Compare commits

..

No commits in common. "c8s" and "c9-beta" have entirely different histories.
c8s ... c9-beta

23 changed files with 614 additions and 2137 deletions

3
.gitignore vendored
View File

@ -1,2 +1 @@
SOURCES/libtirpc-1.1.4.tar.bz2 SOURCES/libtirpc-1.3.3.tar.bz2
/libtirpc-1.1.4.tar.bz2

1
.libtirpc.metadata Normal file
View File

@ -0,0 +1 @@
6e52c39148494e4836e2d5d4f28b11ddfa65394b SOURCES/libtirpc-1.3.3.tar.bz2

View File

@ -0,0 +1,51 @@
commit a013336ecdc476d7357398d9cd24b114070bb767
Author: Rosen Penev <rosenp@gmail.com>
Date: Tue Oct 25 12:34:56 2022 -0400
Add missing extern
Fixes compilation warning.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/src/svc_auth.c b/src/svc_auth.c
index ce8bbd8..789d6af 100644
--- a/src/svc_auth.c
+++ b/src/svc_auth.c
@@ -66,6 +66,9 @@ static struct authsvc *Auths = NULL;
extern SVCAUTH svc_auth_none;
+#ifdef AUTHDES_SUPPORT
+extern enum auth_stat _svcauth_des(struct svc_req *rqst, struct rpc_msg *msg);
+#endif
/*
* The call rpc message, msg has been obtained from the wire. The msg contains
* the raw form of credentials and verifiers. authenticate returns AUTH_OK
commit 55526c52a449907e4d34b829b96141afab530b23
Author: Zhi Li <yieli@redhat.com>
Date: Mon Oct 24 13:46:54 2022 -0400
bindresvport.c: fix a potential resource leakage
Close the FILE *fp of load_blacklist() in another
return path to avoid potential resource leakage.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2135405
Signed-off-by: Zhi Li <yieli@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/src/bindresvport.c b/src/bindresvport.c
index 5c0ddcf..efeb1cc 100644
--- a/src/bindresvport.c
+++ b/src/bindresvport.c
@@ -130,6 +130,7 @@ load_blacklist (void)
if (list == NULL)
{
free (buf);
+ fclose (fp);
return;
}
}

View File

@ -0,0 +1,51 @@
commit 4a2d85c64110ee9e21a8c4f9dafd6b0ae621506d
Author: Zhi Li <yieli@redhat.com>
Date: Fri Oct 28 14:19:04 2022 -0400
clnt_raw.c: fix a possible null pointer dereference
Since clntraw_private could be dereferenced before
allocated, protect it by checking its value in advance.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2138317
Signed-off-by: Zhi Li <yieli@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/src/clnt_raw.c b/src/clnt_raw.c
index 31f9d0c..03f839d 100644
--- a/src/clnt_raw.c
+++ b/src/clnt_raw.c
@@ -142,7 +142,7 @@ clnt_raw_call(h, proc, xargs, argsp, xresults, resultsp, timeout)
struct timeval timeout;
{
struct clntraw_private *clp = clntraw_private;
- XDR *xdrs = &clp->xdr_stream;
+ XDR *xdrs;
struct rpc_msg msg;
enum clnt_stat status;
struct rpc_err error;
@@ -154,6 +154,7 @@ clnt_raw_call(h, proc, xargs, argsp, xresults, resultsp, timeout)
mutex_unlock(&clntraw_lock);
return (RPC_FAILED);
}
+ xdrs = &clp->xdr_stream;
mutex_unlock(&clntraw_lock);
call_again:
@@ -245,7 +246,7 @@ clnt_raw_freeres(cl, xdr_res, res_ptr)
void *res_ptr;
{
struct clntraw_private *clp = clntraw_private;
- XDR *xdrs = &clp->xdr_stream;
+ XDR *xdrs;
bool_t rval;
mutex_lock(&clntraw_lock);
@@ -254,6 +255,7 @@ clnt_raw_freeres(cl, xdr_res, res_ptr)
mutex_unlock(&clntraw_lock);
return (rval);
}
+ xdrs = &clp->xdr_stream;
mutex_unlock(&clntraw_lock);
xdrs->x_op = XDR_FREE;
return ((*xdr_res)(xdrs, res_ptr));

View File

@ -0,0 +1,31 @@
commit f7f0abdf267698de3f74a0285405b1b01f40893b
Author: Zhi Li <yieli@redhat.com>
Date: Wed Jan 11 11:19:31 2023 -0500
getnetconfigent: avoid potential DoS issue by removing unnecessary sleep
By adapting CodeChecker for libtirpc related tests, it complains
an improper waiting time for function getnetconfigent with
a valid input value, either it should be treated as a wrong
input or just take it as a proper value without sleeping
link: https://bugzilla.redhat.com/show_bug.cgi?id=2150611
Signed-off-by: Zhi Li <yieli@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/src/getnetconfig.c b/src/getnetconfig.c
index cfd33c2..d547dce 100644
--- a/src/getnetconfig.c
+++ b/src/getnetconfig.c
@@ -436,11 +436,6 @@ getnetconfigent(netid)
fprintf(stderr, "in /etc/netconfig.\n");
fprintf(stderr, "Please change this to \"local\" manually ");
fprintf(stderr, "or run mergemaster(8).\n");
- fprintf(stderr, "See UPDATING entry 20021216 for details.\n");
- fprintf(stderr, "Continuing in 10 seconds\n\n");
- fprintf(stderr, "This warning will be removed 20030301\n");
- sleep(10);
-
}
/*

View File

@ -0,0 +1,30 @@
commit 22b1c0cd6076dcd7df822cd1181e98278dc865db
Author: Olga Kornievskaia <kolga@netapp.com>
Date: Wed Jan 3 17:50:42 2024 -0500
gssapi: fix rpc_gss_seccreate passed in cred
Fix rpc_gss_seccreate() usage of the passed in gss credential.
Fixes: 5f1fe4dde861 ("Pass time_req and input_channel_bindings through to init_sec_context")
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/src/auth_gss.c b/src/auth_gss.c
index e317664..9d18f96 100644
--- a/src/auth_gss.c
+++ b/src/auth_gss.c
@@ -842,9 +842,9 @@ rpc_gss_seccreate(CLIENT *clnt, char *principal, char *mechanism,
gd->sec = sec;
if (req) {
- sec.req_flags = req->req_flags;
+ gd->sec.req_flags = req->req_flags;
gd->time_req = req->time_req;
- sec.cred = req->my_cred;
+ gd->sec.cred = req->my_cred;
gd->icb = req->input_channel_bindings;
}

