d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
a9352e90f0
freebsd-nq/lib/libc
History
Bill Paul a9352e90f0 Patch RPC library to avoid possible denial of service attacks as described 
recently in BUGTRAQ. The set_input_fragment() routine in the XDR record
marking code blindly trusts that the first two bytes it sees will in fact
be an actual record header and that the specified size will be sane. In
fact, if you just telnet to a listening port of an RPC service and send a
few carriage returns, set_input_fragment() will obtain a ridiculously large
record size and sit there for a long time trying to read from the network.

A sanity test is required: if the record size is larger than the receive
buffer, punt.
1998-05-15 22:57:31 +00:00
..
alpha Remove a big hack after adding a small one to libc/gen/getcwd.c to 1998-05-15 12:01:06 +00:00
amd64 Use the thread-aware errno definition all the time. 1998-05-05 22:07:02 +00:00
compat-43 Don't imply sigset_t == int. 1998-05-03 22:27:29 +00:00
db Sorted lists. 1997-10-21 08:41:15 +00:00
gen NetBSD doesn't have a __getcwd syscall, so set have__getcwd to `no' 1998-05-15 11:59:00 +00:00
gmon These files are very specific to FreeBSD kernels, so silently compile 1998-03-09 04:42:19 +00:00
i386 Use the thread-aware errno definition all the time. 1998-05-05 22:07:02 +00:00
include Remove leading underscores from the FILE lock functions that POSIX 1998-05-05 22:02:29 +00:00
locale Add reference to catopen(3) 1998-04-30 16:07:54 +00:00
net Resolve some unexpected differences when comparing with the 2.2 version. 1998-05-02 15:51:54 +00:00
nls Add reference to setlocale(3) 1998-04-30 16:11:50 +00:00
quad Change MACHINE references to MACHINE_ARCH. 1998-02-20 08:23:55 +00:00
regex int -> long changes that reduce the diffs with the NetBSD version to 1998-05-14 21:45:18 +00:00
rpc Patch RPC library to avoid possible denial of service attacks as described 1998-05-15 22:53:47 +00:00
stdio Remote the NetBSD kludge for vfprintf.c 1998-05-08 05:17:11 +00:00
stdlib This is a hack to workaround source that is coded to use long variables 1998-05-08 05:41:57 +00:00
stdtime Remove 'of type long' from a sentence talking about four 4-byte values 1998-05-10 21:21:01 +00:00
string Cast a pointer to a long, not an int before masking it. 1998-05-10 21:22:47 +00:00
sys Remove reference to signanosleep 1998-05-14 14:39:58 +00:00
xdr Patch RPC library to avoid possible denial of service attacks as described 1998-05-15 22:57:31 +00:00
yp Fixed the usual missing dependencies on headers generated by rpcgen. 1998-05-09 15:10:53 +00:00
Makefile Add an include path to private linc/libc_r/libpthread header files. 1998-03-09 06:16:38 +00:00
Makefile.inc Define empty variables in case no names are added to them. This avoids 1998-03-09 06:21:41 +00:00