From owner-dev-commits-src-all@freebsd.org Sun Jan 31 21:55:59 2021 Return-Path: Delivered-To: dev-commits-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 18B5D4E9410 for ; Sun, 31 Jan 2021 21:55:59 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-qt1-x830.google.com (mail-qt1-x830.google.com [IPv6:2607:f8b0:4864:20::830]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DTPz26Brgz4kvJ for ; Sun, 31 Jan 2021 21:55:58 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: by mail-qt1-x830.google.com with SMTP id z22so10940413qto.7 for ; Sun, 31 Jan 2021 13:55:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=vAWpVGcIgfLQ5Bz9hHmMZl6TD56Y1KPlsa0+PO1sPzE=; b=TEi2FlsnpZpRMw9wX06ntvskpDTWn8ZL1r9+3kBjwMrgCs0vWaOI2L4ap9iFR8yOlO p51La7C61mVa5JuzK/7b79g35EHRox3lCjd+PvtGvMPrzicMixAFF5B8IGcgVQkyUZcn dx6Sq7wR135RVYjxaxZz1MbRQjdE0ywEwgGPEt5VGs56KxNAjSyrbX/s47ksYUX+Jsn8 x1kGRxuIe0UGdFiZ3NOcshm7OnIs7KZvYg8u2Y/Yej2QxuDAQyR/0hhZacjSv5v+X6tM aH4cHQlXWHm2GiOTqJ3DbJVNVfPZXuwDwmVCbeIpZ/6DLSymRspX+ywm1mvG+mBbu/wY 4ZjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=vAWpVGcIgfLQ5Bz9hHmMZl6TD56Y1KPlsa0+PO1sPzE=; b=oXIIi2HzrW2p5a7u9ctuo9rSfaxL0ZEuH8zpJ4J925nMVBtP7IMGl/nc30gOSUY69G RcuZZcxvXB1Qa3+jWCEjsB2iCOpiR5TzGvo7N9wbinZby47xN8xM7eKNYa+tWKTDvUc9 Gw6HhgcCA3ZGf470aiSxXDNNUfNgxLs474QRBFb0eyRFHC2ENw+phVSrhU/+2RIhX4b1 9TbxOMHMJY9Wi+UWryiVIPDzwu59qgvltFTrDexNUufXzlHpUH6pGwYbqZCGlDd9q9ht I3KASI79sVT/4jknfHxzDdzNnkES+t19ZURISHWkVibw3Srg0SwZFmftPR0Q1GnvzPAO /1/w== X-Gm-Message-State: AOAM530Dsh5fHM3wTdLoHj89cFH2LO0BnDJt4DmToRPIcvvydchv4vv3 Ue5A7fQ0eZRJWb4rLZJf+UdVQQ== X-Google-Smtp-Source: ABdhPJy7HxOrQvU87OH3rC58rwlTn2mUElzNKUc2qhEKu9w/K5EaYIUXKTrFxtJSJI+GVOcf9Ra3sw== X-Received: by 2002:ac8:59cb:: with SMTP id f11mr12791591qtf.70.1612130158030; Sun, 31 Jan 2021 13:55:58 -0800 (PST) Received: from mutt-hbsd (pool-100-16-222-53.bltmmd.fios.verizon.net. [100.16.222.53]) by smtp.gmail.com with ESMTPSA id x72sm12557256qka.51.2021.01.31.13.55.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 31 Jan 2021 13:55:57 -0800 (PST) Date: Sun, 31 Jan 2021 16:55:56 -0500 From: Shawn Webb To: Edward Tomasz Napierala Cc: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: Re: git: 5299d64b2b9f - main - libc: fix buffer overrun in getrpcport(3) Message-ID: <20210131215556.eautrr6esynyic6f@mutt-hbsd> X-Operating-System: FreeBSD mutt-hbsd 14.0-CURRENT-HBSD FreeBSD 14.0-CURRENT-HBSD X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0xFF2E67A277F8E1FA References: <202101312143.10VLhfV5025431@gitrepo.freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="b3ey7svlnh3emv3f" Content-Disposition: inline In-Reply-To: <202101312143.10VLhfV5025431@gitrepo.freebsd.org> X-Rspamd-Queue-Id: 4DTPz26Brgz4kvJ X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-BeenThere: dev-commits-src-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for all branches of the src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Jan 