|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sun RPC was removed from glibc. This includes rpcgen program, librpcsvc,
and Sun RPC headers. Also test for bug #20790 was removed
(test for rpcgen).
Backward compatibility for old programs is kept only for architectures
and ABIs that have been added in or before version 2.28.
libtirpc is mature enough, librpcsvc and rpcgen are provided in
rpcsvc-proto project.
NOTE: libnsl code depends on Sun RPC (installed libnsl headers use
installed Sun RPC headers), thus --enable-obsolete-rpc was a dependency
for --enable-obsolete-nsl (removed in a previous commit).
The arc ABI list file has to be updated because the port was added
with the sunrpc symbols
Tested-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
|
|
Building with GCC 7 produces an error building rpcgen:
rpc_parse.c: In function 'get_prog_declaration':
rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=]
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
~~~~^
rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
That buffer overrun is for the case where the .x file declares a
program with a million arguments. The strcpy two lines above can
generate a buffer overrun much more simply for a long argument name.
The limit on length of line read by rpcgen (MAXLINESIZE == 1024)
provides a bound on the buffer size needed, so this patch just changes
the buffer size to MAXLINESIZE to avoid both possible buffer
overruns. A testcase is added that rpcgen does not crash with a
500-character argument name, where it previously crashed.
It would not at all surprise me if there are many other ways of
crashing rpcgen with either valid or invalid input; fuzz testing would
likely find various such bugs, though I don't think they are that
important to fix (rpcgen is not that likely to be used with untrusted
.x files as input). (As well as fuzz-findable bugs there are probably
also issues when various int variables get overflowed on very large
input.) The test infrastructure for rpcgen-not-crashing tests would
need extending if tests are to be added for cases where rpcgen should
produce an error, as opposed to cases where it should succeed.
Tested for x86_64 and x86.
[BZ #20790]
* sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size
to MAXLINESIZE.
* sunrpc/bug20790.x: New file.
* sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New
variable.
[$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests).
[$(run-built-tests) = yes] ($(rpcgen-tests)): New rule.
|