diff options
author | Patsy Franklin <pfrankli@redhat.com> | 2013-05-30 17:05:21 -0400 |
---|---|---|
committer | Patsy Franklin <pfrankli@redhat.com> | 2013-05-30 22:01:22 -0400 |
commit | eca5920cd90093d8921f27bfbf7bcf54807165bb (patch) | |
tree | a9b9f4ac329cd52b71759090062a74f6092291f8 | |
parent | 96945714ec61951cc748da2b4b8a80cf02127ee9 (diff) | |
download | glibc-eca5920cd90093d8921f27bfbf7bcf54807165bb.zip glibc-eca5920cd90093d8921f27bfbf7bcf54807165bb.tar.gz glibc-eca5920cd90093d8921f27bfbf7bcf54807165bb.tar.bz2 |
Set reasonable limits for xdr_requests.
[BZ #15553] Increased the current limits large enough to load large
key and data values, but small enough to not pose a DoS threat.
-rw-r--r-- | ChangeLog | 13 | ||||
-rw-r--r-- | NEWS | 2 | ||||
-rw-r--r-- | nis/yp_xdr.c | 18 |
3 files changed, 26 insertions, 7 deletions
@@ -1,4 +1,15 @@ -2012-05-30 Jeff Law <law@redhat.com> +2013-05-30 Patsy Franklin <pfrankli@redhat.com> + + [BZ # 15553] + * nis/yp_xdr.c (XDRMAXNAME): Define. + (XDRMAXRECORD): Define. + (xdr_domainname): Use XDRMAXNAME. + (xdr_mapname): Likewise. + (xdr_peername): Likewise. + (xdr_keydat): Use XDRMAXRECORD. + (xdr_valdat): Likewise. + +2013-05-30 Jeff Law <law@redhat.com> [BZ #14256] * manual/errno.texi (ESTALE): Update to account for more than @@ -19,7 +19,7 @@ Version 2.18 15337, 15339, 15342, 15346, 15359, 15361, 15366, 15380, 15381, 15394, 15395, 15405, 15406, 15409, 15416, 15418, 15419, 15423, 15424, 15426, 15429, 15441, 15442, 15448, 15465, 15480, 15485, 15488, 15490, 15493, - 15497, 15506, 15529. + 15497, 15506, 15529, 15553. * CVE-2013-0242 Buffer overrun in regexp matcher has been fixed (Bugzilla #15078). diff --git a/nis/yp_xdr.c b/nis/yp_xdr.c index 4188506..34566d1 100644 --- a/nis/yp_xdr.c +++ b/nis/yp_xdr.c @@ -32,6 +32,14 @@ #include <rpcsvc/yp.h> #include <rpcsvc/ypclnt.h> +/* The NIS v2 protocol suggests 1024 bytes as a maximum length of all fields. + Current Linux systems don't use this limit. To remain compatible with + recent Linux systems we choose limits large enough to load large key and + data values, but small enough to not pose a DoS threat. */ + +#define XDRMAXNAME 1024 +#define XDRMAXRECORD (16 * 1024 * 1024) + bool_t xdr_ypstat (XDR *xdrs, ypstat *objp) { @@ -49,21 +57,21 @@ libnsl_hidden_def (xdr_ypxfrstat) bool_t xdr_domainname (XDR *xdrs, domainname *objp) { - return xdr_string (xdrs, objp, YPMAXDOMAIN); + return xdr_string (xdrs, objp, XDRMAXNAME); } libnsl_hidden_def (xdr_domainname) bool_t xdr_mapname (XDR *xdrs, mapname *objp) { - return xdr_string (xdrs, objp, YPMAXMAP); + return xdr_string (xdrs, objp, XDRMAXNAME); } libnsl_hidden_def (xdr_mapname) bool_t xdr_peername (XDR *xdrs, peername *objp) { - return xdr_string (xdrs, objp, YPMAXPEER); + return xdr_string (xdrs, objp, XDRMAXNAME); } libnsl_hidden_def (xdr_peername) @@ -71,7 +79,7 @@ bool_t xdr_keydat (XDR *xdrs, keydat *objp) { return xdr_bytes (xdrs, (char **) &objp->keydat_val, - (u_int *) &objp->keydat_len, YPMAXRECORD); + (u_int *) &objp->keydat_len, XDRMAXRECORD); } libnsl_hidden_def (xdr_keydat) @@ -79,7 +87,7 @@ bool_t xdr_valdat (XDR *xdrs, valdat *objp) { return xdr_bytes (xdrs, (char **) &objp->valdat_val, - (u_int *) &objp->valdat_len, YPMAXRECORD); + (u_int *) &objp->valdat_len, XDRMAXRECORD); } libnsl_hidden_def (xdr_valdat) |