Dongkyun Son [Mon, 21 Aug 2023 05:51:38 +0000 (14:51 +0900)]
add packaging with v1.3.3
Change-Id: I25e3cfa21002d665a55e1819009d5519927e56c1
Signed-off-by: Dongkyun Son <dongkyun.s@samsung.com>
Steve Dickson [Sun, 7 Aug 2022 16:57:19 +0000 (12:57 -0400)]
Release: 1.3.3
Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Tue, 2 Aug 2022 18:55:33 +0000 (14:55 -0400)]
Removed a warning:
rpcb_clnt.c:224:21: error: argument 'netid' doesn't match prototype
const char *host, *netid;
Signed-off-by: Steve Dickson <steved@redhat.com>
Attila Kovacs [Mon, 1 Aug 2022 15:28:43 +0000 (11:28 -0400)]
SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c
rpcb_clnt.c was using a read/write lock mechanism to manage the address
cache. This was wrong, because the wrote locked deletion of a cached
entry did not prevent concurrent access by other calls that required
a read lock (e.g. by check_cache()). Thus, the cache could get
corrupted.
Instead of a RW locking mechanist, the cache (a linkedf list) need a
simple mutex to grant access. To avoid deadlocks while accessing a cache
from functions that may recurse, the mutexed part of the cache access
should be isolated more to only the code areas necessary.
Also, cache lookup should return an independent deep copy of the matching
cached element, rather than a pointer to the element in the cache, for
operations that can (and should be) performed outside of the mutexed
areas for cache access.
With the changes, the code is more MT-dafe, more robust, and also
simpler to follow.
Signed-off-by: Steve Dickson <steved@redhat.com>
Attila Kovacs [Thu, 28 Jul 2022 13:14:24 +0000 (09:14 -0400)]
SUNRPC: mutexed access blacklist_read state variable.
bindresvport()_sa(), in bidresvport.c checks blacklist_read w/o mutex
before calling load_blacklist() which changes blacklist_read() also
unmutexed.
Clearly, the point is to read the blacklist only once on the first call,
but because the checking whether the blacklist is loaded is not mutexed,
more than one thread may race to load the blacklist concurrently, which
of course can jumble the list because of the race condition.
The fix simply moves the checking within the mutexed aread of the code
to eliminate the race condition.
Signed-off-by: Steve Dickson <steved@redhat.com>
Attila Kovacs [Tue, 26 Jul 2022 19:24:01 +0000 (15:24 -0400)]
thread safe clnt destruction.
If clnt_dg_destroy() or clnt_vc_destroy() is awoken with other blocked
operations pending (such as clnt_*_call(), clnt_*_control(), or
clnt_*_freeres()) but no active operation currently being executed, then the
client gets destroyed. Then, as the other blocked operations get subsequently
awoken, they will try operate on an invalid client handle, potentially causing
unpredictable behavior and stack corruption.
Signed-off-by: Attila Kovacs <attipaci@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
Attila Kovacs [Tue, 26 Jul 2022 19:20:05 +0000 (15:20 -0400)]
clnt_dg_freeres() uncleared set active state may deadlock.
In clnt_dg.c in clnt_dg_freeres(), cu_fd_lock->active is set to TRUE, with no
corresponding clearing when the operation (*xdr_res() call) is completed. This
would leave other waiting operations blocked indefinitely, effectively
deadlocking the client. For comparison, clnt_vd_freeres() in clnt_vc.c does not
set the active state to TRUE. I believe the vc behavior is correct, while the
dg behavior is a bug.
Signed-off-by: Attila Kovacs <attipaci@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
Attila Kovacs [Wed, 20 Jul 2022 21:03:28 +0000 (17:03 -0400)]
Eliminate deadlocks in connects with an MT environment
In cnlt_dg_freeres() and clnt_vc_freeres(), cond_signal() is called after
unlocking the mutex (clnt_fd_lock). The manual of pthread_cond_signal()
allows that, but mentions that for consistent scheduling, cond_signal()
should be called with the waiting mutex locked.
clnt_fd_lock is locked on L171, but then not released if jumping to the
err1 label on an error (L175 and L180). This means that those errors
will deadlock all further operations that require clnt_fd_lock access.
Same in clnt_vc.c in clnt_vc_create, on lines 215, 222, and 230 respectively.
Signed-off-by: Steve Dickson <steved@redhat.com>
Roberto Bergantinos Corpas [Thu, 14 Jul 2022 19:54:21 +0000 (15:54 -0400)]
rpcb_clnt.c add mechanism to try v2 protocol first
There have been previous attempts to revert protocol tryout
algorithm from v4,v3,v2 to previous v2,v4,v3 :
https://www.spinics.net/lists/linux-nfs/msg89228.html
Apart from GETADDR/NAT issue originating that proposed change,
its possible that some legacy custom applications still use
v2 of protocol with libtirpc.
The change proposed here, introduces an environment variable
"RPCB_V2FIRST" so that, if defined, old behaviour is used.
This is more flexible and allow us to selectively pick what
application reverts to old behaviour instead of a system-wide
change.
