Home
My Posts

Archive
Login
Signup

Recent Posts

Free subdomains

Want your own xyz.kpaste.net sub-domain for your community? Just type the address into your browser address bar (foo.xyz.kpaste.net is also supported).

Suggestions/Bugs?

Email us at . Try to include as much info as possible.

About

Pastebin is a tool for collaborative debugging or editing.

 

msnfs41client: libtirpc/CVE backports+misc patches for 2023-10-18
Posted by Anonymous on Wed 18th Oct 2023 17:47
raw | new post

Submit a correction or amendment below (click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.

Syntax highlighting: None Bash C C++ CSS Diff HTML mIRC Script Perl PHP Python Smarty XML ---------------------------- ABAP Actionscript ADA Apache Log AppleScript APT sources.list ASM ASP AutoIT Bash C C# C++ C++ (with QT) CSS Diff HTML INI (Config Files) Java Javascript Lua Make mIRC Script MySQL NSIS Perl PHP Python Q(uick)BASIC robots Ruby Ruby on Rails SDLBasic Smarty SQL TCL Text VB.NET Visual BASIC Visual Fox Pro Visual Prolog Windows Registry Files XML Xorg.conf

To highlight particular lines, prefix each line with {%HIGHLIGHT}
From 6ba7818406e41226b1df3d2df60430728b16bd3a Mon Sep 17 00:00:00 2001 From: Roland Mainz <roland.mainz@nrubsig.org> Date: Wed, 18 Oct 2023 15:33:51 +0200 Subject: [PATCH 1/7] nfs_daemon: daemon should print an indicator whether idmap uses Cygwin nfs_daemon should print an indicator whether idmap uses Cygwin as idmapping service, i.e. "idmap_cygwin is 1" in "parse_cmdlineargs: debug_level 0 ldap is 0 idmap_cygwin is 1". Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com> --- daemon/nfs41_daemon.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/daemon/nfs41_daemon.c b/daemon/nfs41_daemon.c index c7fc140..42bfc6c 100644 --- a/daemon/nfs41_daemon.c +++ b/daemon/nfs41_daemon.c @@ -238,7 +238,12 @@ static bool_t parse_cmdlineargs(int argc, TCHAR *argv[], nfsd_args *out) fprintf(stderr, "Unrecognized option '%s', disregarding.\n", argv[i]); } } - fprintf(stdout, "parse_cmdlineargs: debug_level %d ldap is %d\n", + + (void)fprintf(stdout, "parse_cmdlineargs: debug_level %d ldap is %d " +#ifdef NFS41_DRIVER_FEATURE_NAMESERVICE_CYGWIN + "idmap_cygwin is 1 " +#endif /* NFS41_DRIVER_FEATURE_NAMESERVICE_CYGWIN */ + "\n", out->debug_level, out->ldap_enable); return TRUE; } -- 2.39.0 From 301111b8466217b67bc24fc805a32af9bdf09750 Mon Sep 17 00:00:00 2001 From: Martin Wege <martin.l.wege@gmail.com> Date: Thu, 24 Mar 2022 02:46:53 +0300 Subject: [PATCH 2/7] Do not declare global variables in a header Port ReactOS 5632aa5d82e244f16edec2b5991f2ea952bd2094 ("[LIBTIRPC] Do not declare global variables in a header") Original patch by Victor Perevertkin <victor.perevertkin@reactos.org> Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com> --- libtirpc/src/rpc_com.h | 5 ++--- libtirpc/src/rpc_commondata.c | 3 +++ 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/libtirpc/src/rpc_com.h