mirror of
https://sourceware.org/git/glibc.git
synced 2024-12-22 19:00:07 +00:00
Set reasonable limits for xdr_requests.
[BZ #15553] Increased the current limits large enough to load large key and data values, but small enough to not pose a DoS threat.
This commit is contained in:
parent
96945714ec
commit
eca5920cd9
13
ChangeLog
13
ChangeLog
@ -1,4 +1,15 @@
|
||||
2012-05-30 Jeff Law <law@redhat.com>
|
||||
2013-05-30 Patsy Franklin <pfrankli@redhat.com>
|
||||
|
||||
[BZ # 15553]
|
||||
* nis/yp_xdr.c (XDRMAXNAME): Define.
|
||||
(XDRMAXRECORD): Define.
|
||||
(xdr_domainname): Use XDRMAXNAME.
|
||||
(xdr_mapname): Likewise.
|
||||
(xdr_peername): Likewise.
|
||||
(xdr_keydat): Use XDRMAXRECORD.
|
||||
(xdr_valdat): Likewise.
|
||||
|
||||
2013-05-30 Jeff Law <law@redhat.com>
|
||||
|
||||
[BZ #14256]
|
||||
* manual/errno.texi (ESTALE): Update to account for more than
|
||||
|
2
NEWS
2
NEWS
@ -19,7 +19,7 @@ Version 2.18
|
||||
15337, 15339, 15342, 15346, 15359, 15361, 15366, 15380, 15381, 15394,
|
||||
15395, 15405, 15406, 15409, 15416, 15418, 15419, 15423, 15424, 15426,
|
||||
15429, 15441, 15442, 15448, 15465, 15480, 15485, 15488, 15490, 15493,
|
||||
15497, 15506, 15529.
|
||||
15497, 15506, 15529, 15553.
|
||||
|
||||
* CVE-2013-0242 Buffer overrun in regexp matcher has been fixed (Bugzilla
|
||||
#15078).
|
||||
|
18
nis/yp_xdr.c
18
nis/yp_xdr.c
@ -32,6 +32,14 @@
|
||||
#include <rpcsvc/yp.h>
|
||||
#include <rpcsvc/ypclnt.h>
|
||||
|
||||
/* The NIS v2 protocol suggests 1024 bytes as a maximum length of all fields.
|
||||
Current Linux systems don't use this limit. To remain compatible with
|
||||
recent Linux systems we choose limits large enough to load large key and
|
||||
data values, but small enough to not pose a DoS threat. */
|
||||
|
||||
#define XDRMAXNAME 1024
|
||||
#define XDRMAXRECORD (16 * 1024 * 1024)
|
||||
|
||||
bool_t
|
||||
xdr_ypstat (XDR *xdrs, ypstat *objp)
|
||||
{
|
||||
@ -49,21 +57,21 @@ libnsl_hidden_def (xdr_ypxfrstat)
|
||||
bool_t
|
||||
xdr_domainname (XDR *xdrs, domainname *objp)
|
||||
{
|
||||
return xdr_string (xdrs, objp, YPMAXDOMAIN);
|
||||
return xdr_string (xdrs, objp, XDRMAXNAME);
|
||||
}
|
||||
libnsl_hidden_def (xdr_domainname)
|
||||
|
||||
bool_t
|
||||
xdr_mapname (XDR *xdrs, mapname *objp)
|
||||
{
|
||||
return xdr_string (xdrs, objp, YPMAXMAP);
|
||||
return xdr_string (xdrs, objp, XDRMAXNAME);
|
||||
}
|
||||
libnsl_hidden_def (xdr_mapname)
|
||||
|
||||
bool_t
|
||||
xdr_peername (XDR *xdrs, peername *objp)
|
||||
{
|
||||
return xdr_string (xdrs, objp, YPMAXPEER);
|
||||
return xdr_string (xdrs, objp, XDRMAXNAME);
|
||||
}
|
||||
libnsl_hidden_def (xdr_peername)
|
||||
|
||||
@ -71,7 +79,7 @@ bool_t
|
||||
xdr_keydat (XDR *xdrs, keydat *objp)
|
||||
{
|
||||
return xdr_bytes (xdrs, (char **) &objp->keydat_val,
|
||||
(u_int *) &objp->keydat_len, YPMAXRECORD);
|
||||
(u_int *) &objp->keydat_len, XDRMAXRECORD);
|
||||
}
|
||||
libnsl_hidden_def (xdr_keydat)
|
||||
|
||||
@ -79,7 +87,7 @@ bool_t
|
||||
xdr_valdat (XDR *xdrs, valdat *objp)
|
||||
{
|
||||
return xdr_bytes (xdrs, (char **) &objp->valdat_val,
|
||||
(u_int *) &objp->valdat_len, YPMAXRECORD);
|
||||
(u_int *) &objp->valdat_len, XDRMAXRECORD);
|
||||
}
|
||||
libnsl_hidden_def (xdr_valdat)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user