From bdce95930e1d9a7d013d1ba78740243491262879 Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Mon, 23 May 2016 20:18:34 +0200
Subject: [PATCH] CVE-2016-4429: sunrpc: Do not use alloca in clntudp_call [BZ
 #20112]

The call is technically in a loop, and under certain circumstances
(which are quite difficult to reproduce in a test case), alloca
can be invoked repeatedly during a single call to clntudp_call.
As a result, the available stack space can be exhausted (even
though individual alloca sizes are bounded implicitly by what
can fit into a UDP packet, as a side effect of the earlier
successful send operation).

(cherry picked from commit bc779a1a5b3035133024b21e2f339fe4219fb11c)
---
 ChangeLog         |  7 +++++++
 NEWS              |  4 ++++
 sunrpc/clnt_udp.c | 10 +++++++++-
 3 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/sunrpc/clnt_udp.c b/sunrpc/clnt_udp.c
index a6cf5f1..4d9acb1 100644
--- a/sunrpc/clnt_udp.c
+++ b/sunrpc/clnt_udp.c
@@ -388,9 +388,15 @@ send_again:
 	  struct sock_extended_err *e;
 	  struct sockaddr_in err_addr;
 	  struct iovec iov;
-	  char *cbuf = (char *) alloca (outlen + 256);
+	  char *cbuf = malloc (outlen + 256);
 	  int ret;
 
+	  if (cbuf == NULL)
+	    {
+	      cu->cu_error.re_errno = errno;
+	      return (cu->cu_error.re_status = RPC_CANTRECV);
+	    }
+
 	  iov.iov_base = cbuf + 256;
 	  iov.iov_len = outlen;
 	  msg.msg_name = (void *) &err_addr;
@@ -415,10 +421,12 @@ send_again:
 		 cmsg = CMSG_NXTHDR (&msg, cmsg))
 	      if (cmsg->cmsg_level == SOL_IP && cmsg->cmsg_type == IP_RECVERR)
 		{
+		  free (cbuf);
 		  e = (struct sock_extended_err *) CMSG_DATA(cmsg);
 		  cu->cu_error.re_errno = e->ee_errno;
 		  return (cu->cu_error.re_status = RPC_CANTRECV);
 		}
+	  free (cbuf);
 	}
 #endif
       do
-- 
2.9.3

uthor'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=4d38533e55239bace7a4a387c84ff7938ec6100a'>root</a>/<a href='/guix/log/gnu?id=4d38533e55239bace7a4a387c84ff7938ec6100a'>gnu</a>/<a href='/guix/log/gnu/build?id=4d38533e55239bace7a4a387c84ff7938ec6100a'>build</a>/<a href='/guix/log/gnu/build/cross-toolchain.scm?id=4d38533e55239bace7a4a387c84ff7938ec6100a'>cross-toolchain.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/build/cross-toolchain.scm?id=4d38533e55239bace7a4a387c84ff7938ec6100a&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2023-12-11 13:36:51 +0200'>2023-12-11</span></td><td><a href='/guix/commit/gnu/build/cross-toolchain.scm?id=c7d2faf1788a1f40defc9d4b875d19b912b6ef01'>gnu: cross-toolchain: Add set-cross-path for AVR.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/build/cross-toolchain.scm (set-cross-path/avr): New procedure.
(cross-gcc-build-phases) [string-prefix? "avr"]: Return
set-cross-path/avr procedure.

Signed-off-by: Jean-Pierre De Jesus DIAZ &lt;me@jeandudey.tech&gt;
Change-Id: I00bd39236ac2e31fef02164a7fffc8b56a166f0d
Signed-off-by: Efraim Flashner &lt;efraim@flashner.co.il&gt;
</span></span></td><td>Jean-Pierre De Jesus DIAZ</td></tr>
<tr><td><span title='2023-12-11 13:24:09 +0200'>2023-12-11</span></td><td><a href='/guix/commit/gnu/build/cross-toolchain.scm?id=9095e10620c775145666f88ff4b0bfdc06645665'>gnu: cross-gcc: Enable multilib for AVR.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/build/cross-toolchain.scm (patch-multilib-shebang): New procedure.
* gnu/packages/avr.scm (make-avr-gcc): Remove uneeded phases and flags
  for multilib.
* gnu/packages/cross-base (cross-gcc-arguments) &lt;#:configure-flags&gt;
  [target-avr?]: Remove --disable-multilib and add --enable-multilib.