View File

@ -0,0 +1,322 @@
diff --git a/src/rpc_com.h b/src/rpc_com.h
index 76badef..ded72d1 100644
--- a/src/rpc_com.h
+++ b/src/rpc_com.h
@@ -60,6 +60,12 @@ bool_t __xdrrec_getrec(XDR *, enum xprt_stat *, bool_t);
void __xprt_unregister_unlocked(SVCXPRT *);
void __xprt_set_raddr(SVCXPRT *, const struct sockaddr_storage *);
+/* Evaluate to actual length of the `sockaddr_un' structure, whether
+ * abstract or not.
+ */
+#include <stddef.h>
+#define SUN_LEN_A(ptr) (offsetof(struct sockaddr_un, sun_path) \
+ + 1 + strlen((ptr)->sun_path + 1))
extern int __svc_maxrec;
diff --git a/src/rpc_generic.c b/src/rpc_generic.c
index aabbe4b..ee44c8d 100644
--- a/src/rpc_generic.c
+++ b/src/rpc_generic.c
@@ -650,7 +650,8 @@ __rpc_taddr2uaddr_af(int af, const struct netbuf *nbuf)
if (path_len < 0)
return NULL;
- if (asprintf(&ret, "%.*s", path_len, sun->sun_path) < 0)
+ if (asprintf(&ret, "%c%.*s", sun->sun_path[0] ?: '@',
+ path_len - 1, sun->sun_path + 1) < 0)
return (NULL);
break;
default:
@@ -682,9 +683,10 @@ __rpc_uaddr2taddr_af(int af, const char *uaddr)
/*
* AF_LOCAL addresses are expected to be absolute
- * pathnames, anything else will be AF_INET or AF_INET6.
+ * pathnames or abstract names, anything else will be
+ * AF_INET or AF_INET6.
*/
- if (*addrstr != '/') {
+ if (*addrstr != '/' && *addrstr != '@') {
p = strrchr(addrstr, '.');
if (p == NULL)
goto out;
@@ -747,6 +749,9 @@ __rpc_uaddr2taddr_af(int af, const char *uaddr)
strncpy(sun->sun_path, addrstr, sizeof(sun->sun_path) - 1);
ret->len = SUN_LEN(sun);
ret->maxlen = sizeof(struct sockaddr_un);
+ if (sun->sun_path[0] == '@')
+ /* Abstract address */
+ sun->sun_path[0] = '\0';
ret->buf = sun;
break;
default:
@@ -834,6 +839,7 @@ __rpc_sockisbound(int fd)
struct sockaddr_un usin;
} u_addr;
socklen_t slen;
+ int path_len;
slen = sizeof (struct sockaddr_storage);
if (getsockname(fd, (struct sockaddr *)(void *)&ss, &slen) < 0)
@@ -849,9 +855,9 @@ __rpc_sockisbound(int fd)
return (u_addr.sin6.sin6_port != 0);
#endif
case AF_LOCAL:
- /* XXX check this */
- memcpy(&u_addr.usin, &ss, sizeof(u_addr.usin));
- return (u_addr.usin.sun_path[0] != 0);
+ memcpy(&u_addr.usin, &ss, sizeof(u_addr.usin));
+ path_len = slen - offsetof(struct sockaddr_un, sun_path);
+ return path_len > 0;
default:
break;
}
diff --git a/src/rpc_soc.c b/src/rpc_soc.c
index fde121d..c6c93b5 100644
--- a/src/rpc_soc.c
+++ b/src/rpc_soc.c
@@ -701,7 +701,11 @@ svcunix_create(sock, sendsize, recvsize, path)
memset(&sun, 0, sizeof sun);
sun.sun_family = AF_LOCAL;
strncpy(sun.sun_path, path, (sizeof(sun.sun_path)-1));
- addrlen = sizeof(struct sockaddr_un);
+ if (sun.sun_path[0] == '@')
+ /* abstract address */
+ sun.sun_path[0] = '\0';
+
+ addrlen = SUN_LEN_A(&sun);
sa = (struct sockaddr *)&sun;
if (bind(sock, sa, addrlen) < 0)
diff --git a/src/rpcb_clnt.c b/src/rpcb_clnt.c
index 9838ebe..c2d554c 100644
--- a/src/rpcb_clnt.c
+++ b/src/rpcb_clnt.c
@@ -89,7 +89,7 @@ static struct address_cache *copy_of_cached(const char *, char *);
static void delete_cache(struct netbuf *);
static void add_cache(const char *, const char *, struct netbuf *, char *);
static CLIENT *getclnthandle(const char *, const struct netconfig *, char **);
-static CLIENT *local_rpcb(void);
+static CLIENT *local_rpcb(char **targaddr);
#ifdef NOTUSED
static struct netbuf *got_entry(rpcb_entry_list_ptr, const struct netconfig *);
#endif
@@ -431,19 +431,12 @@ getclnthandle(host, nconf, targaddr)
nconf->nc_netid, si.si_af, si.si_proto, si.si_socktype));
if (nconf->nc_protofmly != NULL && strcmp(nconf->nc_protofmly, NC_LOOPBACK) == 0) {
- client = local_rpcb();
+ client = local_rpcb(targaddr);
if (! client) {
LIBTIRPC_DEBUG(1, ("getclnthandle: %s",
clnt_spcreateerror("local_rpcb failed")));
goto out_err;
} else {
- struct sockaddr_un sun;
-
- if (targaddr) {
- *targaddr = malloc(sizeof(sun.sun_path));
- strncpy(*targaddr, _PATH_RPCBINDSOCK,
- sizeof(sun.sun_path));
- }
return (client);
}
} else {
@@ -493,6 +486,8 @@ getclnthandle(host, nconf, targaddr)
if (res)
freeaddrinfo(res);
out_err:
+ if (client && targaddr &&!*targaddr)
+ fprintf(stderr, "No targaddr provided\n");
if (!client && targaddr)
free(*targaddr);
return (client);
@@ -545,7 +540,8 @@ getpmaphandle(nconf, hostname, tgtaddr)
* rpcbind. Returns NULL on error and free's everything.
*/
static CLIENT *
-local_rpcb()
+local_rpcb(targaddr)
+ char **targaddr;
{
CLIENT *client;
static struct netconfig *loopnconf;
@@ -555,34 +551,50 @@ local_rpcb()
size_t tsize;
struct netbuf nbuf;
struct sockaddr_un sun;
