diff --git a/rpcbind.changes b/rpcbind.changes index 7126c2e..936906d 100644 --- a/rpcbind.changes +++ b/rpcbind.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed May 17 09:14:15 UTC 2017 - schwab@suse.de + +- svc-freeargs: always call svc_freeargs, even if svc_getargs failed + (bsc#1037559, CVE-2017-8779) + ------------------------------------------------------------------- Tue May 2 13:58:57 CEST 2017 - kukuk@suse.de diff --git a/rpcbind.spec b/rpcbind.spec index 48c2f6c..05c164f 100644 --- a/rpcbind.spec +++ b/rpcbind.spec @@ -53,6 +53,7 @@ Patch12: 0012-Move-default-state-dir-to-a-subdirectory-of-var-run.patch Patch14: 0014-When-using-systemd-redirect-syslog-calls-to-the-syst.patch Patch30: 0030-systemd-fix-rmtcall.patch Patch31: 0031-rpcbind-manpage.patch +Patch32: svc-freeargs.patch %{?systemd_requires} Provides: portmap @@ -81,6 +82,7 @@ cp %{SOURCE4} . #%patch14 -p1 #%patch30 -p1 %patch31 -p1 +%patch32 -p1 %build autoreconf -fiv diff --git a/svc-freeargs.patch b/svc-freeargs.patch new file mode 100644 index 0000000..a23e145 --- /dev/null +++ b/svc-freeargs.patch @@ -0,0 +1,26 @@ +Index: rpcbind-0.2.3/src/rpcb_svc.c +=================================================================== +--- rpcbind-0.2.3.orig/src/rpcb_svc.c ++++ rpcbind-0.2.3/src/rpcb_svc.c +@@ -166,7 +166,7 @@ rpcb_service_3(struct svc_req *rqstp, SV + svcerr_decode(transp); + if (debugging) + (void) xlog(LOG_DEBUG, "rpcbind: could not decode"); +- return; ++ goto done; + } + + if (rqstp->rq_proc == RPCBPROC_SET +Index: rpcbind-0.2.3/src/rpcb_svc_4.c +=================================================================== +--- rpcbind-0.2.3.orig/src/rpcb_svc_4.c ++++ rpcbind-0.2.3/src/rpcb_svc_4.c +@@ -220,7 +220,7 @@ rpcb_service_4(struct svc_req *rqstp, SV + svcerr_decode(transp); + if (debugging) + (void) xlog(LOG_DEBUG, "rpcbind: could not decode\n"); +- return; ++ goto done; + } + + if (rqstp->rq_proc == RPCBPROC_SET