From 211ff61900fb74aeb8596786b0a651cb06798912 Mon Sep 17 00:00:00 2001
From: RISCi_ATOM <Bob@bobcall.me>
Date: Tue, 26 May 2020 15:14:51 +0000
Subject: [PATCH] rpcbind : Fix missing / omitted from a previous commit

---
 net/rpcbind/Makefile                          | 84 +++++++++++++++++++
 net/rpcbind/files/rpcbind.init                | 13 +++
 ...2017-8779-dos-via-memory-consumption.patch | 29 +++++++
 .../002-fix_stack_buffer_overflow.patch       | 69 +++++++++++++++
 4 files changed, 195 insertions(+)
 create mode 100644 net/rpcbind/Makefile
 create mode 100644 net/rpcbind/files/rpcbind.init
 create mode 100644 net/rpcbind/patches/001-CVE-2017-8779-dos-via-memory-consumption.patch
 create mode 100644 net/rpcbind/patches/002-fix_stack_buffer_overflow.patch

diff --git a/net/rpcbind/Makefile b/net/rpcbind/Makefile
new file mode 100644
index 0000000..a3edece
--- /dev/null
+++ b/net/rpcbind/Makefile
@@ -0,0 +1,84 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=rpcbind
+PKG_VERSION:=1.2.5
+PKG_RELEASE:=4
+
+PKG_SOURCE_URL:=@SF/rpcbind
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
+PKG_HASH:=2ce360683963b35c19c43f0ee2c7f18aa5b81ef41c3fdbd15ffcb00b8bffda7a
+
+PKG_MAINTAINER:=Andy Walsh <andy.walsh44+github@gmail.com>
+PKG_LICENSE:=BSD-3-Clause
+PKG_CPE_ID:=cpe:/a:rpcbind_project:rpcbind
+
+PKG_FIXUP:=autoreconf
+PKG_REMOVE_FILES:=autogen.sh aclocal.m4
+PKG_INSTALL:=1
+
+PKG_CONFIG_DEPENDS:= \
+	CONFIG_RPCBIND_LIBWRAP \
+	CONFIG_RPCBIND_RMTCALLS
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/rpcbind
+  SECTION:=net
+  CATEGORY:=Network
+  DEPENDS:=+libtirpc +RPCBIND_LIBWRAP:libwrap
+  TITLE:=Universal addresses to RPC mapper
+  URL:=http://rpcbind.sourceforge.net/
+  USERID:=rpc=65533:rpc=65533
+endef
+
+define Package/rpcbind/description
+  The rpcbind utility is a server that converts RPC program numbers into universal addresses.
+  It must be running on the host to be able to make RPC calls on a server on that machine.
+
+  Rpcbind replaces portmap for NFS v2/v3. It has more features, like ipv6 support.
+  Note: Nfs4 only configurations can run without it.
+endef
+
+define Package/rpcbind/config
+if PACKAGE_rpcbind
+	config RPCBIND_LIBWRAP
+		bool "Enable libwrap (TCP wrappers) support."
+		default y
+	config RPCBIND_RMTCALLS
+		bool "Enable broadcast discovery support of rpc services."
+		help
+			Services such as Kodi (via libnfs) use this functionality to discover available NFS shares on the network.
+		default y
+		
+		
+endif
+endef
+
+CONFIGURE_ARGS += \
+	--with-rpcuser=rpc \
+	--without-systemdsystemunitdir \
+	--enable-warmstarts
+
+ifeq ($(CONFIG_RPCBIND_LIBWRAP),y)
+	CONFIGURE_ARGS += --enable-libwrap
+else
+	CONFIGURE_ARGS += --disable-libwrap
+endif
+
+ifeq ($(CONFIG_RPCBIND_RMTCALLS),y)
+	CONFIGURE_ARGS += --enable-rmtcalls
+else
+	CONFIGURE_ARGS += --disable-rmtcalls
+endif
+
+
+define Package/rpcbind/install
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/rpcinfo $(1)/usr/bin/
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/rpcbind $(1)/usr/sbin/
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) ./files/rpcbind.init $(1)/etc/init.d/rpcbind
+endef
+
+$(eval $(call BuildPackage,rpcbind))
diff --git a/net/rpcbind/files/rpcbind.init b/net/rpcbind/files/rpcbind.init
new file mode 100644
index 0000000..2e8ace0
--- /dev/null
+++ b/net/rpcbind/files/rpcbind.init
@@ -0,0 +1,13 @@
+#!/bin/sh /etc/rc.common
+
+START=19
+STOP=19
+
+USE_PROCD=1
+
+start_service() { 
+	procd_open_instance
+	procd_set_param command /usr/sbin/rpcbind -f -w
+	procd_set_param respawn
+	procd_close_instance
+}
diff --git a/net/rpcbind/patches/001-CVE-2017-8779-dos-via-memory-consumption.patch b/net/rpcbind/patches/001-CVE-2017-8779-dos-via-memory-consumption.patch
new file mode 100644
index 0000000..d8137d3
--- /dev/null
+++ b/net/rpcbind/patches/001-CVE-2017-8779-dos-via-memory-consumption.patch
@@ -0,0 +1,29 @@
+Submitted By: Ken Moffat <ken at linuxfromscratch dot org>
+Date: 2017-05-29
+Initial Package Version: 0.2.4 (also affects earlier versions)
+Upstream Status: Unknown
+Origin: Guido Vranken
+Description: Fixes CVE-2017-8779 (DOS by remote attackers - memory consumption
+without subsequent free).
