[src/trunk]: src/lib/libc/rpc PR/32572: John Kohl: xdr_rec.c missing a bugfix...

[christos <christos%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/72f4ce03edbb
branches:  trunk
changeset: 587298:72f4ce03edbb
user:      christos <christos%NetBSD.org@localhost>
date:      Thu Jan 19 16:40:44 2006 +0000

description:
PR/32572: John Kohl: xdr_rec.c missing a bugfix for an improper security check
The correct way to check for a zero record length is to check for it
without the LAST_FRAG marker in it, since it's legal to send a LAST_FRAG
marker with 0 bytes of data.
[This should be pulled up to 3.0]

diffstat:

 lib/libc/rpc/xdr_rec.c |  6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diffs (27 lines):

diff -r c73c5de41a69 -r 72f4ce03edbb lib/libc/rpc/xdr_rec.c
--- a/lib/libc/rpc/xdr_rec.c    Thu Jan 19 15:09:57 2006 +0000
+++ b/lib/libc/rpc/xdr_rec.c    Thu Jan 19 16:40:44 2006 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: xdr_rec.c,v 1.25 2005/06/09 22:13:17 yamt Exp $        */
+/*     $NetBSD: xdr_rec.c,v 1.26 2006/01/19 16:40:44 christos Exp $    */
 
 /*
  * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
@@ -35,7 +35,7 @@
 static char *sccsid = "@(#)xdr_rec.c 1.21 87/08/11 Copyr 1984 Sun Micro";
 static char *sccsid = "@(#)xdr_rec.c   2.2 88/08/01 4.0 RPCSRC";
 #else
-__RCSID("$NetBSD: xdr_rec.c,v 1.25 2005/06/09 22:13:17 yamt Exp $");
+__RCSID("$NetBSD: xdr_rec.c,v 1.26 2006/01/19 16:40:44 christos Exp $");
 #endif
 #endif
 
@@ -735,7 +735,7 @@
         * but we don't have any way to be certain that they aren't
         * what the client actually intended to send us.
         */
-       if ((header & (~LAST_FRAG)) == 0)
+       if (header == 0)
                return(FALSE);
        rstrm->fbtbc = header & (~LAST_FRAG);
        return (TRUE);