oss-sec mailing list archives
Re: Re: CVE Request: remote triggerable use-after-free in rpcbind
From: Olaf Kirch <okir () suse com>
Date: Fri, 18 Sep 2015 15:19:12 +0200
Hi Steve, On Thursday 17 September 2015 22:12:29 Steve Dickson wrote:
In Olaf's patch there is a call to __rpc_set_netbuf() which is not visible in the upstream libtirpc lib... Did Olaf roll his own or changed libtirpc to make it visible?
Originally, I was going to use the one from libtirpc. But then I reconsidered because it's too ugly, and inlined a copy of it. See the attached patch which I submitted to SLES. Regards, Olaf -- It is better to keep your mouth closed and let people think you are a fool than to open it and remove all doubt. -- Mark Twain -------------------------------------------- Olaf Kirch - Director SUSE Linux Enterprise; R&D (okir () suse com) SUSE Linux GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
Attachment:
bug-940191.patch
Description:
Current thread:
- CVE Request: remote triggerable use-after-free in rpcbind Marcus Meissner (Sep 17)
- Re: CVE Request: remote triggerable use-after-free in rpcbind cve-assign (Sep 17)
- Re: CVE Request: remote triggerable use-after-free in rpcbind Steve Dickson (Sep 17)
- Re: CVE Request: remote triggerable use-after-free in rpcbind Marcus Meissner (Sep 17)
- Re: CVE Request: remote triggerable use-after-free in rpcbind Steve Dickson (Sep 17)
- Re: CVE Request: remote triggerable use-after-free in rpcbind Marcus Meissner (Sep 17)
- Re: Re: CVE Request: remote triggerable use-after-free in rpcbind Kurt Seifried (Sep 17)
- Re: CVE Request: remote triggerable use-after-free in rpcbind Steve Dickson (Sep 17)
- Re: CVE Request: remote triggerable use-after-free in rpcbind cve-assign (Sep 17)
- Re: Re: CVE Request: remote triggerable use-after-free in rpcbind Olaf Kirch (Sep 18)