+ int i;
/*
* Try connecting to the local rpcbind through a local socket
- * first. If this doesn't work, try all transports defined in
- * the netconfig file.
+ * first - trying both addresses. If this doesn't work, try all
+ * non-local transports defined in the netconfig file.
*/
- memset(&sun, 0, sizeof sun);
- sock = socket(AF_LOCAL, SOCK_STREAM, 0);
- if (sock < 0)
- goto try_nconf;
- sun.sun_family = AF_LOCAL;
- strcpy(sun.sun_path, _PATH_RPCBINDSOCK);
- nbuf.len = SUN_LEN(&sun);
- nbuf.maxlen = sizeof (struct sockaddr_un);
- nbuf.buf = &sun;
+ for (i = 0; i < 2; i++) {
+ memset(&sun, 0, sizeof sun);
+ sock = socket(AF_LOCAL, SOCK_STREAM, 0);
+ if (sock < 0)
+ goto try_nconf;
+ sun.sun_family = AF_LOCAL;
+ switch (i) {
+ case 0:
+ memcpy(sun.sun_path, _PATH_RPCBINDSOCK_ABSTRACT,
+ sizeof(_PATH_RPCBINDSOCK_ABSTRACT));
+ break;
+ case 1:
+ strcpy(sun.sun_path, _PATH_RPCBINDSOCK);
+ break;
+ }
+ nbuf.len = SUN_LEN_A(&sun);
+ nbuf.maxlen = sizeof (struct sockaddr_un);
+ nbuf.buf = &sun;
- tsize = __rpc_get_t_size(AF_LOCAL, 0, 0);
- client = clnt_vc_create(sock, &nbuf, (rpcprog_t)RPCBPROG,
- (rpcvers_t)RPCBVERS, tsize, tsize);
+ tsize = __rpc_get_t_size(AF_LOCAL, 0, 0);
+ client = clnt_vc_create(sock, &nbuf, (rpcprog_t)RPCBPROG,
+ (rpcvers_t)RPCBVERS, tsize, tsize);
- if (client != NULL) {
- /* Mark the socket to be closed in destructor */
- (void) CLNT_CONTROL(client, CLSET_FD_CLOSE, NULL);
- return client;
- }
+ if (client != NULL) {
+ /* Mark the socket to be closed in destructor */
+ (void) CLNT_CONTROL(client, CLSET_FD_CLOSE, NULL);
+ if (targaddr) {
+ if (sun.sun_path[0] == 0)
+ sun.sun_path[0] = '@';
+ *targaddr = strdup(sun.sun_path);
+ }
+ return client;
+ }
- /* Nobody needs this socket anymore; free the descriptor. */
- close(sock);
+ /* Nobody needs this socket anymore; free the descriptor. */
+ close(sock);
+ }
try_nconf:
@@ -636,7 +648,7 @@ try_nconf:
endnetconfig(nc_handle);
}
mutex_unlock(&loopnconf_lock);
- client = getclnthandle(hostname, loopnconf, NULL);
+ client = getclnthandle(hostname, loopnconf, targaddr);
return (client);
}
@@ -665,7 +677,7 @@ rpcb_set(program, version, nconf, address)
rpc_createerr.cf_stat = RPC_UNKNOWNADDR;
return (FALSE);
}
- client = local_rpcb();
+ client = local_rpcb(NULL);
if (! client) {
return (FALSE);
}
@@ -716,7 +728,7 @@ rpcb_unset(program, version, nconf)
RPCB parms;
char uidbuf[32];
- client = local_rpcb();
+ client = local_rpcb(NULL);
if (! client) {
return (FALSE);
}
@@ -772,7 +784,7 @@ got_entry(relp, nconf)
/*
* Quick check to see if rpcbind is up. Tries to connect over
- * local transport.
+ * local transport - first abstract, then regular.
*/
bool_t
__rpcbind_is_up()
@@ -799,15 +811,22 @@ __rpcbind_is_up()
if (sock < 0)
return (FALSE);
sun.sun_family = AF_LOCAL;
- strncpy(sun.sun_path, _PATH_RPCBINDSOCK, sizeof(sun.sun_path));
- if (connect(sock, (struct sockaddr *)&sun, sizeof(sun)) < 0) {
+ memcpy(sun.sun_path, _PATH_RPCBINDSOCK_ABSTRACT,
+ sizeof(_PATH_RPCBINDSOCK_ABSTRACT));
+ if (connect(sock, (struct sockaddr *)&sun, SUN_LEN_A(&sun)) == 0) {
close(sock);
- return (FALSE);
+ return (TRUE);
+ }
+
+ strncpy(sun.sun_path, _PATH_RPCBINDSOCK, sizeof(sun.sun_path));
+ if (connect(sock, (struct sockaddr *)&sun, sizeof(sun)) == 0) {
+ close(sock);
+ return (TRUE);
}
close(sock);
- return (TRUE);
+ return (FALSE);
}
#endif
@@ -1346,7 +1365,7 @@ rpcb_taddr2uaddr(nconf, taddr)
rpc_createerr.cf_stat = RPC_UNKNOWNADDR;
return (NULL);
}
- client = local_rpcb();
+ client = local_rpcb(NULL);
if (! client) {
return (NULL);
}
@@ -1380,7 +1399,7 @@ rpcb_uaddr2taddr(nconf, uaddr)
rpc_createerr.cf_stat = RPC_UNKNOWNADDR;
return (NULL);
}
- client = local_rpcb();
+ client = local_rpcb(NULL);
if (! client) {
return (NULL);
}
diff --git a/tirpc/rpc/rpcb_prot.h b/tirpc/rpc/rpcb_prot.h
index 7ae48b8..eb3a0c4 100644
--- a/tirpc/rpc/rpcb_prot.h
+++ b/tirpc/rpc/rpcb_prot.h
@@ -477,6 +477,7 @@ extern bool_t xdr_netbuf(XDR *, struct netbuf *);
#define RPCBVERS_4 RPCBVERS4
#define _PATH_RPCBINDSOCK "/var/run/rpcbind.sock"
+#define _PATH_RPCBINDSOCK_ABSTRACT "\0/run/rpcbind.sock"
#else /* ndef _KERNEL */
#ifdef __cplusplus
diff --git a/tirpc/rpc/rpcb_prot.x b/tirpc/rpc/rpcb_prot.x
index b21ac3d..472c11f 100644
--- a/tirpc/rpc/rpcb_prot.x
+++ b/tirpc/rpc/rpcb_prot.x
@@ -411,6 +411,7 @@ program RPCBPROG {
%#define RPCBVERS_4 RPCBVERS4
%
%#define _PATH_RPCBINDSOCK "/var/run/rpcbind.sock"
+%#define _PATH_RPCBINDSOCK_ABSTRACT "\0/run/rpcbind.sock"
%
%#else /* ndef _KERNEL */
%#ifdef __cplusplus

