- libtirpc: set r_netid and r_owner in __rpcb_findaddr_timed

- libtirpc: be sure to free cl_netid and cl_tp - libtirpc: must free saved wire verifier when destroying context
2009-03-13 17:15:08 +00:00 · 2009-03-13 17:15:08 +00:00 · f49b8435bb
parent 0b87daf052
commit f49b8435bb
2 changed files with 101 additions and 1 deletions
--- a/libtirpc-0.1.10-rc1.patch
+++ b/libtirpc-0.1.10-rc1.patch
@ -0,0 +1,93 @@
+commit 1c8c2bf2f0b81b0fa1992894679786619c048a1e
+Author: Jeff Layton <jlayton@redhat.com>
+Date:   Fri Mar 13 12:44:16 2009 -0400
+
+    libtirpc: set r_netid and r_owner in __rpcb_findaddr_timed
+    
+    These fields in the rpcbind GETADDR call are being passed uninitialized
+    to CLNT_CALL. In the case of x86_64 at least, this usually leads to a
+    segfault. On x86, it sometimes causes segfaults and other times causes
+    garbage to be sent on the wire.
+    
+    rpcbind generally ignores the r_owner field for calls that come in over
+    the wire, so it really doesn't matter what we send in that slot. We just
+    need to send something. The reference implementation from Sun seems to
+    send a blank string. Have ours follow suit.
+    
+    Signed-off-by: Jeff Layton <jlayton@redhat.com>
+    Signed-off-by: Steve Dickson <steved@redhat.com>
+
+commit 956a049085101961593956d01084f7f713ea8ded
+Author: Jeff Layton <jlayton@redhat.com>
+Date:   Fri Mar 13 12:47:36 2009 -0400
+
+    libtirpc: be sure to free cl_netid and cl_tp
+    
+    When creating a client with clnt_tli_create, it uses strdup to copy
+    strings for these fields if nconf is passed in. clnt_dg_destroy frees
+    these strings already. Make sure clnt_vc_destroy frees them in the same
+    way.
+    
+    Signed-off-by: Jeff Layton <jlayton@redhat.com>
+    Signed-off-by: Steve Dickson <steved@redhat.com>
+
+commit fbe8b50728c565459f2678aa1ad4dfc6610d1f9e
+Author: Jeff Layton <jlayton@redhat.com>
+Date:   Fri Mar 13 12:48:40 2009 -0400
+
+    libtirpc: must free saved wire verifier when destroying context
+    
+    When we're destroying the authgss context, we must also free any
+    saved wire verifier that we have to keep from leaking memory.
+    
+    Signed-off-by: Jeff Layton <jlayton@redhat.com>
+    Signed-off-by: Steve Dickson <steved@redhat.com>
+
+
+diff -up libtirpc-0.1.10/src/auth_gss.c.orig libtirpc-0.1.10/src/auth_gss.c
+--- libtirpc-0.1.10/src/auth_gss.c.orig	2009-03-13 13:07:58.000000000 -0400
+++ libtirpc-0.1.10/src/auth_gss.c	2009-03-13 13:09:25.000000000 -0400
+@@ -567,6 +567,12 @@ authgss_destroy_context(AUTH *auth)
+ 		gss_delete_sec_context(&min_stat, &gd->ctx, NULL);
+ 		gd->ctx = GSS_C_NO_CONTEXT;
+ 	}
+
+	/* free saved wire verifier (if any) */
+	mem_free(gd->gc_wire_verf.value, gd->gc_wire_verf.length);
+	gd->gc_wire_verf.value = NULL;
+	gd->gc_wire_verf.length = 0;
+
+ 	gd->established = FALSE;
+ }
+ 
+diff -up libtirpc-0.1.10/src/clnt_vc.c.orig libtirpc-0.1.10/src/clnt_vc.c
+--- libtirpc-0.1.10/src/clnt_vc.c.orig	2008-11-19 08:01:43.000000000 -0500
+++ libtirpc-0.1.10/src/clnt_vc.c	2009-03-13 13:09:21.000000000 -0400
+@@ -646,6 +646,10 @@ clnt_vc_destroy(cl)
+ 	if (ct->ct_addr.buf)
+ 		free(ct->ct_addr.buf);
+ 	mem_free(ct, sizeof(struct ct_data));
+	if (cl->cl_netid && cl->cl_netid[0])
+		mem_free(cl->cl_netid, strlen(cl->cl_netid) +1);
+	if (cl->cl_tp && cl->cl_tp[0])
+		mem_free(cl->cl_tp, strlen(cl->cl_tp) +1);
+ 	mem_free(cl, sizeof(CLIENT));
+ 	mutex_unlock(&clnt_fd_lock);
+ 	thr_sigsetmask(SIG_SETMASK, &(mask), NULL);
+diff -up libtirpc-0.1.10/src/rpcb_clnt.c.orig libtirpc-0.1.10/src/rpcb_clnt.c
+--- libtirpc-0.1.10/src/rpcb_clnt.c.orig	2008-11-19 08:01:43.000000000 -0500
+++ libtirpc-0.1.10/src/rpcb_clnt.c	2009-03-13 13:09:16.000000000 -0400
+@@ -749,6 +749,13 @@ __rpcb_findaddr_timed(program, version, 
+ 	parms.r_addr = NULL;
+ 	parms.r_prog = program;
+ 	parms.r_vers = version;
+	parms.r_netid = nconf->nc_netid;
+
+	/*
+	 * According to wire captures, the reference implementation
+	 * (OpenSolaris) sends a blank string here too.
+	 */
+	parms.r_owner = "";
+ 
+ 	/*
+ 	 * Use default total timeout if no timeout is specified.
--- a/libtirpc.spec
+++ b/libtirpc.spec
@ -1,6 +1,6 @@
 Name:		   libtirpc
 Version:		0.1.10
-Release:		5%{?dist}
+Release:		6%{?dist}
 Summary:		Transport Independent RPC Library
 Group:		  	System Environment/Libraries
 License:		SISSL
@ -36,6 +36,7 @@ Patch03: libtirpc-0.1.10-C++declares.patch
 Patch04: libtirpc-0.1.10-svcreq-compat.patch
 Patch05: libtirpc-0.1.10-warnings.patch
 Patch06: libtirpc-0.1.10-uuid_t.patch
+Patch07: libtirpc-0.1.10-rc1.patch

 Patch100: libtirpc-0.1.7-compile.patch

@ -52,6 +53,7 @@ developing programs which use the tirpc library.
 %patch04	-p1
 %patch05	-p1
 %patch06	-p1
+%patch07	-p1

 %patch100	-p1

@ -150,6 +152,11 @@ rm -rf %{buildroot}
 %{_mandir}/*/*

 %changelog
+* Fri Mar 13 2009 Steve Dickson  <steved@redhat.com> 0.1.10-6
+- libtirpc: set r_netid and r_owner in __rpcb_findaddr_timed
+- libtirpc: be sure to free cl_netid and cl_tp
+- libtirpc: must free saved wire verifier when destroying context
+
 * Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.1.10-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild