Patch RPC library to avoid possible denial of service attacks as described

recently in BUGTRAQ. If a stream oriented transport fails to properly decode an RPC message header structure where there should be one, it should mark the stream as dead so that the connection will be dropped.
1998-05-15 22:53:47 +00:00 · 1998-05-15 22:53:47 +00:00 · 9c69f26836
commit 9c69f26836
parent 59fcc4ce0f
2 changed files with 4 additions and 2 deletions
--- a/lib/libc/rpc/svc_tcp.c
+++ b/lib/libc/rpc/svc_tcp.c
@ -30,7 +30,7 @@
 #if defined(LIBC_SCCS) && !defined(lint)
 /*static char *sccsid = "from: @(#)svc_tcp.c 1.21 87/08/11 Copyr 1984 Sun Micro";*/
 /*static char *sccsid = "from: @(#)svc_tcp.c	2.2 88/08/01 4.0 RPCSRC";*/
-static char *rcsid = "$Id: svc_tcp.c,v 1.8 1996/12/30 15:19:08 peter Exp $";
+static char *rcsid = "$Id: svc_tcp.c,v 1.11 1997/05/28 05:05:30 wpaul Exp $";
 #endif

 /*
@ -404,6 +404,7 @@ svctcp_recv(xprt, msg)
 		cd->x_id = msg->rm_xid;
 		return (TRUE);
 	}
+	cd->strm_stat = XPRT_DIED;	/* XXXX */
 	return (FALSE);
 }

--- a/lib/libc/rpc/svc_unix.c
+++ b/lib/libc/rpc/svc_unix.c
@ -30,7 +30,7 @@
 #if defined(LIBC_SCCS) && !defined(lint)
 /*static char *sccsid = "from: @(#)svc_unix.c 1.21 87/08/11 Copyr 1984 Sun Micro";*/
 /*static char *sccsid = "from: @(#)svc_unix.c	2.2 88/08/01 4.0 RPCSRC";*/
-static char *rcsid = "$Id: svc_unix.c,v 1.8 1996/12/30 15:19:08 peter Exp $";
+static char *rcsid = "$Id: svc_unix.c,v 1.2 1997/05/28 05:05:31 wpaul Exp $";
 #endif

 /*
@ -467,6 +467,7 @@ svcunix_recv(xprt, msg)
 		msg->rm_call.cb_verf.oa_length = sizeof(cm);
 		return (TRUE);
 	}
+	cd->strm_stat = XPRT_DIED;	/* XXXX */
 	return (FALSE);
 }