View File

@ -1,62 +1,41 @@
%define _root_libdir /%{_lib} %define _root_libdir /%{_lib}
Name: libtirpc Name: libtirpc
Version: 1.1.4 Version: 1.3.3
Release: 12%{?dist} Release: 9%{?dist}
Summary: Transport Independent RPC Library Summary: Transport Independent RPC Library
Group: System Environment/Libraries
License: SISSL and BSD License: SISSL and BSD
URL: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=summary URL: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=summary
Source0: http://downloads.sourceforge.net/libtirpc/libtirpc-%{version}.tar.bz2 Source0: http://downloads.sourceforge.net/libtirpc/libtirpc-%{version}.tar.bz2
#
# RHEL 8.0
#
# bz 1602598
Patch001: libtirpc-1.1.4-covscan.patch
# bz 1631614
Patch002: libtirpc-1.1.4-dup_ncp-bad-free.patch
#
# RHEL 8.1
#
# bz 1641875
Patch003: libtirpc-1.1.4-fix-EOF-non-block.patch
#
# RHEL 8.5
#
# bz 1854147
Patch004: libtirpc-1.1.4-blacklist.patch
# bz 1934866
Patch005: libtirpc-1.1.4-disallow-auth_refresh.patch
#
# RHEL 8.6
#
# bz 1940341
Patch006: libtirpc-1.1.4-dos-fix.patch
#
# RHEL 8.7
#
# bz 2042196
Patch007: libtirpc-1.1.4-dgcall-free.patch
# bz 2107650
Patch008: libtirpc-1.1.4-v2proto-mech.patch
# bz 2112116
Patch009: libtirpc-1.1.4-multithr-cleanup.patch
#
# RHEL 8.10
#
Patch010: libtirpc-1.1.4-null-ptrs-not-reused.patch
Patch011: libtirpc-1.1.4-double-free.patch
Patch012: libtirpc-1.1.4-null-ptrs-not-reused-fixed.patch
Patch013: libtirpc-1.1.4-ip_local_reserved_ports.patch
BuildRequires: automake, autoconf, libtool, pkgconfig BuildRequires: automake, autoconf, libtool, pkgconfig
BuildRequires: krb5-devel BuildRequires: krb5-devel
BuildRequires: gcc
BuildRequires: make
#
# RHEL9.2
#
Patch001: libtirpc-1.3.3-blacklist-close.patch
Patch002: libtirpc-1.3.3-clnt-raw-ptr.patch
#
# RHEL9.2
#
Patch003: libtirpc-1.3.3-dos-sleep.patch
#
# RHEL9.4
#
Patch004: libtirpc-1.3.3-null-ptrs-not-reused.patch
Patch005: libtirpc-1.3.3-gssd-context-creation.patch
Patch006: libtirpc-1.3.3-double-free.patch
Patch007: libtirpc-1.3.3-null-ptrs-not-reused-fixed.patch
#
# RHEL9.5
#
Patch008: libtirpc-1.3.3-rpcbind-abstract.patch
%description %description
This package contains SunLib's implementation of transport-independent This package contains SunLib's implementation of transport-independent
@ -72,9 +51,8 @@ by almost 70 vendors on all major operating systems. TS-RPC source code
%package devel %package devel
Summary: Development files for the libtirpc library Summary: Development files for the libtirpc library
Group: Development/Libraries
Requires: %{name}%{?_isa} = %{version}-%{release} Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: pkgconfig man-db Requires: pkgconfig
%description devel %description devel
This package includes header files and libraries necessary for This package includes header files and libraries necessary for
@ -106,30 +84,14 @@ rm -f %{buildroot}%{_root_libdir}/*.{a,la}
# Creat the man diretory # Creat the man diretory
mv %{buildroot}%{_mandir}/man3 %{buildroot}%{_mandir}/man3t mv %{buildroot}%{_mandir}/man3 %{buildroot}%{_mandir}/man3t
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%post devel
# Register the new man section
#if [ "$1" -eq 1 ]; then
# makewhatis -s 3t
#fi
%postun devel
# Remove the existance of the man section
#makewhatis -s 3t
%files %files
%defattr(-,root,root)
%doc AUTHORS ChangeLog NEWS README %doc AUTHORS ChangeLog NEWS README
%{_root_libdir}/libtirpc.so.* %{_root_libdir}/libtirpc.so.*
%config(noreplace)%{_sysconfdir}/netconfig %config(noreplace)%{_sysconfdir}/netconfig
%config(noreplace)%{_sysconfdir}/bindresvport.blacklist %config(noreplace)%{_sysconfdir}/bindresvport.blacklist
%files devel %files devel
%defattr(0644,root,root,755)
%{!?_licensedir:%global license %%doc} %{!?_licensedir:%global license %%doc}
%license COPYING %license COPYING
%dir %{_includedir}/tirpc %dir %{_includedir}/tirpc
@ -174,49 +136,118 @@ mv %{buildroot}%{_mandir}/man3 %{buildroot}%{_mandir}/man3t
%{_mandir}/*/* %{_mandir}/*/*
%changelog %changelog
* Fri Apr 26 2024 Steve Dickson <steved@redhat.com> 1.1.4-12 * Mon Jul 29 2024 Steve Dickson <steved@redhat.com> - 1.3.3-9
- binddynport.c honor ip_local_reserved_ports (RHEL-27005) - Support abstract addresses for rpcbind (RHEL-47027)
* Tue Mar 19 2024 Steve Dickson <steved@redhat.com> 1.1.4-11 * Tue Mar 19 2024 Steve Dickson <steved@redhat.com> - 1.3.3-8
- rpcb_clnt.c (fixed): Eliminate double frees in delete_cache() (RHEL-11293) - rpcb_clnt.c (fixed): Eliminate double frees in delete_cache() (RHEL-11183)
* Tue Mar 5 2024 Steve Dickson <steved@redhat.com> 1.1.4-10 * Wed Mar 13 2024 Steve Dickson <steved@redhat.com> - 1.3.3-7
- rpcb_clnt.c: Eliminate double frees in delete_cache() (RHEL-11293) - exception build (RHEL-11183)
* Mon Mar 4 2024 Steve Dickson <steved@redhat.com> 1.1.4-9 * Tue Mar 5 2024 Steve Dickson <steved@redhat.com> - 1.3.3-6
- Null pointers so they are not used again (RHEL-11370) - rpcb_clnt.c: Eliminate double frees in delete_cache() (RHEL-11183)
* Wed Aug 3 2022 Steve Dickson <steved@redhat.com> 1.1.4-8 * Mon Mar 4 2024 Steve Dickson <steved@redhat.com> - 1.3.3-5
- rpcb_clnt.c add mechanism to try v2 protocol first (bz 2107650) - Fix rpc_gss_seccreate() usage of the passed in gss credential. (RHEL-27936)
- Multithreaded cleanup (bz 2112116)
* Tue May 31 2022 Steve Dickson <steved@redhat.com> 1.1.4-7 * Mon Feb 19 2024 Pavel Reichl <preichl@redhat.com> - 1.3.3-4
- clnt_dg_call: Fix use-after-free accessing the error number (bz 2042196) - Add gating tests (rhel-7883)
* Thu Dec 2 2021 Steve Dickson <steved@redhat.com> 1.1.4-6 * Tue Jan 2 2024 Steve Dickson <steved@redhat.com> - 1.3.3-3
- Fix DoS vulnerability in libtirpc (bz 1940341) - Null pointers so they are not used again (RHEL-11371)
* Sat Apr 17 2021 Steve Dickson <steved@redhat.com> 1.1.4-5 * Thu May 18 2023 Steve Dickson <steved@redhat.com> - 1.3.3-2
- blacklist: Add a few more well known ports (bz 1854147) - getnetconfigent: avoid potential DoS (bz 2150611)
- Disallow calling auth_refresh from clnt_call with RPCSEC_GSS (bz 1934866)
* Wed Jul 24 2019 Steve Dickson <steved@redhat.com> 1.1.4-4 * Thu Nov 03 2022 Steve Dickson <steved@redhat.com> - 1.3.3-1
- Enable gating using reverse dependency testing of nfs-utils (bz 1681965) - bindresvport.c: fix a potential resource leakage (bz 2135405)
- Updated the URL (bz 1638671) - clnt_raw.c: fix a possible null pointer dereference (bz 2138317)
- Fix EOF detection on non-blocking socket (bz 1641875)
* Sat Oct 6 2018 Steve Dickson <steved@redhat.com> 1.1.4-3 * Mon Aug 15 2022 Steve Dickson <steved@redhat.com> - 1.3.3
- Fixed bad free in dup_ncp() (bz 1631614) - Rebased to libtirpc-1.3.3 (bz 2118157)
* Fri Sep 14 2018 Steve Dickson <steved@redhat.com> 1.1.4-2 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.3.2-1
- Removed a false positive from the covscan (bz 1602598) - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Tue Sep 11 2018 Steve Dickson <steved@redhat.com> 1.1.4-1 * Tue Jun 15 2021 Steve Dickson <steved@redhat.com> - 1.3.2
- Fixed issues found by covscan (bz 1602598) - Rebased to libtirpc-1.3.2 (bz 1959125)
* Fri Sep 7 2018 Steve Dickson <steved@redhat.com> 1.1.4-0 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.3.1-2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.1-1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Thu Dec 03 2020 Steve Dickson <steved@redhat.com> - 1.3.1
- Updated to latest upstream release: libtirpc-1-3-1 (bz 1903615)
* Tue Aug 04 2020 Steve Dickson <steved@redhat.com> 1.2.6-1.rc4
- Updated to the latest upstream RC release: libtirpc-1-2-7-rc4
* Tue Aug 04 2020 Tom Stellard <tstellar@redhat.com> - 1.2.6-2
- Add BuildRequires: gcc
- https://docs.fedoraproject.org/en-US/packaging-guidelines/C_and_C++/#_packaging
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.6-1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Apr 14 2020 Steve Dickson <steved@redhat.com> 1.2.6-0
- Updated to the latest upstream release: libtirpc-1-2-6 (bz 1822751)
* Tue Feb 18 2020 Steve Dickson <steved@redhat.com> 1.2.5-1.rc2
- Updated to the latest upstream RC release: libtirpc-1-2-6-rc2 (bz 1799601)
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.5-1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Dec 20 2019 Steve Dickson <steved@redhat.com> 1.2.5-0
Updated to latest upstream release: libtirpc-1-2-5 (bz 1785684)
* Fri Nov 01 2019 Petr Pisar <ppisar@redhat.com> - 1.1.4-3.rc3
- Remove a useless dependency on man-db from libtirpc-devel package
(bug #1496422)
* Thu Sep 05 2019 Steve Dickson <steved@redhat.com> 1.1.4-2.rc3
- Updated to latest upstream RC release: libtirpc-1-1-5-rc3
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.4-2.rc2.2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.4-2.rc2.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Thu Nov 8 2018 Steve Dickson <steved@redhat.com> 1.1.4-2.rc2
- Updated to latest upstream RC release: libtirpc-1-1-5-rc2
* Tue Nov 6 2018 Steve Dickson <steved@redhat.com> 1.1.4-2.rc1
- Remove ldconfig scriptlet (bz 1644103)
* Thu Sep 13 2018 Steve Dickson <steved@redhat.com> 1.1.4-1.rc1
- Removed a false positive from the covscan
* Tue Sep 11 2018 Steve Dickson <steved@redhat.com> 1.1.4-0.rc1
- Updated to latest upstream RC releasse (bz 1627832)
* Mon Aug 27 2018 Steve Dickson <steved@redhat.com> 1.1.4
- Updated to latest upstream release: libtirpc-1-1-4 (bz 1585558) - Updated to latest upstream release: libtirpc-1-1-4 (bz 1585558)
* Tue Jul 31 2018 Florian Weimer <fweimer@redhat.com> - 1.0.3-4.rc2
- Rebuild with fixed binutils
* Sun Jul 29 2018 Steve Dickson <steved@redhat.com> 1.0.3-3.rc2
- Update the libtirpc-1.0.4-rc2.patch to include big endian fixes (bz 1609208)
* Fri Jul 20 2018 Steve Dickson <steved@redhat.com> 1.0.3-2.rc2
- Updated to latest upstream RC release: libtirpc-1-0-4-rc2
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.3-2.rc1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Jul 10 2018 Steve Dickson <steved@redhat.com> 1.0.3-2.rc1
- Updated the URL (bz 1599795)
* Wed Apr 18 2018 Steve Dickson <steved@redhat.com> 1.0.3-1.rc1 * Wed Apr 18 2018 Steve Dickson <steved@redhat.com> 1.0.3-1.rc1
- Updated to latest upstream RC release: libtirpc-1-0-4-rc1 - Updated to latest upstream RC release: libtirpc-1-0-4-rc1

View File

@ -1,6 +0,0 @@
--- !Policy
product_versions:
- rhel-8
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: osci.brew-build.revdeps.integration}