Signed-off-by: Roberto Bergantinos Corpas <rbergant@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
Ali Abdallah [Thu, 14 Jul 2022 17:47:32 +0000 (13:47 -0400)]
Fix potential memory leak of parms.r_addr
During some valgrind test, the following is observed
==11391== 64 bytes in 4 blocks are definitely lost in loss record 11 of 16
==11391== at 0x4C2A2AF: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==11391== by 0x50ECED9: strdup (in /lib64/libc-2.22.so)
==11391== by 0x4E4AFBF: getclnthandle (in /lib64/libtirpc.so.3.0.0)
==11391== by 0x4E4BD8A: __rpcb_findaddr_timed (in /lib64/libtirpc.so.3.0.0)
==11391== by 0x4E443AF: clnt_tp_create_timed (in /lib64/libtirpc.so.3.0.0)
==11391== by 0x4E44580: clnt_create_timed (in /lib64/libtirpc.so.3.0.0)
==11391== by 0x400755: main (in /local/02/xdtadti/tirpc-test/client)
Signed-off-by: Steve Dickson <steved@redhat.com>
Petr Vorel [Thu, 20 Jan 2022 16:07:16 +0000 (11:07 -0500)]
Reintroduce INSTALL file
8652975 probably unintentionally replaced content of INSTALL with
symlink to /usr/share/automake-1.16/INSTALL. As it's not guaranteed it's
on each system, put the file back (version from automake 1.16,
previously older version was used).
Fixes: 8652975 ("Fix DoS vulnerability in libtirpc")
Signed-off-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Thu, 20 Jan 2022 16:05:33 +0000 (11:05 -0500)]
Removed current INSTALL file
Signed-off-by: Steve Dickson <steved@redhat.com>
Frank Sorenson [Mon, 17 Jan 2022 18:33:13 +0000 (13:33 -0500)]
libtirpc: Fix use-after-free accessing the error number
Free the cbuf after obtaining the error number.
Signed-off-by: Frank Sorenson <sorenson@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
Hsia-Jun(Randy) Li [Mon, 17 Jan 2022 18:28:45 +0000 (13:28 -0500)]
build: use autoconf archive to link pthread
For Android bionic, pthread is a part of that c library.
Signed-off-by: Hsia-Jun(Randy) Li <randy.li@synaptics.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
Hsia-Jun(Randy) Li [Mon, 17 Jan 2022 18:13:47 +0000 (13:13 -0500)]
_rpc_dtablesize: use portable system call
getdtablesize() is not specified in POSIX.1, Android won't
support it at all.
Signed-off-by: Hsia-Jun(Randy) Li <randy.li@synaptics.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
Hsia-Jun(Randy) Li [Mon, 17 Jan 2022 18:11:29 +0000 (13:11 -0500)]
rpc/types.h: fix android build
Android bionic doesn't those glibc defined types.
Signed-off-by: Hsia-Jun(Randy) Li <randy.li@synaptics.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
Dai Ngo [Sat, 21 Aug 2021 17:16:23 +0000 (13:16 -0400)]
Fix DoS vulnerability in libtirpc
Currently svc_run does not handle poll timeout and rendezvous_request
does not handle EMFILE error returned from accept(2 as it used to.
These two missing functionality were removed by commit
b2c9430f46c4.
The effect of not handling poll timeout allows idle TCP conections
to remain ESTABLISHED indefinitely. When the number of connections
reaches the limit of the open file descriptors (ulimit -n) then
accept(2) fails with EMFILE. Since there is no handling of EMFILE
error this causes svc_run() to get in a tight loop calling accept(2).
This resulting in the RPC service of svc_run is being down, it's
no longer able to service any requests.
RPC service rpcbind, statd and mountd are effected by this
problem.
Fix by enhancing rendezvous_request to keep the number of
SVCXPRT conections to 4/5 of the size of the file descriptor
table. When this thresold is reached, it destroys the idle
TCP connections or destroys the least active connection if
no idle connnction was found.
Fixes:
44bf15b8 rpcbind: don't use obsolete svc_fdset interface of libtirpc
Signed-off-by: dai.ngo@oracle.com
Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Mon, 10 May 2021 17:59:15 +0000 (13:59 -0400)]
Release: 1.3.2
Signed-off-by: Steve Dickson <steved@redhat.com>
Tom 'spot' Callaway [Wed, 5 May 2021 16:21:56 +0000 (12:21 -0400)]
Replace the final SunRPC licenses with BSD licenses
It was noticed there was a couple SunRPC licenses
were left from the work that was done in 2009-2010
(ea26246^..ba3945e). This converts them to BSD licenses.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1955239
Signed-off-by: Steve Dickson <steved@redhat.com>
Florian Weimer [Wed, 7 Apr 2021 14:37:14 +0000 (10:37 -0400)]
blacklist: Add a few more well known ports
Added:
873 # rsyncd
992 # SSL-enabled telnet
994 # irc
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1854147
Signed-off-by: Steve Dickson <steved@redhat.com>
Scott Mayhew [Mon, 15 Mar 2021 20:46:12 +0000 (16:46 -0400)]
libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS
Disallow calling auth_refresh from clnt_{dg,vc}_call if the client is
using RPCSEC_GSS. Doing so can recurse back into clnt_{dg,vc}_call,
where we'll self-deadlock waiting on the condition variable.
