[0.4.7][LIBTIRPC] Fix CVE-2018-14622 CORE-15005, and CVE-2018-14621 CORE-15407

The chance for us to get attacked is rather low, because LIBTIRPC is used solely for the nfs service and I pushed aggressively years ago to have that turned from 'Automatic' to 'Manual' already. I doubt many used this service, that does not exist on real Windows at all. Attacks may result in Denial-Of-Service. For details check: https://nvd.nist.gov/vuln/detail/CVE-2018-14622 https://nvd.nist.gov/vuln/detail/CVE-2018-14621 Fixes picked from: 0.4.11-dev-93-g 000bbe074e CVE-2018-14622 CORE-15005 0.4.11-dev-887-g f5f3ff86ea CVE-2018-14621 CORE-15407
2025-02-23 17:05:46 +00:00 · 2022-03-26 12:53:51 +01:00 · 2022-03-26 12:53:51 +01:00 · 7d8dae7d77
commit 7d8dae7d77
parent dd30d04063
1 changed files with 6 additions and 0 deletions
--- a/dll/3rdparty/libtirpc/src/svc_vc.c
+++ b/dll/3rdparty/libtirpc/src/svc_vc.c
@ -324,6 +324,7 @@ again:
 	    &len)) == SOCKET_ERROR) {
 		if (errno == EINTR)
 			goto again;
+#ifndef __REACTOS__ // CVE-2018-14621
 		/*
 		 * Clean out the most idle file descriptor when we're
 		 * running out.
@ -333,6 +334,7 @@ again:
 			__svc_clean_idle(&cleanfds, 0, FALSE);
 			goto again;
 		}
+#endif
 		return (FALSE);
 	}
 	/*
@ -340,6 +342,10 @@ again:
 	 */

 	newxprt = makefd_xprt(sock, r->sendsize, r->recvsize);
+#ifdef __REACTOS__ // CVE-2018-14622
+	if (!newxprt)
+		return (FALSE);
+#endif

 	if (!__rpc_set_netbuf(&newxprt->xp_rtaddr, &addr, len))
 		return (FALSE);