Date: Fri, 18 Sep 2015 15:19:12 +0200 From: Olaf Kirch <okir@...e.com> To: oss-security@...ts.openwall.com Cc: Steve Dickson <SteveD@...hat.com>, Marcus Meissner <meissner@...e.de> Subject: Re: Re: CVE Request: remote triggerable use-after-free in rpcbind Hi Steve, On Thursday 17 September 2015 22:12:29 Steve Dickson wrote: > In Olaf's patch there is a call to __rpc_set_netbuf() which is > not visible in the upstream libtirpc lib... Did Olaf roll his own > or changed libtirpc to make it visible? Originally, I was going to use the one from libtirpc. But then I reconsidered because it's too ugly, and inlined a copy of it. See the attached patch which I submitted to SLES. Regards, Olaf -- It is better to keep your mouth closed and let people think you are a fool than to open it and remove all doubt. -- Mark Twain -------------------------------------------- Olaf Kirch - Director SUSE Linux Enterprise; R&D (okir@...e.com) SUSE Linux GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) View attachment "bug-940191.patch" of type "text/x-patch" (2891 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.