Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 18 Sep 2015 15:19:12 +0200
From: Olaf Kirch <>
Cc: Steve Dickson <>,
 Marcus Meissner <>
Subject: Re: Re: CVE Request: remote triggerable use-after-free in rpcbind

Hi Steve,

On Thursday 17 September 2015 22:12:29 Steve Dickson wrote:
> In Olaf's patch there is a call to __rpc_set_netbuf() which is
> not visible in the upstream libtirpc lib... Did  Olaf roll his own
>  or changed libtirpc to make it visible?

Originally, I was going to use the one from libtirpc. But then I 
reconsidered because it's too ugly, and inlined a copy of it. See the 
attached patch which I submitted to SLES.

It is better to keep your mouth closed and let people think you are a
fool than to open it and remove all doubt.     -- Mark Twain
Olaf Kirch - Director SUSE Linux Enterprise; R&D (
SUSE Linux GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG 

View attachment "bug-940191.patch" of type "text/x-patch" (2891 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.