diff options
author | Olaf Kirch <okir@suse.de> | 2008-09-30 15:04:17 -0400 |
---|---|---|
committer | Steve Dickson <steved@redhat.com> | 2008-09-30 15:04:17 -0400 |
commit | 59c374c4b507aeca957ed0096d98006edf601375 (patch) | |
tree | 49248596b39fb1829c48bf05063baf56e4b4c0e9 /src/svc_dg.c | |
parent | 628788c1cc84c86ee4cb36ee5d4fe8954e90fca5 (diff) | |
download | ti-rpc-59c374c4b507aeca957ed0096d98006edf601375.tar.gz |
Fix xp_raddr handling in svc_fd_create etc
Currently svc_fd_create tries to do some clever tricks
with IPv4/v6 address mapping.
This is broken for several reasons.
1. We don't want IPv4 based transport to look like IPv6
transports. Old applications compiled against tirpc
will expect AF_INET addresses, and are not equipped
to deal with AF_INET6.
2. There's a buffer overflow.
memcpy(&sin6, &ss, sizeof(ss));
copies a full struct sockaddr to a sockaddr_in6 on
the stack. Unlikely to be exploitable, but I wonder
if this ever worked....
Signed-off-by: Olaf Kirch <okir@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
Diffstat (limited to 'src/svc_dg.c')
-rw-r--r-- | src/svc_dg.c | 7 |
1 files changed, 1 insertions, 6 deletions
diff --git a/src/svc_dg.c b/src/svc_dg.c index a72abe4..76a480e 100644 --- a/src/svc_dg.c +++ b/src/svc_dg.c @@ -193,12 +193,7 @@ again: xprt->xp_rtaddr.len = alen; } memcpy(xprt->xp_rtaddr.buf, &ss, alen); -#ifdef PORTMAP - if (ss.ss_family == AF_INET6) { - xprt->xp_raddr = *(struct sockaddr_in6 *)xprt->xp_rtaddr.buf; - xprt->xp_addrlen = sizeof (struct sockaddr_in6); - } -#endif /* PORTMAP */ + __xprt_set_raddr(xprt, &ss); xdrs->x_op = XDR_DECODE; XDR_SETPOS(xdrs, 0); if (! xdr_callmsg(xdrs, msg)) { |