[LIBTIRPC] Fix CVE-2017-8779 by backporting its fix
[reactos.git] / dll / 3rdparty / libtirpc / src / rpc_generic.c
index f3bbc73..fc646f5 100644 (file)
@@ -679,6 +679,11 @@ __rpc_taddr2uaddr_af(int af, const struct netbuf *nbuf)
 
        switch (af) {
        case AF_INET:
+#ifdef __REACTOS__ // CVE-2017-8779
+               if (nbuf->len < sizeof(*sin)) {
+                       return NULL;
+               }
+#endif
                sin = nbuf->buf;
                if (inet_ntop(af, &sin->sin_addr, namebuf, sizeof namebuf)
                    == NULL)
@@ -690,6 +695,11 @@ __rpc_taddr2uaddr_af(int af, const struct netbuf *nbuf)
                break;
 #ifdef INET6
        case AF_INET6:
+#ifdef __REACTOS__ // CVE-2017-8779
+               if (nbuf->len < sizeof(*sin6)) {
+                       return NULL;
+               }
+#endif
                sin6 = nbuf->buf;
                if (inet_ntop(af, &sin6->sin6_addr, namebuf6, sizeof namebuf6)
                    == NULL)
@@ -736,6 +746,10 @@ __rpc_uaddr2taddr_af(int af, const char *uaddr)
 
        port = 0;
        sin = NULL;
+#ifdef __REACTOS__ // CVE-2017-8779
+       if (uaddr == NULL)
+               return NULL;
+#endif
        addrstr = strdup(uaddr);
        if (addrstr == NULL)
                return NULL;