[Buildroot] [PATCH] rpcbind: Backport fixes to memory leak security fix
Peter Korsgaard
peter at korsgaard.com
Sun Jan 21 20:28:00 UTC 2018
>>>>> "Ed" == Ed Blake <ed.blake at sondrel.com> writes:
> Commit 954509f added a security fix for CVE-2017-8779, involving
> pairing all svc_getargs() calls with svc_freeargs() to avoid a memory
> leak. However it also introduced a couple of issues:
> - The call to svc_freeargs() from rpcbproc_callit_com() may result in
> an attempt to free static memory, resulting in undefined behaviour.
> - A typo in the svc_freeargs() call from pmapproc_dump() causes NIS
> (aka ypbind) to fail.
> Backport upstream fixes for these issues to version 0.2.3.
> Change-Id: Ib6cb19d51c0ae682e3868593ef78edea4ef587be
> Signed-off-by: Ed Blake <ed.blake at sondrel.com>
Committed to 2017.11.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list