b/libtirpc/src/rpc_com.h index 0658438..a69d7f0 100644 --- a/libtirpc/src/rpc_com.h +++ b/libtirpc/src/rpc_com.h @@ -92,9 +92,8 @@ bool_t __xdrrec_getrec(XDR *, enum xprt_stat *, bool_t); void __xprt_unregister_unlocked(SVCXPRT *); void __xprt_set_raddr(SVCXPRT *, const struct sockaddr_storage *); - -SVCXPRT **__svc_xports; -int __svc_maxrec; +extern SVCXPRT **__svc_xports; +extern int __svc_maxrec; __END_DECLS diff --git a/libtirpc/src/rpc_commondata.c b/libtirpc/src/rpc_commondata.c index ec8d3fb..3b2a9e5 100644 --- a/libtirpc/src/rpc_commondata.c +++ b/libtirpc/src/rpc_commondata.c @@ -37,3 +37,6 @@ struct opaque_auth _null_auth; fd_set svc_fdset; int svc_maxfd = -1; + +SVCXPRT **__svc_xports; +int __svc_maxrec; -- 2.39.0 From ed1e009d4d87dcdd4a2744e7a2868e4578f8073b Mon Sep 17 00:00:00 2001 From: Martin Wege <martin.l.wege@gmail.com> Date: Sun, 15 Oct 2017 13:54:11 +0200 Subject: [PATCH 3/7] Fix CVE-2017-8779 by backporting its fix Port ReactOS 6808e7d25b8262f70011e53f3dc46db7aa0813fa ("Fix CVE-2017-8779 by backporting its fix") Original patch by Pierre Schweitzer <pierre@reactos.org> Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com> --- libtirpc/src/rpc_generic.c | 14 +++++++++++ libtirpc/src/rpcb_prot.c | 44 +++++++++++++++++++++++++++++++++ libtirpc/src/rpcb_st_xdr.c | 19 +++++++++++++++ libtirpc/src/xdr.c | 50 ++++++++++++++++++++++++++++++++++++++ 4 files changed, 127 insertions(+) diff --git a/libtirpc/src/rpc_generic.c b/libtirpc/src/rpc_generic.c index bcf4d42..42dca45 100644 --- a/libtirpc/src/rpc_generic.c +++ b/libtirpc/src/rpc_generic.c @@ -654,6 +654,11 @@ __rpc_taddr2uaddr_af(int af, const struct netbuf *nbuf) switch (af) { case AF_INET: +#ifdef _WIN32 // CVE-2017-8779 + if (nbuf->len < sizeof(*sin)) { + return NULL; + } +#endif sin = nbuf->buf; if (inet_ntop(af, &sin->sin_addr, namebuf, sizeof namebuf) == NULL) @@ -665,6 +670,11 @@ __rpc_taddr2uaddr_af(int af, const struct netbuf *nbuf) break; #ifdef INET6 case AF_INET6: +#ifdef _WIN32 // CVE-2017-8779 + if (nbuf->len < sizeof(*sin6)) { + return NULL; + } +#endif sin6 = nbuf->buf; if (inet_ntop(af, &sin6->sin6_addr, namebuf6, sizeof namebuf6) == NULL) @@ -711,6 +721,10 @@ __rpc_uaddr2taddr_af(int af, const char *uaddr) port = 0; sin = NULL; +#ifdef _WIN32 // CVE-2017-8779 + if (uaddr == NULL) + return NULL; +#endif addrstr = strdup(uaddr); if (addrstr == NULL) return NULL; diff --git a/libtirpc/src/rpcb_prot.c b/libtirpc/src/rpcb_prot.c index 0b762d1..ea8bef7 100644 --- a/libtirpc/src/rpcb_prot.c +++ b/libtirpc/src/rpcb_prot.c @@ -42,6 +42,9 @@ #include <rpc/types.h> #include <rpc/xdr.h> #include <rpc/rpcb_prot.h> +#ifdef _WIN32 // CVE-2017-8779 +#include "rpc_com.h" +#endif bool_t xdr_rpcb(xdrs, objp) @@ -54,6 +57,7 @@ xdr_rpcb(xdrs, objp) if (!xdr_u_int32_t(xdrs, &objp->r_vers)) { return (FALSE); } +#ifndef _WIN32 // CVE-2017-8779 if (!xdr_string(xdrs, &objp->r_netid, (u_int)~0)) { return (FALSE); } @@ -63,6 +67,17 @@ xdr_rpcb(xdrs, objp) if (!xdr_string(xdrs, &objp->r_owner, (u_int)~0)) { return (FALSE); } +#else + if (!xdr_string(xdrs, &objp->r_netid, RPC_MAXDATASIZE)) { + return (FALSE); + } + if (!xdr_string(xdrs, &objp->r_addr, RPC_MAXDATASIZE)) { + return (FALSE); + } + if (!xdr_string(xdrs, &objp->r_owner, RPC_MAXDATASIZE)) { + return (FALSE); + } +#endif return (TRUE); } @@ -160,21 +175,39 @@ xdr_rpcb_entry(xdrs, objp) XDR *xdrs; rpcb_entry *objp; { +#ifndef _WIN32 // CVE-2017-8779 if (!xdr_string(xdrs, &objp->r_maddr, (u_int)~0)) { return (FALSE); } if (!xdr_string(xdrs, &objp->r_nc_netid, (u_int)~0)) { return (FALSE); } +#else + if (!xdr_string(xdrs, &objp->r_maddr, RPC_MAXDATASIZE)) { + return (FALSE); + } + if (!xdr_string(xdrs, &objp->r_nc_netid, RPC_MAXDATASIZE)) { + return (FALSE); + } +#endif if (!xdr_u_int32_t(xdrs, &objp->r_nc_semantics)) { return (FALSE); } +#ifndef _WIN32 // CVE-2017-8779 if (!xdr_string(xdrs, &objp->r_nc_protofmly, (u_int)~0)) { return (FALSE); } if (!xdr_string(xdrs, &objp->r_nc_proto, (u_int)~0)) { return (FALSE); } +#else + if (!xdr_string(xdrs, &objp->r_nc_protofmly, RPC_MAXDATASIZE)) { + return (FALSE); + } + if (!xdr_string(xdrs, &objp->r_nc_proto, RPC_MAXDATASIZE)) { + return (FALSE); + } +#endif return (TRUE); } @@ -293,7 +326,11 @@ xdr_rpcb_rmtcallres(xdrs, p) bool_t dummy; struct r_rpcb_rmtcallres *objp = (struct r_rpcb_rmtcallres *)(void *)p; +#ifdef _WIN32 // CVE-2017-8779 + if (!xdr_string(xdrs, &objp->addr, RPC_MAXDATASIZE)) { +#else if (!xdr_string(xdrs, &objp->addr, (u_int)~0)) { +#endif return (FALSE); } if (!xdr_u_int(xdrs, &objp->results.results_len)) { @@ -313,6 +350,13 @@ xdr_netbuf(xdrs, objp) if (!xdr_u_int32_t(xdrs, (u_int32_t *) &objp->maxlen)) { return (FALSE); } +#ifdef _WIN32 // CVE-2017-8779 + + if (objp->maxlen > RPC_MAXDATASIZE) { + return (FALSE); + } + +#endif dummy = xdr_bytes(xdrs, (char **)&(objp->buf), (u_int *)&(objp->len), objp->maxlen); return (dummy); diff --git a/libtirpc/src/rpcb_st_xdr.c b/libtirpc/src/rpcb_st_xdr.c index 6feb70b..5b0b11f 100644 --- a/libtirpc/src/rpcb_st_xdr.c +++ b/libtirpc/src/rpcb_st_xdr.c @@ -39,6 +39,9 @@ #include <wintirpc.h> #include <rpc/rpc.h> +#ifdef _WIN32 // CVE-2017-8779 +#include "rpc_com.h" +#endif /* Link list of all the stats about getport and getaddr */ @@ -60,7 +63,11 @@ xdr_rpcbs_addrlist(xdrs, objp) if (!xdr_int(xdrs, &objp->failure)) { return (FALSE); } +#ifdef _WIN32 // CVE-2017-8779 + if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) { +#else if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) { +#endif return (FALSE); } @@ -111,7 +118,11 @@ xdr_rpcbs_rmtcalllist(xdrs, objp) IXDR_PUT_INT32(buf, objp->failure); IXDR_PUT_INT32(buf, objp->indirect); } +#ifdef _WIN32 // CVE-2017-8779 + if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) { +#else if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) { +#endif