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Tue, 1 Dec 2020 15:06:57 +0000 (10:06 -0500)]
Release: 1.3.1
Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Mon, 30 Nov 2020 18:56:36 +0000 (13:56 -0500)]
Remove AUTH_DES interfaces from auth_des.h.
The unsupported AUTH_DES authentication has be
compiled out since commit
d918e41d889 (Wed Oct 9 2019)
replaced by API routines that return errors.
To maintain a stable API and to cause future apps
to fail to build, this patch removes the functions
declaration from the header file.
This also has the side effect of not changing
the SONAME which always causes pain.
Signed-off-by: Steve Dickson <steved@redhat.com>
Doug Nazar [Wed, 29 Jul 2020 14:17:40 +0000 (10:17 -0400)]
svc_dg: Free xp_netid during destroy
Signed-off-by: Doug Nazar <nazard@nazar.ca>
Signed-off-by: Steve Dickson <steved@redhat.com>
Jaime Caamano Ruiz [Thu, 25 Jun 2020 15:27:58 +0000 (11:27 -0400)]
Fix memory management issues of fd locks
Fix the use of an fd_lock referenced from private client data after it
was freed.
Signed-off-by: Steve Dickson <steved@redhat.com>
Jaime Caamano Ruiz [Tue, 16 Jun 2020 17:00:52 +0000 (13:00 -0400)]
libtirpc: replace array with list for per-fd locks
Currently per-fd locks for the clients are pre-allocated up to
the soft limit of maximum allowed open file desciptors per process as
defined in __rpc_dtbsize():
if (getrlimit(RLIMIT_NOFILE, &rl) == 0) {
return (tbsize = (int)rl.rlim_cur);
}
This limit can be arbitrarily large for any given process resulting in
unreasonable memory allocation. For example, for systemd PID1 process
this limit is set to
1073741816 since version 240. systemd is an
indirect user of this library as it fetches information about users,
groups, etc...
This patch proposes a list implementation of per-fd locks based on glibc
doubly linked lists. It also includes support for a fixed array based
pre-allocation up to a compile-time defined limit of locks for
equivalence to the previous implementation.
Signed-off-by: Steve Dickson <steved@redhat.com>
srinivasa rao cheruku [Thu, 28 May 2020 16:38:54 +0000 (12:38 -0400)]
__svc_vc_dodestroy: fix double free of xp_ltaddr.buf
In svc_fd_create(), upon error, freeing xp_ltaddr.buf and null
is returned to the caller as expected. The allocated SVCXPRT is
added to svc_pollfd and during destroy __svc_vc_dodestroy(),
xp_ltaddr.buf is being freed again causing double free.
Fix is to reset the pointer when ever freed first.
Reported-by: Sreedharbabu Vykuntam <sreedharbabu.vykuntam@quest.com>
Reviewed-by: Ian Kent <raven@themaw.net>
Signed-off-by: Srinivasarao Cheruku <srinivascheruku@yahoo.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Wed, 22 Apr 2020 16:18:43 +0000 (12:18 -0400)]
__rpc_dtbsize: rlim_cur instead of rlim_max
In the client code, rlim_max is used to allocate two
arrays used for multithread locking. These arrays are
indexed with open file descriptors.
With some recent changes to systemd, the rlim_max is
now a very large number and no longer represents the
max number of open file descriptors allowed causing
the locking arrays to be huge resulting in processes
being OOM killed.
It turns out the max number opens allowed in a process
is still fairly small (1023) which means rlim_cur (1024)
can be used instead of rlim_max.
Signed-off-by: Steve Dickson <steved@redhat.com>
Eli Schwartz [Mon, 27 Apr 2020 14:08:15 +0000 (10:08 -0400)]
pkg-config: use the correct replacements for libdir/includedir
They are defined pkg-config variables for a reason, let's reuse them as
is the intended usage of pkg-config. This ensures various pkg-config
features continue to work as expected.
Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Tue, 7 Apr 2020 13:24:34 +0000 (09:24 -0400)]
Release 1.2.6
Signed-off-by: Steve Dickson <steved@redhat.com>
Rosen Penev [Tue, 21 Jan 2020 16:51:16 +0000 (11:51 -0500)]
xdr_float: do not include bits/endian.h
bits/endian.h is an internal header. endian.h should be included.
Fixes compilation with recent musl.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
Mike Gilbert [Tue, 21 Jan 2020 16:49:35 +0000 (11:49 -0500)]
Avoid multiple-definiton with gcc -fno-common
GCC 10 enables -fno-common by default.
Fixes: https://bugs.gentoo.org/705896
Signed-off-by: Steve Dickson <steved@redhat.com>
Petr Vorel [Fri, 3 Jan 2020 14:57:04 +0000 (09:57 -0500)]
bindresvport.blacklist: Add 774 (rpasswd)
Signed-off-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Steve Dickson <steved@redhat.com>
Petr Vorel [Fri, 3 Jan 2020 14:55:28 +0000 (09:55 -0500)]
Add authdes_seccreate() stub
bf8f0b82d added back authdes_create() and authdes_pk_create() interfaces
also when authdes compiled out. Add also authdes_seccreate().
