From 211ff61900fb74aeb8596786b0a651cb06798912 Mon Sep 17 00:00:00 2001 From: RISCi_ATOM Date: Tue, 26 May 2020 15:14:51 +0000 Subject: [PATCH] rpcbind : Fix missing / omitted from a previous commit --- net/rpcbind/Makefile | 84 +++++++++++++++++++ net/rpcbind/files/rpcbind.init | 13 +++ ...2017-8779-dos-via-memory-consumption.patch | 29 +++++++ .../002-fix_stack_buffer_overflow.patch | 69 +++++++++++++++ 4 files changed, 195 insertions(+) create mode 100644 net/rpcbind/Makefile create mode 100644 net/rpcbind/files/rpcbind.init create mode 100644 net/rpcbind/patches/001-CVE-2017-8779-dos-via-memory-consumption.patch create mode 100644 net/rpcbind/patches/002-fix_stack_buffer_overflow.patch diff --git a/net/rpcbind/Makefile b/net/rpcbind/Makefile new file mode 100644 index 0000000..a3edece --- /dev/null +++ b/net/rpcbind/Makefile @@ -0,0 +1,84 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=rpcbind +PKG_VERSION:=1.2.5 +PKG_RELEASE:=4 + +PKG_SOURCE_URL:=@SF/rpcbind +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 +PKG_HASH:=2ce360683963b35c19c43f0ee2c7f18aa5b81ef41c3fdbd15ffcb00b8bffda7a + +PKG_MAINTAINER:=Andy Walsh +PKG_LICENSE:=BSD-3-Clause +PKG_CPE_ID:=cpe:/a:rpcbind_project:rpcbind + +PKG_FIXUP:=autoreconf +PKG_REMOVE_FILES:=autogen.sh aclocal.m4 +PKG_INSTALL:=1 + +PKG_CONFIG_DEPENDS:= \ + CONFIG_RPCBIND_LIBWRAP \ + CONFIG_RPCBIND_RMTCALLS + +include $(INCLUDE_DIR)/package.mk + +define Package/rpcbind + SECTION:=net + CATEGORY:=Network + DEPENDS:=+libtirpc +RPCBIND_LIBWRAP:libwrap + TITLE:=Universal addresses to RPC mapper + URL:=http://rpcbind.sourceforge.net/ + USERID:=rpc=65533:rpc=65533 +endef + +define Package/rpcbind/description + The rpcbind utility is a server that converts RPC program numbers into universal addresses. + It must be running on the host to be able to make RPC calls on a server on that machine. + + Rpcbind replaces portmap for NFS v2/v3. It has more features, like ipv6 support. + Note: Nfs4 only configurations can run without it. +endef + +define Package/rpcbind/config +if PACKAGE_rpcbind + config RPCBIND_LIBWRAP + bool "Enable libwrap (TCP wrappers) support." + default y + config RPCBIND_RMTCALLS + bool "Enable broadcast discovery support of rpc services." + help + Services such as Kodi (via libnfs) use this functionality to discover available NFS shares on the network. + default y + + +endif +endef + +CONFIGURE_ARGS += \ + --with-rpcuser=rpc \ + --without-systemdsystemunitdir \ + --enable-warmstarts + +ifeq ($(CONFIG_RPCBIND_LIBWRAP),y) + CONFIGURE_ARGS += --enable-libwrap +else + CONFIGURE_ARGS += --disable-libwrap +endif + +ifeq ($(CONFIG_RPCBIND_RMTCALLS),y) + CONFIGURE_ARGS += --enable-rmtcalls +else + CONFIGURE_ARGS += --disable-rmtcalls +endif + + +define Package/rpcbind/install + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/rpcinfo $(1)/usr/bin/ + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/rpcbind $(1)/usr/sbin/ + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/rpcbind.init $(1)/etc/init.d/rpcbind +endef + +$(eval $(call BuildPackage,rpcbind)) diff --git a/net/rpcbind/files/rpcbind.init b/net/rpcbind/files/rpcbind.init new file mode 100644 index 0000000..2e8ace0 --- /dev/null +++ b/net/rpcbind/files/rpcbind.init @@ -0,0 +1,13 @@ +#!