diff options
author | Patsy Franklin <pfrankli@redhat.com> | 2013-05-30 17:05:21 -0400 |
---|---|---|
committer | Patsy Franklin <pfrankli@redhat.com> | 2013-05-30 22:01:22 -0400 |
commit | eca5920cd90093d8921f27bfbf7bcf54807165bb (patch) | |
tree | a9b9f4ac329cd52b71759090062a74f6092291f8 | |
parent | 96945714ec61951cc748da2b4b8a80cf02127ee9 (diff) | |
download | glibc-eca5920cd90093d8921f27bfbf7bcf54807165bb.tar.gz glibc-eca5920cd90093d8921f27bfbf7bcf54807165bb.tar.xz glibc-eca5920cd90093d8921f27bfbf7bcf54807165bb.zip |
Set reasonable limits for xdr_requests.
[BZ #15553] Increased the current limits large enough to load large key and data values, but small enough to not pose a DoS threat.
-rw-r--r-- | ChangeLog | 13 | ||||
-rw-r--r-- | NEWS | 2 | ||||
-rw-r--r-- | nis/yp_xdr.c | 18 |
3 files changed, 26 insertions, 7 deletions
diff --git a/ChangeLog b/ChangeLog index 89b7bce7ee..9134d18f50 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,15 @@ -2012-05-30 Jeff Law <law@redhat.com> +2013-05-30 Patsy Franklin <pfrankli@redhat.com> + + [BZ # 15553] + * nis/yp_xdr.c (XDRMAXNAME): Define. + (XDRMAXRECORD): Define. + (xdr_domainname): Use XDRMAXNAME. + (xdr_mapname): Likewise. + (xdr_peername): Likewise. + (xdr_keydat): Use XDRMAXRECORD. + (xdr_valdat): Likewise. + +2013-05-30 Jeff Law <law@redhat.com> [BZ #14256] * manual/errno.texi (ESTALE): Update to account for more than diff --git a/NEWS b/NEWS index a66a9d7e9f..acfc19c1bd 100644 --- a/NEWS +++ b/NEWS @@ -19,7 +19,7 @@ Version 2.18 15337, 15339, 15342, 15346, 15359, 15361, 15366, 15380, 15381, 15394, 15395, 15405, 15406, 15409, 15416, 15418, 15419, 15423, 15424, 15426, 15429, 15441, 15442, 15448, 15465, 15480, 15485, 15488, 15490, 15493, - 15497, 15506, 15529. + 15497, 15506, 15529, 15553. * CVE-2013-0242 Buffer overrun in regexp matcher has been fixed (Bugzilla #15078). diff --git a/nis/yp_xdr.c b/nis/yp_xdr.c index 418850643d..34566d19a8 100644 --- a/nis/yp_xdr.c +++ b/nis/yp_xdr.c @@ -32,6 +32,14 @@ #include <rpcsvc/yp.h> #include <rpcsvc/ypclnt.h> +/* The NIS v2 protocol suggests 1024 bytes as a maximum length of all fields. + Current Linux systems don't use this limit. To remain compatible with + recent Linux systems we choose limits large enough to load large key and + data values, but small enough to not pose a DoS threat. */ + +#define XDRMAXNAME 1024 +#define XDRMAXRECORD (16 * 1024 * 1024) + bool_t xdr_ypstat (XDR *xdrs, ypstat *objp) { @@ -49,21 +57,21 @@ libnsl_hidden_def (xdr_ypxfrstat) bool_t xdr_domainname (XDR *xdrs, domainname *objp) { - return xdr_string (xdrs, objp, YPMAXDOMAIN); + return xdr_string (xdrs, objp, XDRMAXNAME); } libnsl_hidden_def (xdr_domainname) bool_t xdr_mapname (XDR *xdrs, mapname *objp) { - return xdr_string (xdrs, objp, YPMAXMAP); + return xdr_string (xdrs, objp, XDRMAXNAME); } libnsl_hidden_def (xdr_mapname) bool_t xdr_peername (XDR *xdrs, peername *objp) { - return xdr_string (xdrs, objp, YPMAXPEER); + return xdr_string (xdrs, objp, XDRMAXNAME); } libnsl_hidden_def (xdr_peername) @@ -71,7 +79,7 @@ bool_t xdr_keydat (XDR *xdrs, keydat *objp) { return xdr_bytes (xdrs, (char **) &objp->keydat_val, - (u_int *) &objp->keydat_len, YPMAXRECORD); + (u_int *) &objp->keydat_len, XDRMAXRECORD); } libnsl_hidden_def (xdr_keydat) @@ -79,7 +87,7 @@ bool_t xdr_valdat (XDR *xdrs, valdat *objp) { return xdr_bytes (xdrs, (char **) &objp->valdat_val, - (u_int *) &objp->valdat_len, YPMAXRECORD); + (u_int *) &objp->valdat_len, XDRMAXRECORD); } libnsl_hidden_def (xdr_valdat) |