Change-Id: Id68d803057ac898f0a670f10487b08bf0891ab0b
Signed-off-by: Efraim Flashner &lt;efraim@flashner.co.il&gt;
</span></span></td><td>Jean-Pierre De Jesus DIAZ</td></tr>
<tr><td><span title='2020-02-12 20:35:43 +0100'>2020-02-12</span></td><td><a href='/guix/commit/gnu/build/cross-toolchain.scm?id=89da127035737bdf922bc566970c5506c2e01b00'>gnu: cross-base: Switch back to 'CROSS_C_INCLUDE_PATH' &amp; co.</a><span class='msg-avail'>...<span class='msg-tooltip'>This is a followup to 2073b55e6b964cb8ca15e8c74cb32dac00f05f0d.

* gnu/build/cross-toolchain.scm (%gcc-include-paths): Switch back to
'C_INCLUDE_PATH' &amp; co.
* gnu/packages/cross-base.scm (%gcc-include-paths): Likewise.
(cross-gcc-arguments): Remove 'treat-glibc-as-system-header' phase.
(cross-gcc)[native-inputs]: Reorder so that libc comes last.
[search-paths]: Add "include/c++" for 'CROSS_CPLUS_INCLUDE_PATH'.
* guix/build-system/gnu.scm (standard-cross-packages): Have "cross-gcc"
appear both for 'host and 'target.
</span></span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2019-08-29 17:19:18 -0400'>2019-08-29</span></td><td><a href='/guix/commit/gnu/build/cross-toolchain.scm?id=0481289cbccba2646bf654f0ae49ac9c45602d5d'>Merge branch 'master' into core-updates</a></td><td>Mark H Weaver</td></tr>
<tr><td><span title='2019-08-28 08:47:14 -0400'>2019-08-28</span></td><td><a href='/guix/commit/gnu/build/cross-toolchain.scm?id=07d7175406210434d1fb9c100dc33a7d095f1627'>gnu: mingw-w64: Update to 6.0.0.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/mingw.scm (mingw-w64): Update to 6.0.0.
* gnu/packages/patches/mingw-w64-6.0.0-gcc.patch: New file.
* gnu/packages/patches/mingw-w64-5.0rc2-gcc-4.9.3.patch: Delete it.
* gnu/local.mk (dist_patch_DATA): Add new patch.  Delete old patch.
* gnu/build/cross-toolchain.scm (set-cross-path/mingw): Add additional
  autoconf-like substitutions.
</span></span></td><td>David Thompson</td></tr>
<tr><td><span title='2019-08-22 15:53:27 -0400'>2019-08-22</span></td><td><a href='/guix/commit/gnu/build/cross-toolchain.scm?id=893c2df00daa4e6dd6a7ff3813d7df5329877f9e'>Merge branch 'master' into core-updates</a></td><td>Mark H Weaver</td></tr>
<tr><td><span title='2019-08-14 21:29:53 +0200'>2019-08-14</span></td><td><a href='/guix/commit/gnu/build/cross-toolchain.scm?id=67dac6b8920755cb011047157bb7b4fae4760143'>gnu: mingw: Add x86_64 support.</a><span class='msg-avail'>...<span class='msg-tooltip'>This patch parameterizes previously hard-coded instances of
i686-w64-mingw32, adding support for x86_64-w64-mingw32.

* gnu/packages/mingw.scm (make-mingw-w64): New procedure.
(mingw-w64-i686, mingw-w64-x86_64): New variables.
(%mingw-triplet): Remove.
(mingw-w64): Update to point to 'mingw-w64-i686'.
* gnu/packages/cross-base.scm (cross-gcc): Use 'libc' keyword argument
if specified, instead of treating it as a boolean.
(native-libc): Return the correct mingw-w64 depending on machine
specified in target.
* gnu/packages/bootstrap.scm (glibc-dynamic-linker): Add "x86_64-mingw".
* gnu/build/cross-toolchain.scm (set-cross-path/mingw): Replace
hardcoded 'i686-w64-mingw32' instances with 'target' keyword argument.
(cross-gcc-build-phases): Update accordingly; use 'target-mingw?'
implementation of target checking and add commentary.
* gnu/ci.scm (%cross-targets): Add "x86_64-w64-mingw32".
</span></span></td><td>Carl Dong</td></tr>

