 
 THISAPP    = rpcbind-$(VER)
 DL_FILE    = $(THISAPP).tar.bz2
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = rpcbind
-PAK_VER    = 2
+PAK_VER    = 3
 
 DEPS       = "libtirpc"
 
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = c8875246b2688a1adfbd6ad43480278d
+$(DL_FILE)_MD5 = cf10cd41ed8228fc54c316191c1f07fe
 
 install : $(TARGET)
 
@@ -77,8 +77,8 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
+	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/rpcbind-0.2.4-vulnerability_fixes-1.patch
 	cd $(DIR_APP) && sed -i "/servname/s:rpcbind:sunrpc:" src/rpcbind.c
-	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/rpcbind/rpcbind-0.2.3-tirpc_fix-1.patch
 	cd $(DIR_APP) && ./configure --prefix=/usr --bindir=/sbin --with-rpcuser=root --without-systemdsystemunitdir --disable-ipv6
 	cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
 	cd $(DIR_APP) && make install
diff --git a/src/patches/rpcbind-0.2.4-vulnerability_fixes-1.patch b/src/patches/rpcbind-0.2.4-vulnerability_fixes-1.patch
new file mode 100644
index 000000000..d8137d3c9
--- /dev/null
+++ b/src/patches/rpcbind-0.2.4-vulnerability_fixes-1.patch
@@ -0,0 +1,29 @@
+Submitted By: Ken Moffat <ken at linuxfromscratch dot org>
+Date: 2017-05-29
+Initial Package Version: 0.2.4 (also affects earlier versions)
+Upstream Status: Unknown
+Origin: Guido Vranken
+Description: Fixes CVE-2017-8779 (DOS by remote attackers - memory consumption
+without subsequent free).
+
+diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c
+index 5862c26..e11f61b 100644
+--- a/src/rpcb_svc_com.c
++++ b/src/rpcb_svc_com.c
+@@ -48,6 +48,7 @@
+ #include <rpc/rpc.h>
+ #include <rpc/rpcb_prot.h>
+ #include <rpc/svc_dg.h>
++#include <rpc/rpc_com.h>
+ #include <netconfig.h>
+ #include <errno.h>
+ #include <syslog.h>
+@@ -432,7 +433,7 @@ rpcbproc_taddr2uaddr_com(void *arg, struct svc_req *rqstp /*__unused*/,
+ static bool_t
+ xdr_encap_parms(XDR *xdrs, struct encap_parms *epp)
+ {
+-	return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), ~0));
++	return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), RPC_MAXDATASIZE));
+ }
+ 
+ /*