PR/32572: John Kohl: xdr_rec.c missing a bugfix for an improper security check
The correct way to check for a zero record length is to check for it without the LAST_FRAG marker in it, since it's legal to send a LAST_FRAG marker with 0 bytes of data. [This should be pulled up to 3.0]
This commit is contained in:
christos
parent
061762c234
commit
349408700d
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: xdr_rec.c,v 1.25 2005/06/09 22:13:17 yamt Exp $ */
|
||||
/* $NetBSD: xdr_rec.c,v 1.26 2006/01/19 16:40:44 christos Exp $ */
|
||||
|
||||
/*
|
||||
* Sun RPC is a product of Sun Microsystems, Inc. and is provided for
|
||||
|
|
@ -35,7 +35,7 @@
|
|||
static char *sccsid = "@(#)xdr_rec.c 1.21 87/08/11 Copyr 1984 Sun Micro";
|
||||
static char *sccsid = "@(#)xdr_rec.c 2.2 88/08/01 4.0 RPCSRC";
|
||||
#else
|
||||
__RCSID("$NetBSD: xdr_rec.c,v 1.25 2005/06/09 22:13:17 yamt Exp $");
|
||||
__RCSID("$NetBSD: xdr_rec.c,v 1.26 2006/01/19 16:40:44 christos Exp $");
|
||||
#endif
|
||||
#endif
|
||||
|
||||
|
|
@ -735,7 +735,7 @@ set_input_fragment(rstrm)
|
|||
* but we don't have any way to be certain that they aren't
|
||||
* what the client actually intended to send us.
|
||||
*/
|
||||
if ((header & (~LAST_FRAG)) == 0)
|
||||
if (header == 0)
|
||||
return(FALSE);
|
||||
rstrm->fbtbc = header & (~LAST_FRAG);
|
||||
return (TRUE);
|
||||
|
|
|
|||
Loading…
Reference in New Issue