Found by LTP rpc-tirpc test, which fails to link:
/usr/lib64/gcc/x86_64-suse-linux/9/../../../../x86_64-suse-linux/bin/ld: /tmp/ccFanCMm.o: in function `main':
testcases/network/rpc/rpc-tirpc/tests_pack/rpc_suite/tirpc/tirpc_auth_authdes_seccreate/tirpc_authdes_seccreate.c:55: undefined reference to `authdes_seccreate'
Fixes:
bf8f0b82d ("Add back the authdes interfaces")
Signed-off-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Thu, 19 Dec 2019 18:55:48 +0000 (13:55 -0500)]
Release 1.2.5
Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Fri, 13 Dec 2019 18:36:28 +0000 (13:36 -0500)]
Removed some PRINTF_ARGS covscan errors
Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Thu, 5 Sep 2019 18:00:09 +0000 (14:00 -0400)]
clnt_vc_create: Removed a RESOURCE_LEAK covscan error
Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Thu, 12 Dec 2019 16:14:19 +0000 (11:14 -0500)]
Add back the authdes interfaces
Instead of compiling out the authdes interfaces
as commit
d918e41d8 did, add them back but
they will fail if called.
Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Wed, 9 Oct 2019 15:29:14 +0000 (11:29 -0400)]
Compile out the AUTH_DES support.
AUTH_DES authentication is dead! Has not been
supported in years and know the code is throwing
out coverity scan which don't make sense to fix.
The code is know compiled out by default.
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Tested-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
Fabrice Fontaine [Mon, 7 Oct 2019 20:26:02 +0000 (16:26 -0400)]
rpc/types.h: fix musl build
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Don't redefine existing typedef (u_char, u_long, ...) on musl
Fixes:
- http://autobuild.buildroot.net/results/
dbc07e383605a84eb19a2fd1899668612212518a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
Rosen Penev [Tue, 3 Sep 2019 14:57:56 +0000 (10:57 -0400)]
libtirpc: Remove deprecated b functions
Optionally fixes compilation with uClibc-ng.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
Stefano Garzarella [Tue, 3 Sep 2019 14:54:11 +0000 (10:54 -0400)]
xdr: add a defensive mask in xdr_int64_t() and xdr_u_int64_t()
In order to be more defensive, we should mask bits of u_int64_t
value if we want to use only the first 32bit.
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
Laurent Bigonville [Tue, 11 Jun 2019 15:53:14 +0000 (11:53 -0400)]
man/rpc_secure.3t: Fix typo in manpage
Currently the publickey parameter of the authdes_pk_create() function is
not displayed because of a typo
Signed-off-by: Steve Dickson <steved@redhat.com>
Petr Vorel [Tue, 11 Jun 2019 15:41:36 +0000 (11:41 -0400)]
Commit
e45bf420983e fixed issue for uclibc-ng, but on uclibc this
depends on __UCLIBC_HAS_RPC__.
This is old patch from Buildroot commit
c54af0a294 ("libtirpc: handle
the case where uClibc may have RPC support") by Thomas Petazzoni.
Fixes:
6d8d4b5a7bf6 ("Include string.h for memset")
Fixes:
e45bf420983e ("Fix struct rpcent for uclibc-ng")
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
Laurent Bigonville [Tue, 11 Jun 2019 15:34:16 +0000 (11:34 -0400)]
Makefile.am: Use LIBADD instead of LDFLAGS to link against krb5
LDFLAGS shouldn't be used to link against libraries as this would break
positional flags like --as-needed
Use LIBADD instead
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1639032
Signed-off-by: Steve Dickson <steved@redhat.com>
Ian Kent [Thu, 8 Nov 2018 18:26:57 +0000 (13:26 -0500)]
Fix EOF detection on non-blocking socket
From: Ian Kent <raven@themaw.net>
EOF on a non-blocking socket is incorrectly detected causing
the socket to be closed if a client sends the RPC request in
more than one write.
This is becuase ->read_vc() returns 0 for a real EOF and for
the error cases of EAGAIN or EWOULDBLOCK when there could be
more data to come. The caller of ->read_vc() also fails to
handle this case correctly returning XPRT_DIED in both cases.
Also the stream context setting that indicates the request
header has been reveived is not set after receiving the
header which causes incorrect interpretation of the input
for the case of a multiple read receive.
