From 7b062f478d8e245fd29f3d76e9984333426a25d2 Mon Sep 17 00:00:00 2001
From: Peter Wagner <tripolar@gmx.at>
Date: Sun, 12 May 2019 21:14:31 +0200
Subject: [PATCH] rpcinfo: add upstream commit to fix stack buffer overflow

Signed-off-by: Peter Wagner <tripolar@gmx.at>
---
 net/rpcbind/Makefile                          |  2 +-
 .../002-fix_stack_buffer_overflow.patch       | 69 +++++++++++++++++++
 2 files changed, 70 insertions(+), 1 deletion(-)
 create mode 100644 net/rpcbind/patches/002-fix_stack_buffer_overflow.patch

diff --git a/net/rpcbind/Makefile b/net/rpcbind/Makefile
index 108c7711ad..a3edecea58 100644
--- a/net/rpcbind/Makefile
+++ b/net/rpcbind/Makefile
@@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=rpcbind
 PKG_VERSION:=1.2.5
-PKG_RELEASE:=3
+PKG_RELEASE:=4
 
 PKG_SOURCE_URL:=@SF/rpcbind
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
diff --git a/net/rpcbind/patches/002-fix_stack_buffer_overflow.patch b/net/rpcbind/patches/002-fix_stack_buffer_overflow.patch
new file mode 100644
index 0000000000..1a43dacbd5
--- /dev/null
+++ b/net/rpcbind/patches/002-fix_stack_buffer_overflow.patch
@@ -0,0 +1,69 @@
+From 0bc1c0ae7ce61a7ac8a8e9a9b2086268f011abf0 Mon Sep 17 00:00:00 2001
+From: Steve Dickson <steved@redhat.com>
+Date: Tue, 9 Oct 2018 09:19:50 -0400
+Subject: [PATCH 1/1] rpcinfo: Fix stack buffer overflow
+
+*** buffer overflow detected ***: rpcinfo terminated
+======= Backtrace: =========
+/lib64/libc.so.6(+0x721af)[0x7ff24c4451af]
+/lib64/libc.so.6(__fortify_fail+0x37)[0x7ff24c4ccdc7]
+/lib64/libc.so.6(+0xf8050)[0x7ff24c4cb050]
+rpcinfo(+0x435f)[0xef3be2635f]
+rpcinfo(+0x1c62)[0xef3be23c62]
+/lib64/libc.so.6(__libc_start_main+0xf5)[0x7ff24c3f36e5]
+rpcinfo(+0x2739)[0xef3be24739]
+======= Memory map: ========
+...
+The patch below fixes it.
+
+Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
+Signed-off-by: Thomas Blume <thomas.blume@suse.com>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ src/rpcinfo.c | 23 +++++++++++++++++------
+ 1 file changed, 17 insertions(+), 6 deletions(-)
+
+diff --git a/src/rpcinfo.c b/src/rpcinfo.c
+index 9b46864..cfdba88 100644
+--- a/src/rpcinfo.c
++++ b/src/rpcinfo.c
+@@ -973,6 +973,7 @@ rpcbdump (dumptype, netid, argc, argv)
+ 	("   program version(s) netid(s)                         service     owner\n");
+       for (rs = rs_head; rs; rs = rs->next)
+ 	{
++	  size_t netidmax = sizeof(buf) - 1;
+ 	  char *p = buf;
+ 
+ 	  printf ("%10ld  ", rs->prog);
+@@ -985,12 +986,22 @@ rpcbdump (dumptype, netid, argc, argv)
+ 	    }
+ 	  printf ("%-10s", buf);
+ 	  buf[0] = '\0';
+-	  for (nl = rs->nlist; nl; nl = nl->next)
+-	    {
+-	      strcat (buf, nl->netid);
+-	      if (nl->next)
+-		strcat (buf, ",");
+-	    }
++
++          for (nl = rs->nlist; nl; nl = nl->next)
++            {
++              strncat (buf, nl->netid, netidmax);
++              if (strlen (nl->netid) < netidmax)
++                netidmax -= strlen(nl->netid);
++              else
++                break;
++
++              if (nl->next && netidmax > 1)
++                {
++                  strncat (buf, ",", netidmax);
++                  netidmax --;
++                }
++            }
++
+ 	  printf ("%-32s", buf);
+ 	  rpc = getrpcbynumber (rs->prog);
+ 	  if (rpc)
+-- 
+1.8.3.1
+