recently in BUGTRAQ. The set_input_fragment() routine in the XDR record
marking code blindly trusts that the first two bytes it sees will in fact
be an actual record header and that the specified size will be sane. In
fact, if you just telnet to a listening port of an RPC service and send a
few carriage returns, set_input_fragment() will obtain a ridiculously large
record size and sit there for a long time trying to read from the network.
A sanity test is required: if the record size is larger than the receive
buffer, punt.
recently in BUGTRAQ. If a stream oriented transport fails to properly decode
an RPC message header structure where there should be one, it should mark
the stream as dead so that the connection will be dropped.
dereferenced. This is because 'SP' is only initialized via 'newterm()'
(which is not required if you are going to interact with the 'terminfo'
database without using 'ncurses').
PR: 6648
Submitted by: Max Euston <meuston@jmrodgers.com>
Use rpcgen's -C option, although using it for non-headers breaks K&R
support. A local copy of yp.h is built to avoid adding
-I/usr/include/rpcsvc to CFLAGS. This version of yp.h differed from
<rpcsvc/yp.h> only in not declaring prototypes.
Fixed style bugs.
but also assumes that they are 32-bits. This is one place where I don't
think it is appropriate to change 'long' to 'int'. I don't see why the
code couldn't be fixed so that using natural long variables does the
right thing. It's spaggetti code so it'll take some effort. Obviously
NetBSD thought so too because they change 'long' to 'int32_t' etc
and left it at that. As a temporary measure FreeBSD/Alpha can use the
NetBSD code and put this on the list of things to fix.
in termios.h, but it's prototype in termcap.h and the main file use
the underlying definition (which is now an int, not a long for
compatibility with NetBSD). Really termcap.h should use speed_t too,
but I guess that this might break sources that don't include termios.h
first.
One bug was relatively harmless (select's timeout had an uninitialized
tv_usec), the other I'm not so sure.. (neglected to catch select returns
less than zero). Both of these were irrelevant on kernels with poll().
chunks of res_comp.c and replacing it with chunks of bind-8.1.1's resolver
code. (There are no interface changes though)
The other parts are better bounds checking related.
