diff options
| author | Ed Blake <ed.blake@sondrel.com> | 2018-01-18 18:05:31 +0000 |
|---|---|---|
| committer | Peter Korsgaard <peter@korsgaard.com> | 2018-01-21 21:18:25 +0100 |
| commit | 637f2b5e121bc7e1c9a96d0b6d636e4ef237a4ee (patch) | |
| tree | 7d2a4a20fbd9c8be10466b85830b479ec029e7cc /package/jsoncpp/jsoncpp.mk | |
| parent | 371d7e8495a46d800c4c7322c5c1d09612ed181c (diff) | |
| download | buildroot-637f2b5e121bc7e1c9a96d0b6d636e4ef237a4ee.tar.gz buildroot-637f2b5e121bc7e1c9a96d0b6d636e4ef237a4ee.zip | |
rpcbind: Backport fixes to memory leak security fix
Commit 954509f added a security fix for CVE-2017-8779, involving
pairing all svc_getargs() calls with svc_freeargs() to avoid a memory
leak. However it also introduced a couple of issues:
- The call to svc_freeargs() from rpcbproc_callit_com() may result in
an attempt to free static memory, resulting in undefined behaviour.
- A typo in the svc_freeargs() call from pmapproc_dump() causes NIS
(aka ypbind) to fail.
Backport upstream fixes for these issues to version 0.2.3.
Signed-off-by: Ed Blake <ed.blake@sondrel.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 5a9a95d0eb15c189f1361c12c105eb0ba8842c77)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/jsoncpp/jsoncpp.mk')
0 files changed, 0 insertions, 0 deletions