View File

@ -1,15 +0,0 @@
diff -up libtirpc-1.1.4/doc/bindresvport.blacklist.save libtirpc-1.1.4/doc/bindresvport.blacklist
--- libtirpc-1.1.4/doc/bindresvport.blacklist.save 2021-04-17 13:04:20.092274589 -0400
+++ libtirpc-1.1.4/doc/bindresvport.blacklist 2021-04-17 13:04:45.609945925 -0400
@@ -8,6 +8,11 @@
631 # cups
636 # ldaps
664 # Secure ASF, used by IPMI on some cards
+749 # Kerberos V kadmin
+774 # rpasswd
+873 # rsyncd
921 # lwresd
+992 # SSL-enabled telnet
993 # imaps
+994 # irc
995 # pops

View File

@ -1,151 +0,0 @@
diff --git a/src/auth_gss.c b/src/auth_gss.c
index 5959893..7d08262 100644
--- a/src/auth_gss.c
+++ b/src/auth_gss.c
@@ -207,6 +207,7 @@ authgss_create(CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec)
rpc_createerr.cf_stat = RPC_SYSTEMERROR;
rpc_createerr.cf_error.re_errno = ENOMEM;
free(auth);
+ free(gd);
return (NULL);
}
}
@@ -592,7 +593,7 @@ _rpc_gss_refresh(AUTH *auth, rpc_gss_options_ret_t *options_ret)
if (rpc_gss_oid_to_mech(actual_mech_type, &mechanism)) {
strncpy(options_ret->actual_mechanism,
mechanism,
- sizeof(options_ret->actual_mechanism));
+ (sizeof(options_ret->actual_mechanism)-1));
}
gd->established = TRUE;
diff --git a/src/clnt_bcast.c b/src/clnt_bcast.c
index 98cf061..2ad6c89 100644
--- a/src/clnt_bcast.c
+++ b/src/clnt_bcast.c
@@ -330,6 +330,7 @@ rpc_broadcast_exp(prog, vers, proc, xargs, argsp, xresults, resultsp,
if (nettype == NULL)
nettype = "datagram_n";
if ((handle = __rpc_setconf(nettype)) == NULL) {
+ AUTH_DESTROY(sys_auth);
return (RPC_UNKNOWNPROTO);
}
while ((nconf = __rpc_getconf(handle)) != NULL) {
diff --git a/src/getnetconfig.c b/src/getnetconfig.c
index 92e7c43..d67d97d 100644
--- a/src/getnetconfig.c
+++ b/src/getnetconfig.c
@@ -709,6 +709,8 @@ struct netconfig *ncp;
p->nc_lookups = (char **)malloc((size_t)(p->nc_nlookups+1) * sizeof(char *));
if (p->nc_lookups == NULL) {
free(p->nc_netid);
+ free(p);
+ free(tmp);
return(NULL);
}
for (i=0; i < p->nc_nlookups; i++) {
diff --git a/src/getnetpath.c b/src/getnetpath.c
index 7c19932..ea1a18c 100644
--- a/src/getnetpath.c
+++ b/src/getnetpath.c
@@ -88,6 +88,7 @@ setnetpath()
}
if ((np_sessionp->nc_handlep = setnetconfig()) == NULL) {
syslog (LOG_ERR, "rpc: failed to open " NETCONFIG);
+ free(np_sessionp);
return (NULL);
}
np_sessionp->valid = NP_VALID;
diff --git a/src/rpc_generic.c b/src/rpc_generic.c
index 589cbd5..51f36ac 100644
--- a/src/rpc_generic.c
+++ b/src/rpc_generic.c
@@ -319,6 +319,7 @@ __rpc_setconf(nettype)
handle->nflag = FALSE;
break;
default:
+ free(handle);
return (NULL);
}
diff --git a/src/rpc_soc.c b/src/rpc_soc.c
index 5a6eeb7..a85cb17 100644
--- a/src/rpc_soc.c
+++ b/src/rpc_soc.c
@@ -663,15 +663,17 @@ svcunix_create(sock, sendsize, recvsize, path)
strcmp(nconf->nc_protofmly, NC_LOOPBACK) == 0)
break;
}
- if (nconf == NULL)
+ if (nconf == NULL) {
+ endnetconfig(localhandle);
return(xprt);
+ }
if ((sock = __rpc_nconf2fd(nconf)) < 0)
goto done;
memset(&sun, 0, sizeof sun);
sun.sun_family = AF_LOCAL;
- strncpy(sun.sun_path, path, sizeof(sun.sun_path));
+ strncpy(sun.sun_path, path, (sizeof(sun.sun_path)-1));
addrlen = sizeof(struct sockaddr_un);
sa = (struct sockaddr *)&sun;
@@ -692,6 +694,8 @@ svcunix_create(sock, sendsize, recvsize, path)
}
xprt = (SVCXPRT *)svc_tli_create(sock, nconf, &taddr, sendsize, recvsize);
+ if (xprt == NULL)
+ close(sock);
done:
endnetconfig(localhandle);
diff --git a/src/rpcb_clnt.c b/src/rpcb_clnt.c
index e45736a..0c34cb7 100644
--- a/src/rpcb_clnt.c
+++ b/src/rpcb_clnt.c
@@ -547,6 +547,7 @@ try_nconf:
if (tmpnconf == NULL) {
rpc_createerr.cf_stat = RPC_UNKNOWNPROTO;
mutex_unlock(&loopnconf_lock);
+ endnetconfig(nc_handle);
return (NULL);
}
loopnconf = getnetconfigent(tmpnconf->nc_netid);
diff --git a/src/rtime.c b/src/rtime.c
index b642840..29fbf0a 100644
--- a/src/rtime.c
+++ b/src/rtime.c
@@ -90,6 +90,7 @@ rtime(addrp, timep, timeout)
/* TCP and UDP port are the same in this case */
if ((serv = getservbyname("time", "tcp")) == NULL) {
+ do_close(s);
return(-1);
}
diff --git a/src/svc_generic.c b/src/svc_generic.c
index 52a56c2..20abaa2 100644
--- a/src/svc_generic.c
+++ b/src/svc_generic.c
@@ -113,6 +113,7 @@ svc_create(dispatch, prognum, versnum, nettype)
if (l == NULL) {
warnx("svc_create: no memory");
mutex_unlock(&xprtlist_lock);
+ __rpc_endconf(handle);
return (0);
}
l->xprt = xprt;
diff --git a/src/svc_simple.c b/src/svc_simple.c
index cb58002..c32fe0a 100644
--- a/src/svc_simple.c
+++ b/src/svc_simple.c
@@ -157,6 +157,7 @@ rpc_reg(prognum, versnum, procnum, progname, inproc, outproc, nettype)
((netid = strdup(nconf->nc_netid)) == NULL)) {
warnx(rpc_reg_err, rpc_reg_msg, __no_mem_str);
SVC_DESTROY(svcxprt);
+ free(xdrbuf);
break;
}
madenow = TRUE;

View File

@ -1,14 +0,0 @@
diff -up libtirpc-1.1.4/src/clnt_dg.c.orig libtirpc-1.1.4/src/clnt_dg.c
--- libtirpc-1.1.4/src/clnt_dg.c.orig 2022-05-31 08:14:09.408762537 -0400
+++ libtirpc-1.1.4/src/clnt_dg.c 2022-05-31 08:17:28.950764885 -0400
@@ -478,9 +478,9 @@ get_reply:
cmsg = CMSG_NXTHDR (&msg, cmsg))
if (cmsg->cmsg_level == SOL_IP && cmsg->cmsg_type == IP_RECVERR)
{
- mem_free(cbuf, (outlen + 256));
e = (struct sock_extended_err *) CMSG_DATA(cmsg);
cu->cu_error.re_errno = e->ee_errno;
+ mem_free(cbuf, (outlen + 256));
release_fd_lock(cu->cu_fd, mask);
return (cu->cu_error.re_status = RPC_CANTRECV);
}