return (FALSE); } if (!xdr_pointer(xdrs, (char **)&objp->next, @@ -149,7 +160,11 @@ xdr_rpcbs_rmtcalllist(xdrs, objp) objp->failure = (int)IXDR_GET_INT32(buf); objp->indirect = (int)IXDR_GET_INT32(buf); } +#ifdef _WIN32 // CVE-2017-8779 + if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) { +#else if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) { +#endif return (FALSE); } if (!xdr_pointer(xdrs, (char **)&objp->next, @@ -177,7 +192,11 @@ xdr_rpcbs_rmtcalllist(xdrs, objp) if (!xdr_int(xdrs, &objp->indirect)) { return (FALSE); } +#ifdef _WIN32 // CVE-2017-8779 + if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) { +#else if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) { +#endif return (FALSE); } if (!xdr_pointer(xdrs, (char **)&objp->next, diff --git a/libtirpc/src/xdr.c b/libtirpc/src/xdr.c index 85396b3..7f098b4 100644 --- a/libtirpc/src/xdr.c +++ b/libtirpc/src/xdr.c @@ -44,8 +44,14 @@ #include <stdlib.h> #include <string.h> +#ifdef _WIN32 // CVE-2017-8779 +#include <rpc/rpc.h> +#endif #include <rpc/types.h> #include <rpc/xdr.h> +#ifdef _WIN32 // CVE-2017-8779 +#include <rpc/rpc_com.h> +#endif typedef quad_t longlong_t; /* ANSI long long type */ typedef u_quad_t u_longlong_t; /* ANSI unsigned long long type */ @@ -55,7 +61,9 @@ typedef u_quad_t u_longlong_t; /* ANSI unsigned long long type */ */ #define XDR_FALSE ((long) 0) #define XDR_TRUE ((long) 1) +#ifndef _WIN32 // CVE-2017-8779 #define LASTUNSIGNED ((u_int) 0-1) +#endif /* * for unit alignment @@ -533,6 +541,9 @@ xdr_bytes(xdrs, cpp, sizep, maxsize) { char *sp = *cpp; /* sp is the actual string pointer */ u_int nodesize; +#ifdef _WIN32 // CVE-2017-8779 + bool_t ret, allocated = FALSE; +#endif /* * first deal with the length since xdr bytes are counted @@ -556,6 +567,9 @@ xdr_bytes(xdrs, cpp, sizep, maxsize) } if (sp == NULL) { *cpp = sp = mem_alloc(nodesize); +#ifdef _WIN32 // CVE-2017-8779 + allocated = TRUE; +#endif } if (sp == NULL) { //warnx("xdr_bytes: out of memory"); @@ -564,7 +578,18 @@ xdr_bytes(xdrs, cpp, sizep, maxsize) /* FALLTHROUGH */ case XDR_ENCODE: +#ifndef _WIN32 // CVE-2017-8779 return (xdr_opaque(xdrs, sp, nodesize)); +#else + ret = xdr_opaque(xdrs, sp, nodesize); + if ((xdrs->x_op == XDR_DECODE) && (ret == FALSE)) { + if (allocated == TRUE) { + free(sp); + *cpp = NULL; + } + } + return (ret); +#endif case XDR_FREE: if (sp != NULL) { @@ -658,6 +683,9 @@ xdr_string(xdrs, cpp, maxsize) char *sp = *cpp; /* sp is the actual string pointer */ u_int size; u_int nodesize; +#ifdef _WIN32 // CVE-2017-8779 + bool_t ret, allocated = FALSE; +#endif /* * first deal with the length since xdr strings are counted-strings @@ -697,8 +725,15 @@ xdr_string(xdrs, cpp, maxsize) switch (xdrs->x_op) { case XDR_DECODE: +#ifndef _WIN32 // CVE-2017-8779 if (sp == NULL) *cpp = sp = mem_alloc(nodesize); +#else + if (sp == NULL) { + *cpp = sp = mem_alloc(nodesize); + allocated = TRUE; + } +#endif if (sp == NULL) { //warnx("xdr_string: out of memory"); return (FALSE); @@ -707,7 +742,18 @@ xdr_string(xdrs, cpp, maxsize) /* FALLTHROUGH */ case XDR_ENCODE: +#ifndef _WIN32 // CVE-2017-8779 return (xdr_opaque(xdrs, sp, size)); +#else + ret = xdr_opaque(xdrs, sp, size); + if ((xdrs->x_op == XDR_DECODE) && (ret == FALSE)) { + if (allocated == TRUE) { + free(sp); + *cpp = NULL; + } + } + return (ret); +#endif case XDR_FREE: mem_free(sp, nodesize); @@ -727,7 +773,11 @@ xdr_wrapstring(xdrs, cpp) XDR *xdrs; char **cpp; { +#ifdef _WIN32 // CVE-2017-8779 + return xdr_string(xdrs, cpp, RPC_MAXDATASIZE); +#else return xdr_string(xdrs, cpp, LASTUNSIGNED); +#endif } /* -- 2.39.0 From d5e85ecf9a8a3616aa0645f16a0b3c568af22023 Mon Sep 17 00:00:00 2001 From: Martin Wege <martin.l.wege@gmail.com> Date: Sat, 1 Dec 2018 12:15:31 +0100 Subject: [PATCH 4/7] Fix CVE-2018-14621 by backporting its fix Port ReactOS f5f3ff86eafd51bd34665fdfed892a7fc3785879 ("Fix CVE-2018-14621 by backporting its fix") Original patch by Pierre Schweitzer <pierre@reactos.org> Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com> --- libtirpc/src/svc_vc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libtirpc/src/svc_vc.c b/libtirpc/src/svc_vc.c index 6ea4140..8113500 100644 --- a/libtirpc/src/svc_vc.c +++ b/libtirpc/src/svc_vc.c @@ -324,6 +324,7 @@ again: &len)) == SOCKET_ERROR) { if (errno == EINTR) goto again; +#ifndef _WIN32 // CVE-2018-14621 /* * Clean out the most idle file descriptor when we're * running out. @@ -333,6 +334,7 @@ again: __svc_clean_idle(&cleanfds, 0, FALSE); goto again; } +#endif return (FALSE); } /* -- 2.39.0 From c5e38fd19404401b28a7696b45ec6fe399d54bb6 Mon Sep 17 00:00:00 2001 From: Martin Wege <martin.l.wege@gmail.com> Date: Wed, 5 Sep 2018 21:44:47 +0200 Subject: [PATCH 5/7] Fix CVE-2018-14622 by backporting its fix Port ReactOS 000bbe074ed29d1efe39d4d65c81d1c1ead07c93 ("Fix CVE-2018-14622 by backporting its fix") Original patch by Pierre Schweitzer <pierre@reactos.org> Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com> --- libtirpc/src/svc_vc.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libtirpc/src/svc_vc.c b/libtirpc/src/svc_vc.c index 8113500..53f0df3 100644 --- a/libtirpc/src/svc_vc.c +++ b/libtirpc/src/svc_vc.c @@ -342,6 +342,10 @@ again: */ newxprt = makefd_xprt(sock, r->sendsize, r->recvsize); +#ifdef _WIN32 // CVE-2018-14622 + if (!newxprt) + return (FALSE); +#endif if (!__rpc_set_netbuf(&newxprt->xp_rtaddr, &addr, len)) return (FALSE); -- 2.39.0 From b9cd91cf37013d20f5df235d9450db29e2b6798b Mon Sep 17 00:00:00 2001 From: Martin Wege <martin.l.wege@gmail.com> Date: Sun, 26 Nov 2017 14:44:26 +0100 Subject: [PATCH 6/7] Match rtime() propotype and implementation Port ReactOS 1feb8e627efd1515097505a675aa4f2e6d8cf15c ("Match rtime() propotype and implementation") Original patch by Pierre Schweitzer <pierre@reactos.org> Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com> --- libtirpc/tirpc/rpc/auth_des.