2021 21:55:59 -0000 --b3ey7svlnh3emv3f Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Jan 31, 2021 at 09:43:41PM +0000, Edward Tomasz Napierala wrote: > The branch main has been updated by trasz: >=20 > URL: https://cgit.FreeBSD.org/src/commit/?id=3D5299d64b2b9f7a25e423ef1785= d9402a0ef198d3 >=20 > commit 5299d64b2b9f7a25e423ef1785d9402a0ef198d3 > Author: Edward Tomasz Napierala > AuthorDate: 2021-01-31 21:41:55 +0000 > Commit: Edward Tomasz Napierala > CommitDate: 2021-01-31 21:42:02 +0000 >=20 > libc: fix buffer overrun in getrpcport(3) > =20 > Reviewed By: markj > Sponsored by: NetApp, Inc. > Sponsored by: Klara, Inc. > Differential Revision: https://reviews.freebsd.org/D27332 > --- > lib/libc/rpc/getrpcport.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) >=20 > diff --git a/lib/libc/rpc/getrpcport.c b/lib/libc/rpc/getrpcport.c > index 2b2d459c8887..4abc9a0c16af 100644 > --- a/lib/libc/rpc/getrpcport.c > +++ b/lib/libc/rpc/getrpcport.c > @@ -62,14 +62,14 @@ getrpcport(char *host, int prognum, int versnum, int = proto) > =20 > assert(host !=3D NULL); > =20 > - if ((hp =3D gethostbyname(host)) =3D=3D NULL) > + if ((hp =3D gethostbyname2(host, AF_INET)) =3D=3D NULL) > return (0); > memset(&addr, 0, sizeof(addr)); > addr.sin_len =3D sizeof(struct sockaddr_in); > addr.sin_family =3D AF_INET; > addr.sin_port =3D 0; > - if (hp->h_length > addr.sin_len) > - hp->h_length =3D addr.sin_len; > + if (hp->h_length > sizeof(addr.sin_addr.s_addr)) > + hp->h_length =3D sizeof(addr.sin_addr.s_addr); > memcpy(&addr.sin_addr.s_addr, hp->h_addr, (size_t)hp->h_length); > /* Inconsistent interfaces need casts! :-( */ > return (pmap_getport(&addr, (u_long)prognum, (u_long)versnum,=20 Does a fix like this need to get a security advisory report? Also, any plans to MFC? Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD GPG Key ID: 0xFF2E67A277F8E1FA GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9 3633 C85B 0AF8 AB23 0FB2 https://git-01.md.hardenedbsd.org/HardenedBSD/pubkeys/src/branch/master/Sha= wn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --b3ey7svlnh3emv3f Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmAXJ2oACgkQ/y5nonf4 4fqAnQ//Uq4QsTUWHsP4aIGXH49HsRNCRJuoe38tzDoVUlLgaqM1PfITAlehNCoe n/ZVHSMH6bby2CbgsQCGBpx1QqDpyle3N6BDjHzBhL+N8GLxzxuYLbpJ+Fmb7E1R QFxZ9dtQlQvSKJzt5+mvksxBHfPxUayOF7ObX88rHq+i+o3Ho7jfVu65T17DOBYa gj6E/P3MgB7zinGdk72AqH/c4Y47J6zUSdD3CK6Hgo1fg5pBWJHON7AV08P2TkUN Nuj70tFQlUtIu3WMR3X5IZs2O2PSmjFLNOa4KCkqAn/AnMcs0RyGEflpoCmvN462 Vx/7tHJiKzPa583/+2Z6LNc8GVQLUTZH8IVYKenWtELHhA/S8E9F0yFX5Cs0TAQs 7hdfNFn+tVhZpeE1jp1x1+E1B8vET0uzJaOWacDdKkyQZ/BoS/J/HeUTctawWmWs JZo9xB09M9kUD0ZFL3kP4l7JI7w7LV78epGCs58Q8TTvECVkSLE9KPzt4zaXqQzq pLZe/sM5CGdr2gI85Na3ya2stKc5gnFAdgfOKCZn+FV9yjU60GmBxFYWv+YuLxVS Ep9nJSMbAgGTbALFjFd2yHFXAhW1v3do5E5W6HqYSta8ouu9MgcvsHdoKmvYLt3e DcJOSxs32qTDsI9/1LIa6qw+C8DsZM2+gDo1AYDdfispYVBpcAw= =sI5R -----END PGP SIGNATURE----- --b3ey7svlnh3emv3f--