View File

@ -1,76 +0,0 @@
diff -up libtirpc-1.1.4/src/auth_gss.c.orig libtirpc-1.1.4/src/auth_gss.c
--- libtirpc-1.1.4/src/auth_gss.c.orig 2021-04-17 13:11:03.229880600 -0400
+++ libtirpc-1.1.4/src/auth_gss.c 2021-04-17 13:15:10.722391798 -0400
@@ -982,3 +982,9 @@ rpc_gss_max_data_length(AUTH *auth, int
rpc_gss_clear_error();
return result;
}
+
+bool_t
+is_authgss_client(CLIENT *clnt)
+{
+ return (clnt->cl_auth->ah_ops == &authgss_ops);
+}
diff -up libtirpc-1.1.4/src/clnt_dg.c.orig libtirpc-1.1.4/src/clnt_dg.c
--- libtirpc-1.1.4/src/clnt_dg.c.orig 2018-08-27 10:06:49.000000000 -0400
+++ libtirpc-1.1.4/src/clnt_dg.c 2021-04-17 13:15:10.722391798 -0400
@@ -60,6 +60,9 @@
#include <sys/uio.h>
#endif
+#ifdef HAVE_RPCSEC_GSS
+#include <rpc/auth_gss.h>
+#endif
#define MAX_DEFAULT_FDS 20000
@@ -356,6 +359,11 @@ clnt_dg_call(cl, proc, xargs, argsp, xre
salen = cu->cu_rlen;
}
+#ifdef HAVE_RPCSEC_GSS
+ if (is_authgss_client(cl))
+ nrefreshes = 0;
+#endif
+
/* Clean up in case the last call ended in a longjmp(3) call. */
call_again:
xdrs = &(cu->cu_outxdrs);
diff -up libtirpc-1.1.4/src/clnt_vc.c.orig libtirpc-1.1.4/src/clnt_vc.c
--- libtirpc-1.1.4/src/clnt_vc.c.orig 2018-08-27 10:06:49.000000000 -0400
+++ libtirpc-1.1.4/src/clnt_vc.c 2021-04-17 13:15:10.723391824 -0400
@@ -68,6 +68,10 @@
#include <rpc/rpc.h>
#include "rpc_com.h"
+#ifdef HAVE_RPCSEC_GSS
+#include <rpc/auth_gss.h>
+#endif
+
#define MCALL_MSG_SIZE 24
#define CMGROUP_MAX 16
@@ -380,6 +384,11 @@ clnt_vc_call(cl, proc, xdr_args, args_pt
(xdr_results == NULL && timeout.tv_sec == 0
&& timeout.tv_usec == 0) ? FALSE : TRUE;
+#ifdef HAVE_RPCSEC_GSS
+ if (is_authgss_client(cl))
+ refreshes = 0;
+#endif
+
call_again:
xdrs->x_op = XDR_ENCODE;
ct->ct_error.re_status = RPC_SUCCESS;
diff -up libtirpc-1.1.4/tirpc/rpc/auth_gss.h.orig libtirpc-1.1.4/tirpc/rpc/auth_gss.h
--- libtirpc-1.1.4/tirpc/rpc/auth_gss.h.orig 2018-08-27 10:06:49.000000000 -0400
+++ libtirpc-1.1.4/tirpc/rpc/auth_gss.h 2021-04-17 13:15:10.723391824 -0400
@@ -120,6 +120,8 @@ void gss_log_debug (const char *fmt, ..
void gss_log_status (char *m, OM_uint32 major, OM_uint32 minor);
void gss_log_hexdump (const u_char *buf, int len, int offset);
+bool_t is_authgss_client (CLIENT *);
+
#ifdef __cplusplus
}
#endif

View File

@ -1,154 +0,0 @@
diff --git a/src/rpc_com.h b/src/rpc_com.h
index 10bec79..76badef 100644
--- a/src/rpc_com.h
+++ b/src/rpc_com.h
@@ -61,8 +61,7 @@ void __xprt_unregister_unlocked(SVCXPRT *);
void __xprt_set_raddr(SVCXPRT *, const struct sockaddr_storage *);
-SVCXPRT **__svc_xports;
-int __svc_maxrec;
+extern int __svc_maxrec;
#ifdef __cplusplus
}
diff --git a/src/svc.c b/src/svc.c
index b59467b..3a8709f 100644
--- a/src/svc.c
+++ b/src/svc.c
@@ -57,6 +57,9 @@
#define max(a, b) (a > b ? a : b)
+SVCXPRT **__svc_xports;
+int __svc_maxrec;
+
/*
* The services list
* Each entry represents a set of procedures (an rpc program).
@@ -191,6 +194,21 @@ __xprt_do_unregister (xprt, dolock)
rwlock_unlock (&svc_fd_lock);
}
+int
+svc_open_fds()
+{
+ int ix;
+ int nfds = 0;
+
+ rwlock_rdlock (&svc_fd_lock);
+ for (ix = 0; ix < svc_max_pollfd; ++ix) {
+ if (svc_pollfd[ix].fd != -1)
+ nfds++;
+ }
+ rwlock_unlock (&svc_fd_lock);
+ return (nfds);
+}
+
/*
* Add a service program to the callout list.
* The dispatch routine will be called when a rpc request for this
diff --git a/src/svc_vc.c b/src/svc_vc.c
index c23cd36..1729963 100644
--- a/src/svc_vc.c
+++ b/src/svc_vc.c
@@ -64,6 +64,8 @@
extern rwlock_t svc_fd_lock;
+extern SVCXPRT **__svc_xports;
+extern int svc_open_fds();
static SVCXPRT *makefd_xprt(int, u_int, u_int);
static bool_t rendezvous_request(SVCXPRT *, struct rpc_msg *);
@@ -82,6 +84,7 @@ static void svc_vc_ops(SVCXPRT *);
static bool_t svc_vc_control(SVCXPRT *xprt, const u_int rq, void *in);
static bool_t svc_vc_rendezvous_control (SVCXPRT *xprt, const u_int rq,
void *in);
+static int __svc_destroy_idle(int timeout);
struct cf_rendezvous { /* kept in xprt->xp_p1 for rendezvouser */
u_int sendsize;
@@ -312,13 +315,14 @@ done:
return (xprt);
}
+
/*ARGSUSED*/
static bool_t
rendezvous_request(xprt, msg)
SVCXPRT *xprt;
struct rpc_msg *msg;
{
- int sock, flags;
+ int sock, flags, nfds, cnt;
struct cf_rendezvous *r;
struct cf_conn *cd;
struct sockaddr_storage addr;
@@ -378,6 +382,16 @@ again:
gettimeofday(&cd->last_recv_time, NULL);
+ nfds = svc_open_fds();
+ if (nfds >= (_rpc_dtablesize() / 5) * 4) {
+ /* destroy idle connections */
+ cnt = __svc_destroy_idle(15);
+ if (cnt == 0) {
+ /* destroy least active */
+ __svc_destroy_idle(0);
+ }
+ }
+
return (FALSE); /* there is never an rpc msg to be processed */
}
@@ -819,3 +833,49 @@ __svc_clean_idle(fd_set *fds, int timeout, bool_t cleanblock)
{
return FALSE;
}
+
+static int
+__svc_destroy_idle(int timeout)
+{
+ int i, ncleaned = 0;
+ SVCXPRT *xprt, *least_active;
+ struct timeval tv, tdiff, tmax;
+ struct cf_conn *cd;
+
+ gettimeofday(&tv, NULL);
+ tmax.tv_sec = tmax.tv_usec = 0;
+ least_active = NULL;
+ rwlock_wrlock(&svc_fd_lock);
+
+ for (i = 0; i <= svc_max_pollfd; i++) {
+ if (svc_pollfd[i].fd == -1)
+ continue;
+ xprt = __svc_xports[i];
+ if (xprt == NULL || xprt->xp_ops == NULL ||
+ xprt->xp_ops->xp_recv != svc_vc_recv)
+ continue;
+ cd = (struct cf_conn *)xprt->xp_p1;
+ if (!cd->nonblock)
+ continue;
+ if (timeout == 0) {
+ timersub(&tv, &cd->last_recv_time, &tdiff);
+ if (timercmp(&tdiff, &tmax, >)) {
+ tmax = tdiff;
+ least_active = xprt;
+ }
+ continue;
+ }
+ if (tv.tv_sec - cd->last_recv_time.tv_sec > timeout) {
+ __xprt_unregister_unlocked(xprt);
+ __svc_vc_dodestroy(xprt);
+ ncleaned++;
+ }
+ }
+ if (timeout == 0 && least_active != NULL) {
+ __xprt_unregister_unlocked(least_active);
+ __svc_vc_dodestroy(least_active);
+ ncleaned++;
+ }
+ rwlock_unlock(&svc_fd_lock);
+ return (ncleaned);
+}

