Fix xp_raddr handling in svc_fd_create etc

Currently svc_fd_create tries to do some clever tricks with IPv4/v6 address mapping. This is broken for several reasons. 1. We don't want IPv4 based transport to look like IPv6 transports. Old applications compiled against tirpc will expect AF_INET addresses, and are not equipped to deal with AF_INET6. 2. There's a buffer overflow. memcpy(&sin6, &ss, sizeof(ss)); copies a full struct sockaddr to a sockaddr_in6 on the stack. Unlikely to be exploitable, but I wonder if this ever worked.... Signed-off-by: Olaf Kirch <okir@suse.de> Signed-off-by: Steve Dickson <steved@redhat.com>
author: Olaf Kirch <okir@suse.de> 2008-09-30 15:04:17 -0400
committer: Steve Dickson <steved@redhat.com> 2008-09-30 15:04:17 -0400
commit: 59c374c4b507aeca957ed0096d98006edf601375 (patch)
tree: 49248596b39fb1829c48bf05063baf56e4b4c0e9 /src/svc_dg.c
parent: 628788c1cc84c86ee4cb36ee5d4fe8954e90fca5 (diff)
download: ti-rpc-59c374c4b507aeca957ed0096d98006edf601375.tar.gz
1 files changed, 1 insertions, 6 deletions
diff --git a/src/svc_dg.c b/src/svc_dg.c
index a72abe4..76a480e 100644
--- a/src/svc_dg.c
+++ b/src/svc_dg.c
@@ -193,12 +193,7 @@ again:
 		xprt->xp_rtaddr.len = alen;
 	}
 	memcpy(xprt->xp_rtaddr.buf, &ss, alen);
-#ifdef PORTMAP
-	if (ss.ss_family == AF_INET6) {
-		xprt->xp_raddr = *(struct sockaddr_in6 *)xprt->xp_rtaddr.buf;
-		xprt->xp_addrlen = sizeof (struct sockaddr_in6);
-	}
-#endif				/* PORTMAP */
+	__xprt_set_raddr(xprt, &ss);
 	xdrs->x_op = XDR_DECODE;
 	XDR_SETPOS(xdrs, 0);
 	if (! xdr_callmsg(xdrs, msg)) {
author	Olaf Kirch <okir@suse.de>	2008-09-30 15:04:17 -0400
committer	Steve Dickson <steved@redhat.com>	2008-09-30 15:04:17 -0400
commit	59c374c4b507aeca957ed0096d98006edf601375 (patch)
tree	49248596b39fb1829c48bf05063baf56e4b4c0e9 /src/svc_dg.c
parent	628788c1cc84c86ee4cb36ee5d4fe8954e90fca5 (diff)
download	ti-rpc-59c374c4b507aeca957ed0096d98006edf601375.tar.gz