Date: Fri, 18 Sep 2015 15:19:12 +0200 From: Olaf Kirch <okir@...e.com> To: oss-security@...ts.openwall.com Cc: Steve Dickson <SteveD@...hat.com>, Marcus Meissner <meissner@...e.de> Subject: Re: Re: CVE Request: remote triggerable use-after-free in rpcbind Hi Steve, On Thursday 17 September 2015 22:12:29 Steve Dickson wrote: > In Olaf's patch there is a call to __rpc_set_netbuf() which is > not visible in the upstream libtirpc lib... Did Olaf roll his own > or changed libtirpc to make it visible? Originally, I was going to use the one from libtirpc. But then I reconsidered because it's too ugly, and inlined a copy of it. See the attached patch which I submitted to SLES. Regards, Olaf -- It is better to keep your mouth closed and let people think you are a fool than to open it and remove all doubt. -- Mark Twain -------------------------------------------- Olaf Kirch - Director SUSE Linux Enterprise; R&D (okir@...e.com) SUSE Linux GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) View attachment "bug-940191.patch" of type "text/x-patch" (2891 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