View File

@ -1,51 +0,0 @@
commit 959b2001458bca8f9228014371aad6ccbeb95a68
Author: Zhi Li <yieli@redhat.com>
Date: Wed Sep 26 14:05:29 2018 -0400
getnetconfig.c: fix a BAD_FREE (CWE-763)
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/src/getnetconfig.c b/src/getnetconfig.c
index d67d97d..cfd33c2 100644
--- a/src/getnetconfig.c
+++ b/src/getnetconfig.c
@@ -681,6 +681,7 @@ struct netconfig *ncp;
{
struct netconfig *p;
char *tmp;
+ char *t;
u_int i;
if ((tmp=malloc(MAXNETCONFIGLINE)) == NULL)
@@ -700,22 +701,21 @@ struct netconfig *ncp;
*/
*p = *ncp;
p->nc_netid = (char *)strcpy(tmp,ncp->nc_netid);
- tmp = strchr(tmp, 0) + 1;
- p->nc_protofmly = (char *)strcpy(tmp,ncp->nc_protofmly);
- tmp = strchr(tmp, 0) + 1;
- p->nc_proto = (char *)strcpy(tmp,ncp->nc_proto);
- tmp = strchr(tmp, 0) + 1;
- p->nc_device = (char *)strcpy(tmp,ncp->nc_device);
+ t = strchr(tmp, 0) + 1;
+ p->nc_protofmly = (char *)strcpy(t,ncp->nc_protofmly);
+ t = strchr(t, 0) + 1;
+ p->nc_proto = (char *)strcpy(t,ncp->nc_proto);
+ t = strchr(t, 0) + 1;
+ p->nc_device = (char *)strcpy(t,ncp->nc_device);
p->nc_lookups = (char **)malloc((size_t)(p->nc_nlookups+1) * sizeof(char *));
if (p->nc_lookups == NULL) {
- free(p->nc_netid);
free(p);
free(tmp);
return(NULL);
}
for (i=0; i < p->nc_nlookups; i++) {
- tmp = strchr(tmp, 0) + 1;
- p->nc_lookups[i] = (char *)strcpy(tmp,ncp->nc_lookups[i]);
+ t = strchr(t, 0) + 1;
+ p->nc_lookups[i] = (char *)strcpy(t,ncp->nc_lookups[i]);
}
return(p);
}

View File

@ -1,68 +0,0 @@
diff -up libtirpc-1.1.4/src/svc_vc.c.orig libtirpc-1.1.4/src/svc_vc.c
--- libtirpc-1.1.4/src/svc_vc.c.orig 2018-08-27 10:06:49.000000000 -0400
+++ libtirpc-1.1.4/src/svc_vc.c 2019-07-24 11:51:32.191485387 -0400
@@ -502,9 +502,14 @@ read_vc(xprtp, buf, len)
cfp = (struct cf_conn *)xprt->xp_p1;
if (cfp->nonblock) {
+ /* Since len == 0 is returned on zero length
+ * read or EOF errno needs to be reset before
+ * the read
+ */
+ errno = 0;
len = read(sock, buf, (size_t)len);
if (len < 0) {
- if (errno == EAGAIN)
+ if (errno == EAGAIN || errno == EWOULDBLOCK)
len = 0;
else
goto fatal_err;
diff -up libtirpc-1.1.4/src/xdr_rec.c.orig libtirpc-1.1.4/src/xdr_rec.c
--- libtirpc-1.1.4/src/xdr_rec.c.orig 2018-08-27 10:06:49.000000000 -0400
+++ libtirpc-1.1.4/src/xdr_rec.c 2019-07-24 11:51:32.191485387 -0400
@@ -61,6 +61,7 @@
#include <rpc/svc.h>
#include <rpc/clnt.h>
#include <stddef.h>
+#include <errno.h>
#include "rpc_com.h"
static bool_t xdrrec_getlong(XDR *, long *);
static bool_t xdrrec_putlong(XDR *, const long *);
@@ -537,7 +538,13 @@ __xdrrec_getrec(xdrs, statp, expectdata)
n = rstrm->readit(rstrm->tcp_handle, rstrm->in_hdrp,
(int)sizeof (rstrm->in_header) - rstrm->in_hdrlen);
if (n == 0) {
- *statp = expectdata ? XPRT_DIED : XPRT_IDLE;
+ /* EAGAIN or EWOULDBLOCK means a zero length
+ * read not an EOF.
+ */
+ if (errno == EAGAIN || errno == EWOULDBLOCK)
+ *statp = XPRT_IDLE;
+ else
+ *statp = expectdata ? XPRT_DIED : XPRT_IDLE;
return FALSE;
}
if (n < 0) {
@@ -564,6 +571,7 @@ __xdrrec_getrec(xdrs, statp, expectdata)
rstrm->in_header &= ~LAST_FRAG;
rstrm->last_frag = TRUE;
}
+ rstrm->in_haveheader = 1;
}
n = rstrm->readit(rstrm->tcp_handle,
@@ -576,7 +584,13 @@ __xdrrec_getrec(xdrs, statp, expectdata)
}
if (n == 0) {
- *statp = expectdata ? XPRT_DIED : XPRT_IDLE;
+ /* EAGAIN or EWOULDBLOCK means a zero length
+ * read not an EOF.
+ */
+ if (errno == EAGAIN || errno == EWOULDBLOCK)
+ *statp = XPRT_IDLE;
+ else
+ *statp = expectdata ? XPRT_DIED : XPRT_IDLE;
return FALSE;
}