Signed-off-by: Ian Kent <raven@themaw.net>
Signed-off-by: Steve Dickson <steved@redhat.com>
Thomas Deutschmann [Thu, 8 Nov 2018 18:03:47 +0000 (13:03 -0500)]
getrpcent.c: fix typo
Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Thu, 8 Nov 2018 18:01:15 +0000 (13:01 -0500)]
__getpublickey_real: Removed a warning
In function ‘__getpublickey_real.part.0’,
inlined from ‘__getpublickey_real’:
getpublickey.c:77:9: warning: ‘strncpy’ output may be truncated copying 47 bytes from a string of length 143 [-Wstringop-truncation]
(void) strncpy(publickey, lookup, HEXKEYBYTES-1);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Steve Dickson <steved@redhat.com>
Zhi Li [Wed, 26 Sep 2018 18:05:29 +0000 (14:05 -0400)]
getnetconfig.c: fix a BAD_FREE (CWE-763)
Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Thu, 13 Sep 2018 18:24:26 +0000 (14:24 -0400)]
clnt_vc.c: remove a false positive from a covscan
Commit
55d146058 introduced the freeing of private data
of client connections due to a false positive from
a covscan.
Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Fri, 7 Sep 2018 17:42:44 +0000 (13:42 -0400)]
svc_simple.c: resource_leak
Variable "xdrbuf" going out of scope leaks the storage it points to.
Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Fri, 7 Sep 2018 17:39:53 +0000 (13:39 -0400)]
svc_generic.c: resource_leak
Variable "handle" going out of scope leaks the storage it points to.
Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Fri, 7 Sep 2018 17:36:18 +0000 (13:36 -0400)]
rtime.c: resource_leak
Handle variable "s" going out of scope leaks the handle.
Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Fri, 7 Sep 2018 17:34:50 +0000 (13:34 -0400)]
rpcb_clnt.c: resource_leak
Variable "nc_handle" going out of scope leaks the storage it points to.
Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Fri, 7 Sep 2018 17:18:26 +0000 (13:18 -0400)]
rpc_soc.c: buffer_size_warning
Calling strncpy with a maximum size argument of 108 bytes on
destination array "sun.sun_path" of size 108 bytes might
leave the destination string unterminated.
Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Fri, 7 Sep 2018 17:27:48 +0000 (13:27 -0400)]
rpc_soc.c: resource_leak
Variable "localhandle" going out of scope leaks the storage it points to.
Returning without closing handle "sock" leaks it.
Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Fri, 7 Sep 2018 17:06:16 +0000 (13:06 -0400)]
rpc_generic.c: resource_leak
Variable "handle" going out of scope leaks the storage it points to.
Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Fri, 7 Sep 2018 17:00:39 +0000 (13:00 -0400)]
getnetpath.c: resource_leak
Variable "np_sessionp" going out of scope leaks the storage it points to.
Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Fri, 7 Sep 2018 16:56:00 +0000 (12:56 -0400)]
getnetconfig.c: cppcheck_warning
Memory leak: p
Memory leak: tmp
Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Fri, 7 Sep 2018 16:51:25 +0000 (12:51 -0400)]
clnt_vc.c: resource_leak
Variable "ct" going out of scope leaks the storage it points to.
Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Fri, 7 Sep 2018 16:41:30 +0000 (12:41 -0400)]
clnt_bcast.c: resource_leak
Variable "sys_auth" going out of scope leaks the storage it points to.
Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Fri, 7 Sep 2018 16:35:47 +0000 (12:35 -0400)]
auth_gss.c: buffer_size_warning
Calling strncpy with a maximum size argument of 128 bytes on
destination array "options_ret->actual_mechanism" of size 128
bytes might leave the destination string unterminated
Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Fri, 7 Sep 2018 16:25:20 +0000 (12:25 -0400)]
auth_gss.c: resource_leak
Variable "gd" going out of scope leaks the storage it points to.
Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Mon, 27 Aug 2018 14:03:53 +0000 (10:03 -0400)]
Release 1.1.4
Signed-off-by: Steve Dickson <steved@redhat.com>
Olaf Kirch [Thu, 23 Aug 2018 15:20:11 +0000 (11:20 -0400)]
make libtirpc honor /etc/bindresvport.blacklist
Signed-off-by: Olaf Kirch <okir@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
Jayakrishna Menon [Thu, 19 Jul 2018 14:17:06 +0000 (10:17 -0400)]
Fixed Integer overflows in clnt_vc_create and clnt_dg_create
There exits a possibility of an integer overflow in the
clnt_vc_create @ src/clnt_vc.c : 217 and
clnt_dg_create @ src/clnt_dg.c : 176.
In clnt_dg_create, the integer dtbsize is multiplied
with the size of the cond_t structure to get the total
number of bytes to be allocated.
The integer dtbsize is the value returned by a call to __rpc_dtbsize.
163: int cv_allocsz;
164: size_t fd_allocsz;
165: int dtbsize = __rpc_dtbsize();
176: cv_allocsz = dtbsize * sizeof (cond_t);
On a 32 bit version, the integer dtbsize is multiplied with the value 48.
The value returned by __rpc_dtbsize is the hard limit on the maximum
number of file descriptors which is 2^20 by default in my Ubuntu 16.04.
If this hard limit was increased to a value greater than 2^27,
this multiplication would overflow and result in a value smaller
than the expected size.
