[Buildroot] [PATCH] rpcbind: Backport fixes to memory leak security fix

Peter Korsgaard peter at korsgaard.com
Sun Jan 21 20:28:00 UTC 2018


>>>>> "Ed" == Ed Blake <ed.blake at sondrel.com> writes:

 > Commit 954509f added a security fix for CVE-2017-8779, involving
 > pairing all svc_getargs() calls with svc_freeargs() to avoid a memory
 > leak.  However it also introduced a couple of issues:

 > - The call to svc_freeargs() from rpcbproc_callit_com() may result in
 >   an attempt to free static memory, resulting in undefined behaviour.

 > - A typo in the svc_freeargs() call from pmapproc_dump() causes NIS
 >   (aka ypbind) to fail.

 > Backport upstream fixes for these issues to version 0.2.3.

 > Change-Id: Ib6cb19d51c0ae682e3868593ef78edea4ef587be
 > Signed-off-by: Ed Blake <ed.blake at sondrel.com>

Committed to 2017.11.x, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list