View File

@ -1,185 +0,0 @@
From 20148930201b732c5dd1003933dd70543d3e929d Mon Sep 17 00:00:00 2001
From: Otto Hollmann <otto.hollmann@suse.com>
Date: Sat, 7 Oct 2023 03:48:22 -0400
Subject: [PATCH] binddynport.c honor ip_local_reserved_ports
Read reserved ports from /proc/sys/net/ipv4/ip_local_reserved_ports,
store them into bit-wise array and before binding to random port check
if port is not reserved.
Currently, there is no way how to reserve ports so then will not be
used by rpcbind.
Random ports are opened by rpcbind because of rmtcalls. There is
compile-time flag for disabling them, but in some cases we can not
simply disable them.
One solution would be run time option --enable-rmtcalls as already
discussed, but it was rejected. So if we want to keep rmtcalls enabled
and also be able to reserve some ports, there is no other way than
filtering available ports. The easiest and clearest way seems to be
just respect kernel list of ip_reserved_ports.
Unfortunately there is one known disadvantage/side effect - it affects
probability of ports which are right after reserved ones. The bigger
reserved block is, the higher is probability of selecting following
unreserved port. But if there is no reserved port, impact of this patch
is minimal/none.
Signed-off-by: Otto Hollmann <otto.hollmann@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
src/binddynport.c | 108 ++++++++++++++++++++++++++++++++++++++++++----
1 file changed, 100 insertions(+), 8 deletions(-)
diff --git a/src/binddynport.c b/src/binddynport.c
index 062629a..c2e9a20 100644
--- a/src/binddynport.c
+++ b/src/binddynport.c
@@ -37,6 +37,7 @@
#include <unistd.h>
#include <errno.h>
#include <string.h>
+#include <syslog.h>
#include <rpc/rpc.h>
@@ -56,6 +57,84 @@ enum {
NPORTS = ENDPORT - LOWPORT + 1,
};
+/*
+ * This function decodes information about given port from provided array and
+ * return if port is reserved or not.
+ *
+ * @reserved_ports an array of size at least "NPORTS / (8*sizeof(char)) + 1".
+ * @port port number within range LOWPORT and ENDPORT
+ *
+ * Returns 0 if port is not reserved, non-negative if port is reserved.
+ */
+static int is_reserved(char *reserved_ports, int port) {
+ port -= LOWPORT;
+ if (port < 0 || port >= NPORTS)
+ return 0;
+ return reserved_ports[port/(8*sizeof(char))] & 1<<(port%(8*sizeof(char)));
+}
+
+/*
+ * This function encodes information about given *reserved* port into provided
+ * array. Don't call this function for ports which are not reserved.
+ *
+ * @reserved_ports an array of size at least "NPORTS / (8*sizeof(char)) + 1".
+ * @port port number within range LOWPORT and ENDPORT
+ *
+ */
+static void set_reserved(char *reserved_ports, int port) {
+ port -= LOWPORT;
+ if (port < 0 || port >= NPORTS)
+ return;
+ reserved_ports[port/(8*sizeof(char))] |= 1<<(port%(8*sizeof(char)));
+}
+
+/*
+ * Parse local reserved ports obtained from
+ * /proc/sys/net/ipv4/ip_local_reserved_ports into bit array.
+ *
+ * @reserved_ports a zeroed array of size at least
+ * "NPORTS / (8*sizeof(char)) + 1". Will be used for bit-wise encoding of
+ * reserved ports.
+ *
+ * On each call, reserved ports are read from /proc and bit-wise stored into
+ * provided array
+ *
+ * Returns 0 on success, -1 on failure.
+ */
+
+static int parse_reserved_ports(char *reserved_ports) {
+ int from=0, to;
+ char delimiter = ',';
+ int res;
+ FILE * file_ptr = fopen("/proc/sys/net/ipv4/ip_local_reserved_ports","r");
+ if (file_ptr == NULL) {
+ (void) syslog(LOG_ERR,
+ "Unable to open open /proc/sys/net/ipv4/ip_local_reserved_ports.");
+ return -1;
+ }
+ do {
+ if ((res = fscanf(file_ptr, "%d", &to)) != 1) {
+ if (res == EOF) break;
+ goto err;
+ }
+ if (delimiter != '-') {
+ from = to;
+ }
+ for (int i = from; i <= to; ++i) {
+ set_reserved(reserved_ports, i);
+ }
+ } while ((res = fscanf(file_ptr, "%c", &delimiter)) == 1);
+ if (res != EOF)
+ goto err;
+ fclose(file_ptr);
+ return 0;
+err:
+ (void) syslog(LOG_ERR,
+ "An error occurred while parsing ip_local_reserved_ports.");
+ fclose(file_ptr);
+ return -1;
+}
+
/*
* Bind a socket to a dynamically-assigned IP port.
*
@@ -81,7 +160,8 @@ int __binddynport(int fd)
in_port_t port, *portp;
struct sockaddr *sap;
socklen_t salen;
- int i, res;
+ int i, res, array_size;
+ char *reserved_ports = NULL;
if (__rpc_sockisbound(fd))
return 0;
@@ -119,21 +199,33 @@ int __binddynport(int fd)
gettimeofday(&tv, NULL);
seed = tv.tv_usec * getpid();
}
+ array_size = NPORTS / (8*sizeof(char)) + 1;
+ reserved_ports = malloc(array_size);
+ if (!reserved_ports) {
+ goto out;
+ }
+ memset(reserved_ports, 0, array_size);
+ if (parse_reserved_ports(reserved_ports) < 0)
+ goto out;
+
port = (rand_r(&seed) % NPORTS) + LOWPORT;
for (i = 0; i < NPORTS; ++i) {
- *portp = htons(port++);
- res = bind(fd, sap, salen);
- if (res >= 0) {
- res = 0;
- break;
+ *portp = htons(port);
+ if (!is_reserved(reserved_ports, port++)) {
+ res = bind(fd, sap, salen);
+ if (res >= 0) {
+ res = 0;
+ break;
+ }
+ if (errno != EADDRINUSE)
+ break;
}
- if (errno != EADDRINUSE)
- break;
if (port > ENDPORT)
port = LOWPORT;
}
out:
+ free(reserved_ports);
mutex_unlock(&port_lock);
return res;
}
--
2.40.1

File diff suppressed because it is too large Load Diff

View File

@ -1,88 +0,0 @@
diff -up libtirpc-1.1.4/man/rpcbind.3t.orig libtirpc-1.1.4/man/rpcbind.3t
--- libtirpc-1.1.4/man/rpcbind.3t.orig 2018-08-27 10:06:49.000000000 -0400
+++ libtirpc-1.1.4/man/rpcbind.3t 2022-08-02 11:21:30.134642780 -0400
@@ -187,6 +187,8 @@ in
.El
.Sh AVAILABILITY
These functions are part of libtirpc.
+.Sh ENVIRONMENT
+If RPCB_V2FIRST is defined, rpcbind protocol version tryout algorithm changes from v4,v2,v3 to v2,v4,v3.
.Sh SEE ALSO
.Xr rpc_clnt_calls 3 ,
.Xr rpc_svc_calls 3 ,
diff -up libtirpc-1.1.4/src/rpcb_clnt.c.orig libtirpc-1.1.4/src/rpcb_clnt.c
--- libtirpc-1.1.4/src/rpcb_clnt.c.orig 2022-08-02 11:20:42.795833195 -0400
+++ libtirpc-1.1.4/src/rpcb_clnt.c 2022-08-02 11:21:30.135642797 -0400
@@ -818,7 +818,8 @@ error:
* The algorithm used: If the transports is TCP or UDP, it first tries
* version 4 (srv4), then 3 and then fall back to version 2 (portmap).
* With this algorithm, we get performance as well as a plan for
- * obsoleting version 2.
+ * obsoleting version 2. This behaviour is reverted to old algorithm
+ * if RPCB_V2FIRST environment var is defined
*
* For all other transports, the algorithm remains as 4 and then 3.
*
@@ -839,6 +840,10 @@ __rpcb_findaddr_timed(program, version,
#ifdef NOTUSED
static bool_t check_rpcbind = TRUE;
#endif
+
+#ifdef PORTMAP
+ static bool_t portmap_first = FALSE;
+#endif
CLIENT *client = NULL;
RPCB parms;
enum clnt_stat clnt_st;
@@ -895,8 +900,18 @@ __rpcb_findaddr_timed(program, version,
parms.r_addr = (char *) &nullstring[0];
}
- /* First try from start_vers(4) and then version 3 (RPCBVERS) */
+ /* First try from start_vers(4) and then version 3 (RPCBVERS), except
+ * if env. var RPCB_V2FIRST is defined */
+
+#ifdef PORTMAP
+ if (getenv(V2FIRST)) {
+ portmap_first = TRUE;
+ LIBTIRPC_DEBUG(3, ("__rpcb_findaddr_timed: trying v2-port first\n"));
+ goto portmap;
+ }
+#endif
+rpcbind:
CLNT_CONTROL(client, CLSET_RETRY_TIMEOUT, (char *) &rpcbrmttime);
for (vers = start_vers; vers >= RPCBVERS; vers--) {
/* Set the version */
@@ -944,10 +959,17 @@ __rpcb_findaddr_timed(program, version,
}
#ifdef PORTMAP /* Try version 2 for TCP or UDP */
+ if (portmap_first)
+ goto error; /* we tried all versions if reached here */
+portmap:
if (strcmp(nconf->nc_protofmly, NC_INET) == 0) {
address = __try_protocol_version_2(program, version, nconf, host, tp);
- if (address == NULL)
- goto error;
+ if (address == NULL) {
+ if (portmap_first)
+ goto rpcbind;
+ else
+ goto error;
+ }
}
#endif /* PORTMAP */
diff -up libtirpc-1.1.4/tirpc/rpc/pmap_prot.h.orig libtirpc-1.1.4/tirpc/rpc/pmap_prot.h
--- libtirpc-1.1.4/tirpc/rpc/pmap_prot.h.orig 2018-08-27 10:06:49.000000000 -0400
+++ libtirpc-1.1.4/tirpc/rpc/pmap_prot.h 2022-08-02 11:21:30.135642797 -0400
@@ -84,6 +84,8 @@
#define PMAPPROC_DUMP ((u_long)4)
#define PMAPPROC_CALLIT ((u_long)5)
+#define V2FIRST "RPCB_V2FIRST"
+
struct pmap {
long unsigned pm_prog;
long unsigned pm_vers;

View File

@ -1 +0,0 @@
SHA512 (libtirpc-1.1.4.tar.bz2) = 392f391f9fc1bd68d81dc44e4058831a64b32790b5c8c37338b0ab416fad2ae4d16389e632596734dba09780347918cc65c6f134e0c1afd09e81ec250785ed23