I understand that changing the hard limit on the maximum value of file
descriptors requires root privilege. But it would be reasonable
to double check this value before using it in calculations.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1600284
From: Jayakrishna Menon <jkrshnmenon@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
Thomas Blume [Wed, 18 Jul 2018 17:54:34 +0000 (13:54 -0400)]
rpcb_clnt.c: pass the version argument to __try_protocol_version_2
Fixes:
5e7b57bc20bd ("rpcinfo: change order of version to be tried to 4, 3, 2")
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Thomas Blume <Thomas.Blume@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Wed, 11 Jul 2018 15:21:39 +0000 (11:21 -0400)]
xdrstdio_create buffers do not output encoded values on ppc
The cause is that the xdr_putlong uses a long to store the
converted value, then passes it to fwrite as a byte buffer.
Only the first 4 bytes are written, which is okay for a LE
system after byteswapping, but writes all zeroes on BE systems.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1261738
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Tue, 10 Jul 2018 17:21:17 +0000 (13:21 -0400)]
Handle GARBAGE_ARGS response in rpcbind query
We have a report that some commercial NFS file servers still do not
support rpcbind v4 correctly. They return GARBAGE_ARGS instead of
PROG_MISMATCH or PROG_UNAVAIL, so our rpcbind client now errors out
immediately instead of trying a lower rpcbind version.
To address this, convert the "if () else if () else if ()" to a
switch statement to make it straightforward to add new status codes
to the error processing logic. Then, add a case for
RPC_CANTDECODEARGS (the API status code used when the remote
responds with GARBAGE_ARGS).
Reported-by: Yuan-Yao Sung <yysung@cs.nctu.edu.tw>
Fixes:
5e7b57bc20bd ("rpcinfo: change order of version to be ... ")
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Tested-by: Yuan-Yao Sung <yysung@cs.nctu.edu.tw>
Signed-off-by: Steve Dickson <steved@redhat.com>
Thomas Blume [Wed, 18 Apr 2018 12:44:49 +0000 (08:44 -0400)]
Fix regression introduced by change rpc version order patch
Fix a socket leak introduced by commit
5e7b57bc20bd9cadff
(rpcinfo: change order of version to be tried to 4, 3, 2)
The new function __try_protocol_version_2 doesn't return
the client, so it can't be closed via CLNT_DESTROY in the
calling function.
Signed-off-by: Thomas Blume <Thomas.Blume@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Thu, 12 Apr 2018 14:24:02 +0000 (10:24 -0400)]
clnt_create: Restore using reserve ports for client connections
Commit
46e04a73 changed clnt_create(3) not to
use reserve ports when binding a connection to
a server.
For certain legacy apps, like some of the NIS commands,
the client has to used reserve port to be able
to communicate with the server.
So the use of reserve ports in clnt_create(3)
has been restored.
Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Wed, 14 Mar 2018 13:55:12 +0000 (09:55 -0400)]
Release 1.0.3
Signed-off-by: Steve Dickson <steved@redhat.com>
Thomas Blume [Wed, 14 Mar 2018 13:51:51 +0000 (09:51 -0400)]
rpcinfo: change order of version to be tried to 4, 3, 2
When specifying TCP as transport on rpcinfo getport command (-T tcp),
the initial RPC getport packet is still sent as a UDP packet.
This is due to rpc protocol version 2 is tried first and
function getpmaphandle() states:
/*
* Try UDP only - there are some portmappers out
* there that use UDP only.
*/
Even on systems with newer rpc versions, this will hang when
the UDP port is blocked. That is a quite artifical limitation,
because UDP only portmappert should be really rare by now.
The attached code changes the order of versions to be tried
to 4, then 3 and use version 2 only as fallback.
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Thomas Blume <Thomas.Blume@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Tue, 6 Mar 2018 18:05:17 +0000 (13:05 -0500)]
clnt_dg_call: Change the memory allocation
Commit
2936f109590e add free()s on memory that
was allocated from the stack (via alloca()).
That type memory is automatically freed so
those added free()s was causing a double frees.
It was suggested allocating memory from the
stack can be a bit troublesome. So this patch
changes the memory allocation from the stack
to the heap which also eliminates the double frees.
Fixes:
2936f109590e ("clnt_dg_call: Fix a buffer overflow (CVE-2016-4429)")
BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1552163
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Thu, 1 Mar 2018 17:01:36 +0000 (12:01 -0500)]
clnt_dg_call: Fix a buffer overflow (CVE-2016-4429)
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1337142
Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Wed, 28 Feb 2018 15:15:53 +0000 (10:15 -0500)]
Avoid choosing reserved ports in legacy RPC APIs
Prevent a caller of legacy RPC client and server APIs from
dynamically allocating a well-known port number, when no port number
is provided. This is similar to recent changes to svc_tli_create(3)
and clnt_tli_create(3).
BugLink: https://bugzilla.linux-nfs.org/show_bug.cgi?id=320
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Wed, 28 Feb 2018 15:13:53 +0000 (10:13 -0500)]
Avoid choosing reserved ports in clnt_tli_create(3)
Callers of clnt_tli_create(3) can specify that an arbitrary port
number be dynamically assigned for the client socket being created.
clnt_tli_create(3) tries bindresvport(3) first in this case.
bindresvport(3) chooses a reserved port if the caller has
CAP_NET_ADMIN_BIND privilege. If this fails, bind(2) is used to
assign a port number from the range above 1024.
