Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-07-04 05:31:22 +00:00
Code Issues Projects Releases Packages Wiki Activity

[0.4.7][LIBTIRPC] Fix CVE-2018-14622 CORE-15005, and CVE-2018-14621 CORE-15407

Browse source 
The chance for us to get attacked is rather low, because
LIBTIRPC is used solely for the nfs service and
I pushed aggressively years ago to have that turned from
'Automatic' to 'Manual' already.
I doubt many used this service, that does not exist on real Windows at all.
Attacks may result in Denial-Of-Service.

For details check:
https://nvd.nist.gov/vuln/detail/CVE-2018-14622
https://nvd.nist.gov/vuln/detail/CVE-2018-14621

Fixes picked from:
0.4.11-dev-93-g 000bbe074e CVE-2018-14622 CORE-15005
0.4.11-dev-887-g f5f3ff86ea CVE-2018-14621 CORE-15407
This commit is contained in:
Joachim Henze 2022-03-26 12:53:51 +01:00
parent dd30d04063
commit 7d8dae7d77
1 changed files with 6 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
dll/3rdparty/libtirpc/src/svc_vc.c vendored
View file

@ -324,6 +324,7 @@ again:
&len)) == SOCKET_ERROR) { &len)) == SOCKET_ERROR) {
if (errno == EINTR) if (errno == EINTR)
goto again; goto again;
#ifndef __REACTOS__ // CVE-2018-14621
/* /*
* Clean out the most idle file descriptor when we're * Clean out the most idle file descriptor when we're
* running out. * running out.
@ -333,6 +334,7 @@ again:
__svc_clean_idle(&cleanfds, 0, FALSE); __svc_clean_idle(&cleanfds, 0, FALSE);
goto again; goto again;
} }
#endif
return (FALSE); return (FALSE);
} }
/* /*
@ -340,6 +342,10 @@ again:
*/ */
newxprt = makefd_xprt(sock, r->sendsize, r->recvsize); newxprt = makefd_xprt(sock, r->sendsize, r->recvsize);
#ifdef __REACTOS__ // CVE-2018-14622
if (!newxprt)
return (FALSE);
#endif
if (!__rpc_set_netbuf(&newxprt->xp_rtaddr, &addr, len)) if (!__rpc_set_netbuf(&newxprt->xp_rtaddr, &addr, len))
return (FALSE); return (FALSE);