| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 18 Sep 2022 02:50:54 +0900
From: OGAWA Hirofumi <hirofumi@...l.parknet.co.jp>
To: netdev@...r.kernel.org
Cc: Stephen Hemminger <stephen@...workplumber.org>
Subject: [PATCH iproute2] Fix segv on "-r" option if unknown rpc service
In init_service_resolver(), if getrpcbynumber() returned NULL, c->name
is pointing the undefined memory. So "-r" can segv for example.
So this patch uses "rpc.<r_prog>" format like the following if rpc
name is unresolved, instead of segv or raw port number.
tcp LISTEN 0 64 0.0.0.0:rpc.100227 0.0.0.0:*
[Or we would be able to set c->name = NULL to use raw port number]
Signed-off-by: OGAWA Hirofumi <hirofumi@...l.parknet.co.jp>
---
misc/ss.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/misc/ss.c b/misc/ss.c
index ff985cd..866e278 100644
--- a/misc/ss.c 2022-08-25 16:22:06.454913793 +0900
+++ b/misc/ss.c 2022-09-18 02:48:24.212779850 +0900
@@ -1596,6 +1596,15 @@ static void init_service_resolver(void)
if (rpc) {
strncat(prog, rpc->r_name, 128 - strlen(prog));
c->name = strdup(prog);
+ } else {
+ const char fmt[] = "%s%u";
+ char *buf = NULL;
+ int len = snprintf(buf, 0, fmt, prog,
+ rhead->rpcb_map.r_prog);
+ len++;
+ buf = malloc(len);
+ snprintf(buf, len, fmt, prog, rhead->rpcb_map.r_prog);
+ c->name = buf;
}
c->next = rlist;
_
--
OGAWA Hirofumi <hirofumi@...l.parknet.co.jp>
Powered by blists - more mailing lists