This approach becomes a problem should bindresvport(3) or bind(2)
happen to choose the port number of a well-known service. If the
caller is a long-running service (like rpc.statd), it indefinitely
blocks the IANA-assigned well-known service for that port from
starting.
When using the AUTH_SYS authentication flavor, RPC services can use
the remote client's source port number to determine whether the
client is privileged, and thus the UID and GID numbers in the RPC
are trustworthy. However, it's pretty easy for a man-in-the-middle
to replace these values while the RPC is in flight. The source port
number is no guarantee of actual security.
Therefore, remove the bindresvport step, and instead of invoking
bind(2) directly, use a mechanism which allocates the port number
from the dynamic port range described in RFC 6335 Section 6.
This also impacts all users of clnt_tli_create(3) within the
library, such as clnt_tp_create(3), and the portmap/rpcbind clients.
BugLink: https://bugzilla.linux-nfs.org/show_bug.cgi?id=320
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Wed, 28 Feb 2018 15:12:14 +0000 (10:12 -0500)]
Avoid choosing reserved ports in svc_tli_create(3)
Callers of svc_tli_create(3) can specify that an arbitrary port
number be dynamically assigned for the service listener being
created. svc_tli_create(3) tries bindresvport(3) first in this
case. bindresvport(3) chooses a reserved port if the caller has
CAP_NET_ADMIN_BIND privilege. If this fails, bind(2) is used to
assign a port number from the range above 1024.
This approach becomes a problem should bindresvport(3) or bind(2)
happen to choose the port number of a well-known service. If the
caller is a long-running service (like rpc.statd), the caller's
listener indefinitely blocks the IANA-assigned well-known service
for that port from starting.
Moreover, it seems that a reserved port is completely unnecessary
for listener sockets. It does not confer any extra privilege or
functionality to the listener socket, nor do remote clients infer
any extra privilege from a listener on a port number lower than
1024.
Therefore, remove the bindresvport step, and instead of invoking
bind(2) directly, use a mechanism which allocates the port number
from the dynamic port range described in RFC 6335 Section 6.
This also impacts all users of svc_tli_create(3) within the library,
such as svc_tp_create(3).
BugLink: https://bugzilla.linux-nfs.org/show_bug.cgi?id=320
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Wed, 28 Feb 2018 14:52:26 +0000 (09:52 -0500)]
Add an internal helper for binding to a dynamically-assigned port
Create a helper function akin to bindresvport(3) that instead binds
to a dynamically assigned port using the rules in RFC 6335 Section 6
to avoid all IANA-assigned service port numbers.
This is intended to remain an internal helper for the time being, so
this commit provides no header declaration.
All internal bindresvport(3) call sites manufacture an INADDR_ANY-
type address to pass to bind(2), so the helper handles that as well,
to avoid code duplication. This means that callers do not need to
pass in a sockaddr. Only an open socket is required.
BugLink: https://bugzilla.linux-nfs.org/show_bug.cgi?id=320
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Mon, 4 Dec 2017 14:42:52 +0000 (09:42 -0500)]
Make the license clauses consistent
It was pointed out that these to files have a
different licensing causes that the rest of
the library.
So this changes those clauses from GPL 2 to BSD-3
Signed-off-by: Steve Dickson <steved@redhat.com>
Thorsten Kukuk [Tue, 14 Nov 2017 15:46:37 +0000 (10:46 -0500)]
Add includes to pmap_clnt.h
When disabling the deprecated sunrpc code in glibc and build
openSUSE Tumbleweed completly with libtirpc, I found some programs
including rpc/pmap_clnt.h without all needed header files before.
Since the list is uncommon and a surprise (sunrpc did include them
in that header), I added them to the tirpc header, too:
Signed-off-by: Thorsten Kukuk <kukuk@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
Thorsten Kukuk [Tue, 14 Nov 2017 15:43:53 +0000 (10:43 -0500)]
Fix typo in src/libtirpc.map
Which prevents that key_secretkey_is_set will be exported.
Signed-off-by: Thorsten Kukuk <kukuk@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
Thorsten Kukuk [Tue, 14 Nov 2017 15:41:10 +0000 (10:41 -0500)]
Add some typedefs to rpc/types.h to allow applications be compiled with -std=iso9899:1990
When disabling the deprecated sunrpc code in glibc and build
openSUSE Tumbleweed completly with libtirpc, I found some programs
using non-standard -std= options. The following patch fixes the
compile problems (Patch is taken from glibc):
Signed-off-by: Thorsten Kukuk <kukuk@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
Thorsten Kukuk [Tue, 14 Nov 2017 15:39:08 +0000 (10:39 -0500)]
Include stdint.h from xdr_sizeof.c to avoid missing declaration errors.