Age	Commit message (Expand)	Author
2023-12-11	gnu: cross-toolchain: Add set-cross-path for AVR....* gnu/build/cross-toolchain.scm (set-cross-path/avr): New procedure. (cross-gcc-build-phases) [string-prefix? "avr"]: Return set-cross-path/avr procedure. Signed-off-by: Jean-Pierre De Jesus DIAZ <me@jeandudey.tech> Change-Id: I00bd39236ac2e31fef02164a7fffc8b56a166f0d Signed-off-by: Efraim Flashner <efraim@flashner.co.il>	Jean-Pierre De Jesus DIAZ
2023-12-11	gnu: cross-gcc: Enable multilib for AVR....* gnu/build/cross-toolchain.scm (patch-multilib-shebang): New procedure. * gnu/packages/avr.scm (make-avr-gcc): Remove uneeded phases and flags for multilib. * gnu/packages/cross-base (cross-gcc-arguments) <#:configure-flags> [target-avr?]: Remove --disable-multilib and add --enable-multilib. Change-Id: Id68d803057ac898f0a670f10487b08bf0891ab0b Signed-off-by: Efraim Flashner <efraim@flashner.co.il>	Jean-Pierre De Jesus DIAZ
2020-02-12	gnu: cross-base: Switch back to 'CROSS_C_INCLUDE_PATH' & co....This is a followup to 2073b55e6b964cb8ca15e8c74cb32dac00f05f0d. * gnu/build/cross-toolchain.scm (%gcc-include-paths): Switch back to 'C_INCLUDE_PATH' & co. * gnu/packages/cross-base.scm (%gcc-include-paths): Likewise. (cross-gcc-arguments): Remove 'treat-glibc-as-system-header' phase. (cross-gcc)[native-inputs]: Reorder so that libc comes last. [search-paths]: Add "include/c++" for 'CROSS_CPLUS_INCLUDE_PATH'. * guix/build-system/gnu.scm (standard-cross-packages): Have "cross-gcc" appear both for 'host and 'target.	Ludovic Courtès
2019-08-29	Merge branch 'master' into core-updates	Mark H Weaver
2019-08-28	gnu: mingw-w64: Update to 6.0.0....* gnu/packages/mingw.scm (mingw-w64): Update to 6.0.0. * gnu/packages/patches/mingw-w64-6.0.0-gcc.patch: New file. * gnu/packages/patches/mingw-w64-5.0rc2-gcc-4.9.3.patch: Delete it. * gnu/local.mk (dist_patch_DATA): Add new patch. Delete old patch. * gnu/build/cross-toolchain.scm (set-cross-path/mingw): Add additional autoconf-like substitutions.	David Thompson
2019-08-22	Merge branch 'master' into core-updates	Mark H Weaver
2019-08-14	gnu: mingw: Add x86_64 support....This patch parameterizes previously hard-coded instances of i686-w64-mingw32, adding support for x86_64-w64-mingw32. * gnu/packages/mingw.scm (make-mingw-w64): New procedure. (mingw-w64-i686, mingw-w64-x86_64): New variables. (%mingw-triplet): Remove. (mingw-w64): Update to point to 'mingw-w64-i686'. * gnu/packages/cross-base.scm (cross-gcc): Use 'libc' keyword argument if specified, instead of treating it as a boolean. (native-libc): Return the correct mingw-w64 depending on machine specified in target. * gnu/packages/bootstrap.scm (glibc-dynamic-linker): Add "x86_64-mingw". * gnu/build/cross-toolchain.scm (set-cross-path/mingw): Replace hardcoded 'i686-w64-mingw32' instances with 'target' keyword argument. (cross-gcc-build-phases): Update accordingly; use 'target-mingw?' implementation of target checking and add commentary. * gnu/ci.scm (%cross-targets): Add "x86_64-w64-mingw32".	Carl Dong