/bin/sh /etc/rc.common + +START=19 +STOP=19 + +USE_PROCD=1 + +start_service() { + procd_open_instance + procd_set_param command /usr/sbin/rpcbind -f -w + procd_set_param respawn + procd_close_instance +} diff --git a/net/rpcbind/patches/001-CVE-2017-8779-dos-via-memory-consumption.patch b/net/rpcbind/patches/001-CVE-2017-8779-dos-via-memory-consumption.patch new file mode 100644 index 0000000..d8137d3 --- /dev/null +++ b/net/rpcbind/patches/001-CVE-2017-8779-dos-via-memory-consumption.patch @@ -0,0 +1,29 @@ +Submitted By: Ken Moffat +Date: 2017-05-29 +Initial Package Version: 0.2.4 (also affects earlier versions) +Upstream Status: Unknown +Origin: Guido Vranken +Description: Fixes CVE-2017-8779 (DOS by remote attackers - memory consumption +without subsequent free). + +diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c +index 5862c26..e11f61b 100644 +--- a/src/rpcb_svc_com.c ++++ b/src/rpcb_svc_com.c +@@ -48,6 +48,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -432,7 +433,7 @@ rpcbproc_taddr2uaddr_com(void *arg, struct svc_req *rqstp /*__unused*/, + static bool_t + xdr_encap_parms(XDR *xdrs, struct encap_parms *epp) + { +- return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), ~0)); ++ return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), RPC_MAXDATASIZE)); + } + + /* diff --git a/net/rpcbind/patches/002-fix_stack_buffer_overflow.patch b/net/rpcbind/patches/002-fix_stack_buffer_overflow.patch new file mode 100644 index 0000000..1a43dac --- /dev/null +++ b/net/rpcbind/patches/002-fix_stack_buffer_overflow.patch @@ -0,0 +1,69 @@ +From 0bc1c0ae7ce61a7ac8a8e9a9b2086268f011abf0 Mon Sep 17 00:00:00 2001 +From: Steve Dickson +Date: Tue, 9 Oct 2018 09:19:50 -0400 +Subject: [PATCH 1/1] rpcinfo: Fix stack buffer overflow + +*** buffer overflow detected ***: rpcinfo terminated +======= Backtrace: ========= +/lib64/libc.so.6(+0x721af)[0x7ff24c4451af] +/lib64/libc.so.6(__fortify_fail+0x37)[0x7ff24c4ccdc7] +/lib64/libc.so.6(+0xf8050)[0x7ff24c4cb050] +rpcinfo(+0x435f)[0xef3be2635f] +rpcinfo(+0x1c62)[0xef3be23c62] +/lib64/libc.so.6(__libc_start_main+0xf5)[0x7ff24c3f36e5] +rpcinfo(+0x2739)[0xef3be24739] +======= Memory map: ======== +... +The patch below fixes it. + +Reviewed-by: Chuck Lever +Signed-off-by: Thomas Blume +Signed-off-by: Steve Dickson +--- + src/rpcinfo.c | 23 +++++++++++++++++------ + 1 file changed, 17 insertions(+), 6 deletions(-) + +diff --git a/src/rpcinfo.c b/src/rpcinfo.c +index 9b46864..cfdba88 100644 +--- a/src/rpcinfo.c ++++ b/src/rpcinfo.c +@@ -973,6 +973,7 @@ rpcbdump (dumptype, netid, argc, argv) + (" program version(s) netid(s) service owner\n"); + for (rs = rs_head; rs; rs = rs->next) + { ++ size_t netidmax = sizeof(buf) - 1; + char *p = buf; + + printf ("%10ld ", rs->prog); +@@ -985,12 +986,22 @@ rpcbdump (dumptype, netid, argc, argv) + } + printf ("%-10s", buf); + buf[0] = '\0'; +- for (nl = rs->nlist; nl; nl = nl->next) +- { +- strcat (buf, nl->netid); +- if (nl->next) +- strcat (buf, ","); +- } ++ ++ for (nl = rs->nlist; nl; nl = nl->next) ++ { ++ strncat (buf, nl->netid, netidmax); ++ if (strlen (nl->netid) < netidmax) ++ netidmax -= strlen(nl->netid); ++ else ++ break; ++ ++ if (nl->next && netidmax > 1) ++ { ++ strncat (buf, ",", netidmax); ++ netidmax --; ++ } ++ } ++ + printf ("%-32s", buf); + rpc = getrpcbynumber (rs->prog); + if (rpc) +-- +1.8.3.1 + -- 2.25.1