import libtirpc-1.1.4-6.el8

This commit is contained in:
CentOS Sources 2022-05-10 03:17:36 -04:00 committed by Stepan Oksanichenko
parent 5980032b2d
commit ecda1515d8
2 changed files with 164 additions and 1 deletions

View File

@ -0,0 +1,154 @@
diff --git a/src/rpc_com.h b/src/rpc_com.h
index 10bec79..76badef 100644
--- a/src/rpc_com.h
+++ b/src/rpc_com.h
@@ -61,8 +61,7 @@ void __xprt_unregister_unlocked(SVCXPRT *);
void __xprt_set_raddr(SVCXPRT *, const struct sockaddr_storage *);
-SVCXPRT **__svc_xports;
-int __svc_maxrec;
+extern int __svc_maxrec;
#ifdef __cplusplus
}
diff --git a/src/svc.c b/src/svc.c
index b59467b..3a8709f 100644
--- a/src/svc.c
+++ b/src/svc.c
@@ -57,6 +57,9 @@
#define max(a, b) (a > b ? a : b)
+SVCXPRT **__svc_xports;
+int __svc_maxrec;
+
/*
* The services list
* Each entry represents a set of procedures (an rpc program).
@@ -191,6 +194,21 @@ __xprt_do_unregister (xprt, dolock)
rwlock_unlock (&svc_fd_lock);
}
+int
+svc_open_fds()
+{
+ int ix;
+ int nfds = 0;
+
+ rwlock_rdlock (&svc_fd_lock);
+ for (ix = 0; ix < svc_max_pollfd; ++ix) {
+ if (svc_pollfd[ix].fd != -1)
+ nfds++;
+ }
+ rwlock_unlock (&svc_fd_lock);
+ return (nfds);
+}
+
/*
* Add a service program to the callout list.
* The dispatch routine will be called when a rpc request for this
diff --git a/src/svc_vc.c b/src/svc_vc.c
index c23cd36..1729963 100644
--- a/src/svc_vc.c
+++ b/src/svc_vc.c
@@ -64,6 +64,8 @@
extern rwlock_t svc_fd_lock;
+extern SVCXPRT **__svc_xports;
+extern int svc_open_fds();
static SVCXPRT *makefd_xprt(int, u_int, u_int);
static bool_t rendezvous_request(SVCXPRT *, struct rpc_msg *);
@@ -82,6 +84,7 @@ static void svc_vc_ops(SVCXPRT *);
static bool_t svc_vc_control(SVCXPRT *xprt, const u_int rq, void *in);
static bool_t svc_vc_rendezvous_control (SVCXPRT *xprt, const u_int rq,
void *in);
+static int __svc_destroy_idle(int timeout);
struct cf_rendezvous { /* kept in xprt->xp_p1 for rendezvouser */
u_int sendsize;
@@ -312,13 +315,14 @@ done:
return (xprt);
}
+
/*ARGSUSED*/
static bool_t
rendezvous_request(xprt, msg)
SVCXPRT *xprt;
struct rpc_msg *msg;
{
- int sock, flags;
+ int sock, flags, nfds, cnt;
struct cf_rendezvous *r;
struct cf_conn *cd;
struct sockaddr_storage addr;
@@ -378,6 +382,16 @@ again:
gettimeofday(&cd->last_recv_time, NULL);
+ nfds = svc_open_fds();
+ if (nfds >= (_rpc_dtablesize() / 5) * 4) {
+ /* destroy idle connections */
+ cnt = __svc_destroy_idle(15);
+ if (cnt == 0) {
+ /* destroy least active */
+ __svc_destroy_idle(0);
+ }
+ }
+
return (FALSE); /* there is never an rpc msg to be processed */
}
@@ -819,3 +833,49 @@ __svc_clean_idle(fd_set *fds, int timeout, bool_t cleanblock)
{
return FALSE;
}
+
+static int
+__svc_destroy_idle(int timeout)
+{
+ int i, ncleaned = 0;
+ SVCXPRT *xprt, *least_active;
+ struct timeval tv, tdiff, tmax;
+ struct cf_conn *cd;
+
+ gettimeofday(&tv, NULL);
+ tmax.tv_sec = tmax.tv_usec = 0;
+ least_active = NULL;
+ rwlock_wrlock(&svc_fd_lock);
+
+ for (i = 0; i <= svc_max_pollfd; i++) {
+ if (svc_pollfd[i].fd == -1)
+ continue;
+ xprt = __svc_xports[i];
+ if (xprt == NULL || xprt->xp_ops == NULL ||
+ xprt->xp_ops->xp_recv != svc_vc_recv)
+ continue;
+ cd = (struct cf_conn *)xprt->xp_p1;
+ if (!cd->nonblock)
+ continue;
+ if (timeout == 0) {
+ timersub(&tv, &cd->last_recv_time, &tdiff);
+ if (timercmp(&tdiff, &tmax, >)) {
+ tmax = tdiff;
+ least_active = xprt;
+ }
+ continue;
+ }
+ if (tv.tv_sec - cd->last_recv_time.tv_sec > timeout) {
+ __xprt_unregister_unlocked(xprt);
+ __svc_vc_dodestroy(xprt);
+ ncleaned++;
+ }
+ }
+ if (timeout == 0 && least_active != NULL) {
+ __xprt_unregister_unlocked(least_active);
+ __svc_vc_dodestroy(least_active);
+ ncleaned++;
+ }
+ rwlock_unlock(&svc_fd_lock);
+ return (ncleaned);
+}

View File

@ -2,7 +2,7 @@
Name: libtirpc
Version: 1.1.4
Release: 5%{?dist}
Release: 6%{?dist}
Summary: Transport Independent RPC Library
Group: System Environment/Libraries
License: SISSL and BSD
@ -31,6 +31,12 @@ Patch004: libtirpc-1.1.4-blacklist.patch
# bz 1934866
Patch005: libtirpc-1.1.4-disallow-auth_refresh.patch
#
# RHEL 8.6
#
# bz 1940341
Patch006: libtirpc-1.1.4-dos-fix.patch
BuildRequires: automake, autoconf, libtool, pkgconfig
BuildRequires: krb5-devel
@ -150,6 +156,9 @@ mv %{buildroot}%{_mandir}/man3 %{buildroot}%{_mandir}/man3t
%{_mandir}/*/*
%changelog
* Thu Dec 2 2021 Steve Dickson <steved@redhat.com> 1.1.4-6
- Fix DoS vulnerability in libtirpc (bz 1940341)
* Sat Apr 17 2021 Steve Dickson <steved@redhat.com> 1.1.4-5
- blacklist: Add a few more well known ports (bz 1854147)
- Disallow calling auth_refresh from clnt_call with RPCSEC_GSS (bz 1934866)