From 9c69f26836c23fd823fab7410f6c89256cb7875d Mon Sep 17 00:00:00 2001 From: Bill Paul Date: Fri, 15 May 1998 22:53:47 +0000 Subject: Patch RPC library to avoid possible denial of service attacks as described recently in BUGTRAQ. If a stream oriented transport fails to properly decode an RPC message header structure where there should be one, it should mark the stream as dead so that the connection will be dropped. --- lib/libc/rpc/svc_tcp.c | 3 ++- lib/libc/rpc/svc_unix.c | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/libc/rpc/svc_tcp.c b/lib/libc/rpc/svc_tcp.c index 1387ee126620d..bafa6c34fdd20 100644 --- a/lib/libc/rpc/svc_tcp.c +++ b/lib/libc/rpc/svc_tcp.c @@ -30,7 +30,7 @@ #if defined(LIBC_SCCS) && !defined(lint) /*static char *sccsid = "from: @(#)svc_tcp.c 1.21 87/08/11 Copyr 1984 Sun Micro";*/ /*static char *sccsid = "from: @(#)svc_tcp.c 2.2 88/08/01 4.0 RPCSRC";*/ -static char *rcsid = "$Id: svc_tcp.c,v 1.8 1996/12/30 15:19:08 peter Exp $"; +static char *rcsid = "$Id: svc_tcp.c,v 1.11 1997/05/28 05:05:30 wpaul Exp $"; #endif /* @@ -404,6 +404,7 @@ svctcp_recv(xprt, msg) cd->x_id = msg->rm_xid; return (TRUE); } + cd->strm_stat = XPRT_DIED; /* XXXX */ return (FALSE); } diff --git a/lib/libc/rpc/svc_unix.c b/lib/libc/rpc/svc_unix.c index 04e3223d2eeb8..eb2e8f294610f 100644 --- a/lib/libc/rpc/svc_unix.c +++ b/lib/libc/rpc/svc_unix.c @@ -30,7 +30,7 @@ #if defined(LIBC_SCCS) && !defined(lint) /*static char *sccsid = "from: @(#)svc_unix.c 1.21 87/08/11 Copyr 1984 Sun Micro";*/ /*static char *sccsid = "from: @(#)svc_unix.c 2.2 88/08/01 4.0 RPCSRC";*/ -static char *rcsid = "$Id: svc_unix.c,v 1.8 1996/12/30 15:19:08 peter Exp $"; +static char *rcsid = "$Id: svc_unix.c,v 1.2 1997/05/28 05:05:31 wpaul Exp $"; #endif /* @@ -467,6 +467,7 @@ svcunix_recv(xprt, msg) msg->rm_call.cb_verf.oa_length = sizeof(cm); return (TRUE); } + cd->strm_stat = XPRT_DIED; /* XXXX */ return (FALSE); } -- cgit v1.2.3