From owner-freebsd-security@freebsd.org  Wed Sep 30 19:54:27 2015
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id B15DDA0C3B9
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Wed, 30 Sep 2015 19:54:27 +0000 (UTC)
 (envelope-from delphij@delphij.net)
Received: from anubis.delphij.net (anubis.delphij.net [64.62.153.212])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "anubis.delphij.net",
 Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 918961D97
 for <freebsd-security@freebsd.org>; Wed, 30 Sep 2015 19:54:27 +0000 (UTC)
 (envelope-from delphij@delphij.net)
Received: from zeta.ixsystems.com (unknown [12.229.62.2])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by anubis.delphij.net (Postfix) with ESMTPSA id B945A24B85;
 Wed, 30 Sep 2015 12:54:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=delphij.net;
 s=anubis; t=1443642866; x=1443657266;
 bh=+yUqI0Cm6oReEGEY4SWAArWNH+9mBES5xLT3ECkz/WE=;
 h=Reply-To:Subject:References:To:Cc:From:Date:In-Reply-To;
 b=yqkrfkUFnZ3dIAJxxUafh8bdKU1+RVCyVqVrYhwW7DQNRSFbb0DxHEuRTTcK2blTg
 e0hiF9swtyuTrHhqft2x1IJ1UHDPpKdXxc4yHOKicAo5te2A8WwX7ORpyiVadPQICY
 zwF/9j9+fQBtYinDq7l1WEPSWp/Gq+fu7yhYyDW0=
Reply-To: d@delphij.net
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-15:24.rpcbind
References: <20150929183942.569F311FD@freefall.freebsd.org>
 <B821DB04-67A9-4F7C-85E1-8ABCF72C6D46@inoc.net> <560C33B7.70100@delphij.net>
 <AE3C0342-75F1-4703-A685-561A303C3C76@inoc.net>
 <560C39B3.1020806@delphij.net>
 <AC5D1DD3-8AD9-49F8-9ECB-5B239E1B97F6@inoc.net>
To: Robert Blayzor <rblayzor.bulk@inoc.net>, d@delphij.net
Cc: freebsd-security@freebsd.org
From: Xin Li <delphij@delphij.net>
Organization: The FreeBSD Project
Message-ID: <560C3DF2.5070608@delphij.net>
Date: Wed, 30 Sep 2015 12:54:26 -0700
MIME-Version: 1.0
In-Reply-To: <AC5D1DD3-8AD9-49F8-9ECB-5B239E1B97F6@inoc.net>
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="CQtUxqDjeRTbUK0Ef4FfbR2ttF6vBjswJ"
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Sep 2015 19:54:27 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--CQtUxqDjeRTbUK0Ef4FfbR2ttF6vBjswJ
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

Hi,

Can you make this change and see if it helps?

Index: rpcb_svc_com.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- rpcb_svc_com.c	(revision 288421)
+++ rpcb_svc_com.c	(working copy)
@@ -1052,7 +1052,7 @@ static bool_t
 netbuf_copybuf(struct netbuf *dst, const struct netbuf *src)
 {

-	assert(dst->buf =3D=3D NULL);
+	assert(dst->len =3D=3D 0 || dst->buf =3D=3D NULL);

 	if ((dst->buf =3D malloc(src->len)) =3D=3D NULL)
 		return (FALSE);

Cheers,
--=20
Xin LI <delphij@delphij.net>    https://www.delphij.net/
FreeBSD - The Power to Serve!           Live free or die


--CQtUxqDjeRTbUK0Ef4FfbR2ttF6vBjswJ
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.8 (FreeBSD)

iQIcBAEBCgAGBQJWDD3yAAoJEJW2GBstM+nslVQQAIW9HZzOes88wacqtiQBLIUm
KKXntKxy+ChLYTJoVITFJnAwy/4UZ3OuscR5A+eOJMrY0UEgokPbWLlEcxcu+JX6
wc3MNVpS/tntHgpliv72delFbnCjCkgRtltZb7iXUOXat+6SNcj3yah96N1L4BEG
LDeLXKbNjAhloJuzqZHEx++r069NyAo8KuKSlGOKMgcTcEqc/1B1qaD+ZZjKgRDm
1qw7rrgTesUa6ExRfoJKpdHUCNPTTqEKLt/lgw9ALJpghEb50lVhuq7KA2U8mWLT
vNsxxjjRajgftNfR6PpwVhRPTAfTneMjdWY0jU7bWkY718iic/MJZF8w7AcRyur0
s+5Ji8mPmXN3EJEvT3a7KwbeNDowpt7sa1O+rEKmCIP8bmzTlREpzr9gett5wd0x
JkzWdqLdoSbuJeDrCpZAyQBdw8Pg90o2A9I3K1TTh5dwkFH0kdrA4+L4ZGnmmFfw
rrySj0TQ7QOqbv4HpwQJaSrkctBoCv08molX9sMYgIbqHkcy5Wx0rGiQETaD8+mF
5S0LOC93kvA7/Fq6ue6gSQkogpyK5etiwz2J9oybLazeuOC7ehGAuJUj3zKAJEGd
W3rc9UeBtVMYe8VA6R/5PZzC+pTk1ldMf02MSWqZMTs7FvndZcNyufpUpYfqs+jc
hd1JlMkYlJUk6MqLu6tX
=kjD9
-----END PGP SIGNATURE-----

--CQtUxqDjeRTbUK0Ef4FfbR2ttF6vBjswJ--