+
+diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c
+index 5862c26..e11f61b 100644
+--- a/src/rpcb_svc_com.c
++++ b/src/rpcb_svc_com.c
+@@ -48,6 +48,7 @@
+ #include <rpc/rpc.h>
+ #include <rpc/rpcb_prot.h>
+ #include <rpc/svc_dg.h>
++#include <rpc/rpc_com.h>
+ #include <netconfig.h>
+ #include <errno.h>
+ #include <syslog.h>
+@@ -432,7 +433,7 @@ rpcbproc_taddr2uaddr_com(void *arg, struct svc_req *rqstp /*__unused*/,
+ static bool_t
+ xdr_encap_parms(XDR *xdrs, struct encap_parms *epp)
+ {
+-	return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), ~0));
++	return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), RPC_MAXDATASIZE));
+ }
+ 
+ /*
diff --git a/net/rpcbind/patches/002-fix_stack_buffer_overflow.patch b/net/rpcbind/patches/002-fix_stack_buffer_overflow.patch
new file mode 100644
index 0000000..1a43dac
--- /dev/null
+++ b/net/rpcbind/patches/002-fix_stack_buffer_overflow.patch
@@ -0,0 +1,69 @@
+From 0bc1c0ae7ce61a7ac8a8e9a9b2086268f011abf0 Mon Sep 17 00:00:00 2001
+From: Steve Dickson <steved@redhat.com>
+Date: Tue, 9 Oct 2018 09:19:50 -0400
+Subject: [PATCH 1/1] rpcinfo: Fix stack buffer overflow
+
+*** buffer overflow detected ***: rpcinfo terminated
+======= Backtrace: =========
+/lib64/libc.so.6(+0x721af)[0x7ff24c4451af]
+/lib64/libc.so.6(__fortify_fail+0x37)[0x7ff24c4ccdc7]
+/lib64/libc.so.6(+0xf8050)[0x7ff24c4cb050]
+rpcinfo(+0x435f)[0xef3be2635f]
+rpcinfo(+0x1c62)[0xef3be23c62]
+/lib64/libc.so.6(__libc_start_main+0xf5)[0x7ff24c3f36e5]
+rpcinfo(+0x2739)[0xef3be24739]
+======= Memory map: ========
+...
+The patch below fixes it.
+
+Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
+Signed-off-by: Thomas Blume <thomas.blume@suse.com>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ src/rpcinfo.c | 23 +++++++++++++++++------
+ 1 file changed, 17 insertions(+), 6 deletions(-)
+
+diff --git a/src/rpcinfo.c b/src/rpcinfo.c
+index 9b46864..cfdba88 100644
+--- a/src/rpcinfo.c
++++ b/src/rpcinfo.c
+@@ -973,6 +973,7 @@ rpcbdump (dumptype, netid, argc, argv)
+ 	("   program version(s) netid(s)                         service     owner\n");
+       for (rs = rs_head; rs; rs = rs->next)
+ 	{
++	  size_t netidmax = sizeof(buf) - 1;
+ 	  char *p = buf;
+ 
+ 	  printf ("%10ld  ", rs->prog);
+@@ -985,12 +986,22 @@ rpcbdump (dumptype, netid, argc, argv)
+ 	    }
+ 	  printf ("%-10s", buf);
+ 	  buf[0] = '\0';
+-	  for (nl = rs->nlist; nl; nl = nl->next)
+-	    {
+-	      strcat (buf, nl->netid);
+-	      if (nl->next)
+-		strcat (buf, ",");
+-	    }
++
++          for (nl = rs->nlist; nl; nl = nl->next)
++            {
++              strncat (buf, nl->netid, netidmax);
++              if (strlen (nl->netid) < netidmax)
++                netidmax -= strlen(nl->netid);
++              else
++                break;
++
++              if (nl->next && netidmax > 1)
++                {
++                  strncat (buf, ",", netidmax);
++                  netidmax --;
++                }
++            }
++
+ 	  printf ("%-32s", buf);
+ 	  rpc = getrpcbynumber (rs->prog);
+ 	  if (rpc)
+-- 
+1.8.3.1
+
-- 
2.25.1