From owner-cvs-lib Fri May 15 16:01:53 1998 Return-Path: Received: (from daemon@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA19935 for cvs-lib-outgoing; Fri, 15 May 1998 16:01:53 -0700 (PDT) (envelope-from owner-cvs-lib) Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA19798; Fri, 15 May 1998 16:01:28 -0700 (PDT) (envelope-from wpaul@FreeBSD.org) From: Bill Paul Received: (from wpaul@localhost) by freefall.freebsd.org (8.8.8/8.8.5) id PAA13380; Fri, 15 May 1998 15:57:32 -0700 (PDT) Date: Fri, 15 May 1998 15:57:32 -0700 (PDT) Message-Id: <199805152257.PAA13380@freefall.freebsd.org> To: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, cvs-lib@FreeBSD.ORG Subject: cvs commit: src/lib/libc/rpc svc_tcp.c svc_unix.c src/lib/libc/xdr xdr_rec.c Sender: owner-cvs-lib@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk wpaul 1998/05/15 15:57:32 PDT Modified files: lib/libc/rpc svc_tcp.c svc_unix.c Log: Patch RPC library to avoid possible denial of service attacks as described recently in BUGTRAQ. If a stream oriented transport fails to properly decode an RPC message header structure where there should be one, it should mark the stream as dead so that the connection will be dropped. Revision Changes Path 1.12 +2 -1 src/lib/libc/rpc/svc_tcp.c 1.3 +2 -1 src/lib/libc/rpc/svc_unix.c Modified files: lib/libc/xdr xdr_rec.c Log: Patch RPC library to avoid possible denial of service attacks as described recently in BUGTRAQ. The set_input_fragment() routine in the XDR record marking code blindly trusts that the first two bytes it sees will in fact be an actual record header and that the specified size will be sane. In fact, if you just telnet to a listening port of an RPC service and send a few carriage returns, set_input_fragment() will obtain a ridiculously large record size and sit there for a long time trying to read from the network. A sanity test is required: if the record size is larger than the receive buffer, punt. Revision Changes Path 1.9 +7 -1 src/lib/libc/xdr/xdr_rec.c