[0.4.9][LIBTIRPC] Fix CVE-2018-14622 CORE-15005, and CVE-2018-14621 CORE-15407

The chance for us to get attacked is rather low, because
LIBTIRPC is used solely for the nfs service and
I pushed aggressively years ago to have that turned from
'Automatic' to 'Manual' already.
I doubt many used this service, that does not exist on real Windows at all.
Attacks may result in Denial-Of-Service.

For details check:
https://nvd.nist.gov/vuln/detail/CVE-2018-14622
https://nvd.nist.gov/vuln/detail/CVE-2018-14621

Fixes picked from:
0.4.11-dev-93-g 000bbe074ed29d1efe39d4d65c81d1c1ead07c93 CVE-2018-14622 CORE-15005
0.4.11-dev-887-g f5f3ff86eafd51bd34665fdfed892a7fc3785879 CVE-2018-14621 CORE-15407

diff --git a/dll/3rdparty/libtirpc/src/svc_vc.c b/dll/3rdparty/libtirpc/src/svc_vc.c
index 4d7e1f1..47757fe 100644 (file)
--- a/dll/3rdparty/libtirpc/src/svc_vc.c
+++ b/dll/3rdparty/libtirpc/src/svc_vc.c
@@ -324,6 +324,7 @@ again:
            &len)) == SOCKET_ERROR) {
                if (errno == EINTR)
                        goto again;
+#ifndef __REACTOS__ // CVE-2018-14621
                /*
                 * Clean out the most idle file descriptor when we're
                 * running out.
@@ -333,6 +334,7 @@ again:
                        __svc_clean_idle(&cleanfds, 0, FALSE);
                        goto again;
                }
+#endif
                return (FALSE);
        }
        /*
@@ -340,6 +342,10 @@ again:
         */
 
        newxprt = makefd_xprt(sock, r->sendsize, r->recvsize);
+#ifdef __REACTOS__ // CVE-2018-14622
+       if (!newxprt)
+               return (FALSE);
+#endif
 
        if (!__rpc_set_netbuf(&newxprt->xp_rtaddr, &addr, len))
                return (FALSE);