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libtirpc/tirpc/rpc/auth_des.h b/libtirpc/tirpc/rpc/auth_des.h index f3f9f31..d940010 100644 --- a/libtirpc/tirpc/rpc/auth_des.h +++ b/libtirpc/tirpc/rpc/auth_des.h @@ -121,8 +121,12 @@ __END_DECLS __BEGIN_DECLS extern bool_t xdr_authdes_cred(XDR *, struct authdes_cred *); extern bool_t xdr_authdes_verf(XDR *, struct authdes_verf *); +#ifndef _WIN32 extern int rtime(dev_t, struct netbuf *, int, struct timeval *, struct timeval *); +#else +extern int rtime(struct sockaddr_in *, struct timeval *, struct timeval *); +#endif extern void kgetnetname(char *); extern enum auth_stat _svcauth_des(struct svc_req *, struct rpc_msg *); __END_DECLS -- 2.39.0 From 899a85ec2dd9f67d8feb163783020ed4507773c3 Mon Sep 17 00:00:00 2001 From: Roland Mainz <roland.mainz@nrubsig.org> Date: Wed, 18 Oct 2023 18:19:25 +0200 Subject: [PATCH 7/7] msnfs41client.bash: Add Microsoft symbol servers+document heap debug Minor cygwin/devel/msnfs41client.bash update: - Add Microsoft symbol servers - Document cdb heap debugging option (not on by default because it causes nfsd.exe consume lots of memory) Signed-off-by: Cedric Blancher <cedric.blancher@gmail.com> --- cygwin/devel/msnfs41client.bash | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/cygwin/devel/msnfs41client.bash b/cygwin/devel/msnfs41client.bash index ad77034..7afaac2 100644 --- a/cygwin/devel/msnfs41client.bash +++ b/cygwin/devel/msnfs41client.bash @@ -110,8 +110,9 @@ function nfsclient_rundeamon if false ; then gdb -ex=run --args nfsd_debug -d 0 --noldap --gid 1616 --uid 1616 else - export _NT_ALT_SYMBOL_PATH="$(cygpath -w "$PWD")" - cdb -c "g" "$(cygpath -w "$PWD/nfsd_debug.exe")" -d 2 --noldap --gid 1616 --uid 1616 + export _NT_ALT_SYMBOL_PATH="$(cygpath -w "$PWD");srv*https://msdl.microsoft.com/download/symbols" + # use '!gflag +full;g' for heap tests, eats lots of memory + cdb -c 'g' "$(cygpath -w "$PWD/nfsd_debug.exe")" -d 0 --noldap #--gid 1616 --uid 1616 fi return $? } @@ -124,8 +125,9 @@ function nfsclient_system_rundeamon if false ; then su_system gdb -ex=run --args nfsd_debug -d 0 --noldap --gid 1616 --uid 1616 else - export _NT_ALT_SYMBOL_PATH="$(cygpath -w "$PWD")" - su_system cdb -c "g" "$(cygpath -w "$PWD/nfsd_debug.exe")" -d 2 --noldap --gid 1616 --uid 1616 + export _NT_ALT_SYMBOL_PATH="$(cygpath -w "$PWD");srv*https://msdl.microsoft.com/download/symbols" + # use '!gflag +full;g' for heap tests, eats lots of memory + su_system cdb -c 'g' "$(cygpath -w "$PWD/nfsd_debug.exe")" -d 0 --noldap #--gid 1616 --uid 1616 fi return $? } -- 2.39.0

Title:

Privacy: Public Private

How long should your post be retained?

15 mins an hour a day a week a month forever

All content is user-submitted.
The administrators of this site (kpaste.net) are not responsible for their content.
Abuse reports should be emailed to us at