This is the mail archive of the
libc-hacker@sourceware.cygnus.com
mailing list for the glibc project.
Re: RPC denial of service
Zack Weinberg writes:
>
> Here's how freebsd fixed it. The patch was made Friday, I doubt it's been
> tested much at all; nor do I know if this code applies to our tree.
I have added it to the current glibc snapshot, and it seems to work.
Since the FreeBSD patch doesn't apply cleanly, I have added a new patch.
Thorsten
--
Thorsten Kukuk kukuk@vt.uni-paderborn.de
http://www-vt.uni-paderborn.de/~kukuk
Linux is like a Vorlon. It is incredibly powerful, gives terse,
cryptic answers and has a lot of things going on in the background.
1998-05-17 Thorsten Kukuk <kukuk@vt.uni-paderborn.de>
* sunrpc/svc_tcp.c: Add FreeBSD DoS patch.
* sunrpc/xdr_rec.c: Likewise.
diff -u libc-cvs/sunrpc/svc_tcp.c libc-work/sunrpc/svc_tcp.c
--- libc-cvs/sunrpc/svc_tcp.c Mon Mar 2 17:06:11 1998
+++ libc-work/sunrpc/svc_tcp.c Sun May 17 23:23:36 1998
@@ -387,6 +387,7 @@
cd->x_id = msg->rm_xid;
return (TRUE);
}
+ cd->strm_stat = XPRT_DIED; /* XXXX */
return (FALSE);
}
diff -u libc-cvs/sunrpc/xdr_rec.c libc-work/sunrpc/xdr_rec.c
--- libc-cvs/sunrpc/xdr_rec.c Mon Oct 6 03:45:01 1997
+++ libc-work/sunrpc/xdr_rec.c Sun May 17 22:57:37 1998
@@ -567,6 +567,12 @@
return FALSE;
header = ntohl (header);
rstrm->last_frag = ((header & LAST_FRAG) == 0) ? FALSE : TRUE;
+ /*
+ * Sanity check. Try not to accept wildly incorrect
+ * record sizes.
+ */
+ if ((header & (~LAST_FRAG)) > rstrm->recvsize)
+ return(FALSE);
rstrm->fbtbc = header & ~LAST_FRAG;
return TRUE;
}