Signed-off-by: Thorsten Kukuk <kukuk@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
Joshua Kinard [Wed, 23 Aug 2017 18:31:36 +0000 (14:31 -0400)]
Replace bzero() calls with equivalent memset() calls
As annotated in the bzero(3) man page, bzero() was marked as LEGACY in
POSIX.1-2001 and removed in POSIX.1-2008, and should be replaced with
memset() calls to write zeros to a memory region. The attached patch
replaces two bzero() calls and one __bzero() call in libtirpc with
equivalent memset() calls. The latter replacement fixes a compile error
under uclibc-ng, which lacks a definition for __bzero()
Signed-off-by: Joshua Kinard <kumba@gentoo.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Wed, 5 Jul 2017 15:02:23 +0000 (11:02 -0400)]
Release 1.0.2
Signed-off-by: Steve Dickson <steved@redhat.com>
Joshua Kinard [Wed, 5 Jul 2017 14:54:48 +0000 (10:54 -0400)]
Fix struct rpcent for uclibc-ng
Commit
6d8d4b5a7bf6 addresses an issue for musl, based on a description of
an earlier patch at https://patchwork.kernel.org/patch/5499671/. That
description notes uncertainty with uclibc, which also defines __GLIBC__.
This patch fixes the uclibc case by also checking for __UCLIBC__.
Fixes:
6d8d4b5a7bf6 ("Include string.h for memset")
Signed-off-by: Joshua Kinard <kumba@gentoo.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
Cc: Natanael Copa <ncopa@alpinelinux.org>
Guido Vranken [Mon, 15 May 2017 15:12:21 +0000 (11:12 -0400)]
Fix for CVE-2017-8779
Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Thu, 4 May 2017 16:14:12 +0000 (12:14 -0400)]
clnt_vc.c: Removed warning of clnt_read_vc_str not being used.
Signed-off-by: Steve Dickson <steved@redhat.com>
ksourav [Wed, 17 Aug 2016 20:01:29 +0000 (16:01 -0400)]
getrpcport: Possible buffer overflow in memcpy
The if condition, when true, can result in memcpy
overflow as source sizecan become greater than the
destination in memcpy. Modified the if condition
to prevent memcoy overflow.
Signed-off-by: ksourav <sourav.kir@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
Ian Kent [Thu, 2 Jun 2016 14:44:14 +0000 (10:44 -0400)]
handle concurrent connect calls in clnt_vc_create()
Now that the mutex is no longer held during possible connect(2) calls
in clnt_vc_create() it's possible for multiple threads to attempt the
connect concurrently.
So an EISCON error return is not failure case, handle it.
Signed-off-by: Steve Dickson <steved@redhat.com>
Paulo Andrade [Thu, 2 Jun 2016 14:39:30 +0000 (10:39 -0400)]
clnt_vc_create: Do not hold a global mutex during connect
A multi-threaded application, connecting to multiple rpc servers,
may dead lock if the connect call stalls on a non responsive server.
Signed-off-by: Paulo Andrade <pcpa@gnu.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
Paulo Andrade [Thu, 2 Jun 2016 14:35:52 +0000 (10:35 -0400)]
Record errno value before calling syslog
Unlikely to change, but stay in the safe side.
Signed-off-by: Paulo Andrade <pcpa@gnu.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
Paulo Andrade [Thu, 2 Jun 2016 14:33:48 +0000 (10:33 -0400)]
Make it clear rpc_createerr is thread safe
Avoid hidding it under a macro, and also avoid multiple function
calls when accessing structure fields.
Signed-off-by: Paulo Andrade <pcpa@gnu.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Thu, 2 Jun 2016 14:47:21 +0000 (10:47 -0400)]
Added some new files
Signed-off-by: Steve Dickson <steved@redhat.com>
Thorsten Kukuk [Mon, 4 Apr 2016 13:51:15 +0000 (09:51 -0400)]
Remove des*.c dependencies to glibc
Our des_impl.c has dependencies to glibc header files
and different arguments then our header file has.
Bring our own code in sync.
Signed-off-by: Thorsten Kukuk <kukuk@thkukuk.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
Thorsten Kukuk [Mon, 4 Apr 2016 13:48:04 +0000 (09:48 -0400)]
Compile des_crypt.c and des_impl.c
Add des_impl.c to become independent of deprecated functions of glibc
Fixes:
f17b44048003 ('Revert commit
c0547c56dafb')
Signed-off-by: Thorsten Kukuk <kukuk@thkukuk.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
Thorsten Kukuk [Mon, 4 Apr 2016 13:44:19 +0000 (09:44 -0400)]
Remove dependency to nis.h
libtirpc needs rpcsvc/nis.h for compiling, but does not
provide this head file. It's only provided by glibc,
if the sunrpc code is not marked as deprecated, and
by libnsl. But libnsl needs libtirpc to compile...
Signed-off-by: Steve Dickson <steved@redhat.com>
Thorsten Kukuk [Mon, 4 Apr 2016 13:37:32 +0000 (09:37 -0400)]
getpublickey.c: ifdef out yp headers
If we don't compile in YP support, don't include YP
Signed-off-by: Thorsten Kukuk <kukuk@thkukuk.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Tue, 8 Mar 2016 15:48:58 +0000 (10:48 -0500)]
authgss_refresh: Added debug statements
Log the reason why the clnt_call fails when debugging
is enabled.
Signed-off-by: Steve Dickson <steved@redhat.com>