From 4a8abc724adc6a8ad0d577d51e87098b73c8f480 Mon Sep 17 00:00:00 2001
From: ksourav <sourav.kir@gmail.com>
Date: Wed, 17 Aug 2016 16:01:29 -0400
Subject: getrpcport: Possible buffer overflow in memcpy

The if condition, when true, can result in memcpy
overflow as source sizecan become greater than the
destination in memcpy. Modified the if condition
to prevent memcoy overflow.

Signed-off-by: ksourav <sourav.kir@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
 src/getrpcport.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/getrpcport.c b/src/getrpcport.c
index b452c99..c28cd61 100644
--- a/src/getrpcport.c
+++ b/src/getrpcport.c
@@ -57,8 +57,8 @@ getrpcport(host, prognum, versnum, proto)
 	memset(&addr, 0, sizeof(addr));
 	addr.sin_family = AF_INET;
 	addr.sin_port =  0;
-	if (hp->h_length > sizeof(addr))
-	  hp->h_length = sizeof(addr);
+	if (hp->h_length > sizeof(addr.sin_addr.s_addr))
+		hp->h_length = sizeof(addr.sin_addr.s_addr);
 	memcpy(&addr.sin_addr.s_addr, hp->h_addr, (size_t)hp->h_length);
 	/* Inconsistent interfaces need casts! :-( */
 	return (pmap_getport(&addr, (u_long)prognum, (u_long)versnum, 
-- 
cgit v1.2.1