pool/libtirpc
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Use correct source address on replies [bnc#587934,bnc#587811]

Browse Source 
- Prevent bindresvport from binding to blacklisted ports [bnc#579315]

OBS-URL: https://build.opensuse.org/package/show/Base:System/libtirpc?expand=0&rev=14
This commit is contained in:
Neil Brown 2011-02-22 05:08:58 +00:00 committed by Git OBS Bridge
parent 4850bcc3d8
commit 463503e466
4 changed files with 343 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

137
libtirpc-bindresvport_blacklist.patch Normal file
View File

@ -0,0 +1,137 @@
From: Olaf Kirch <okir@suse.de>
Subject: make libtirpc honor /etc/bindresvport.blacklist
Signed-off-by: Olaf Kirch <okir@suse.de>
Index: libtirpc-0.1.9/src/bindresvport.c
===================================================================
--- libtirpc-0.1.9.orig/src/bindresvport.c
+++ libtirpc-0.1.9/src/bindresvport.c
@@ -40,7 +40,10 @@
#include <netinet/in.h>
+#include <stdio.h>
+#include <ctype.h>
#include <errno.h>
+#include <stdlib.h>
#include <string.h>
#include <unistd.h>
@@ -66,6 +69,80 @@ bindresvport(sd, sin)
#define ENDPORT (IPPORT_RESERVED - 1)
#define NPORTS (ENDPORT - STARTPORT + 1)
+/*
+ * Read the file /etc/bindresvport.blacklist, so that we don't bind
+ * to these ports.
+ */
+
+static int blacklist_read;
+static int *list;
+static int list_size = 0;
+
+static void
+load_blacklist (void)
+{
+ FILE *fp;
+ char *buf = NULL;
+ size_t buflen = 0;
+ int size = 0, ptr = 0;
+
+ blacklist_read = 1;
+
+ fp = fopen ("/etc/bindresvport.blacklist", "r");
+ if (NULL == fp)
+ return;
+
+ while (!feof (fp))
+ {
+ unsigned long port;
+ char *tmp, *cp;
+ ssize_t n = getline (&buf, &buflen, fp);
+ if (n < 1)
+ break;
+
+ cp = buf;
+ tmp = strchr (cp, '#'); /* remove comments */
+ if (tmp)
+ *tmp = '\0';
+ while (isspace ((int)*cp)) /* remove spaces and tabs */
+ ++cp;
+ if (*cp == '\0') /* ignore empty lines */
+ continue;
+ if (cp[strlen (cp) - 1] == '\n')
+ cp[strlen (cp) - 1] = '\0';
+
+ port = strtoul (cp, &tmp, 0);
+ while (isspace(*tmp))
+ ++tmp;
+ if (*tmp != '\0' || (port == ULONG_MAX && errno == ERANGE))
+ continue;
+
+ /* Don't bother with out-of-range ports */
+ if (port < LOWPORT || port > ENDPORT)
+ continue;
+
+ if (ptr >= size)
+ {
+ size += 10;
+ list = realloc (list, size * sizeof (int));
+ if (list == NULL)
+ {
+ free (buf);
+ return;
+ }
+ }
+
+ list[ptr++] = port;
+ }
+
+ fclose (fp);
+
+ if (buf)
+ free (buf);
+
+ list_size = ptr;
+}
+
int
bindresvport_sa(sd, sa)
int sd;
@@ -85,6 +162,9 @@ bindresvport_sa(sd, sa)
int endport = ENDPORT;
int i;
+ if (!blacklist_read)
+ load_blacklist();
+
if (sa == NULL) {
salen = sizeof(myaddr);
sa = (struct sockaddr *)&myaddr;
@@ -125,12 +205,21 @@ bindresvport_sa(sd, sa)
errno = EADDRINUSE;
again:
for (i = 0; i < nports; ++i) {
- *portp = htons(port++);
- if (port > endport)
- port = startport;
- res = bind(sd, sa, salen);
+ int j;
+
+ /* Check if this port is not blacklisted. */
+ for (j = 0; j < list_size; j++)
+ if (port == list[j])
+ goto try_next_port;
+
+ *portp = htons(port);
+ res = bind(sd, sa, salen);
if (res >= 0 || errno != EADDRINUSE)
break;
+
+try_next_port:
+ if (++port > endport)
+ port = startport;
}
if (i == nports && startport != LOWPORT) {
startport = LOWPORT;

195
libtirpc-use-correct-source-addr-on-replies.patch Normal file
View File

@ -0,0 +1,195 @@
Patch by Olaf Kirch and Leonardo Chiquitto as attached with id 348693
at https://bugzilla.novell.com/show_bug.cgi?id=587934
diff --git a/src/svc_dg.c b/src/svc_dg.c
index 7df470e..edf7d17 100644
--- a/src/svc_dg.c
+++ b/src/svc_dg.c
@@ -76,6 +76,8 @@ static bool_t svc_dg_control(SVCXPRT *, const u_int, void *);
static int cache_get(SVCXPRT *, struct rpc_msg *, char **, size_t *);
static void cache_set(SVCXPRT *, size_t);
int svc_dg_enablecache(SVCXPRT *, u_int);
+static void svc_dg_enable_pktinfo(int, const struct __rpc_sockinfo *);
+static int svc_dg_valid_pktinfo(struct msghdr *);
/*
* Usage:
@@ -142,6 +144,9 @@ svc_dg_create(fd, sendsize, recvsize)
goto freedata;
__rpc_set_netbuf(&xprt->xp_ltaddr, &ss, slen);
+ /* Enable reception of IP*_PKTINFO control msgs */
+ svc_dg_enable_pktinfo(fd, &si);
+
xprt_register(xprt);
return (xprt);
freedata:
@@ -171,19 +176,37 @@ svc_dg_recv(xprt, msg)
XDR *xdrs = &(su->su_xdrs);
char *reply;
struct sockaddr_storage ss;
+ struct msghdr *mesgp;
+ struct iovec iov;
socklen_t alen;
size_t replylen;
ssize_t rlen;
again:
- alen = sizeof (struct sockaddr_storage);
- rlen = recvfrom(xprt->xp_fd, rpc_buffer(xprt), su->su_iosz, 0,
- (struct sockaddr *)(void *)&ss, &alen);
+ iov.iov_base = rpc_buffer(xprt);
+ iov.iov_len = su->su_iosz;
+ mesgp = &su->su_msghdr;
+ memset(mesgp, 0, sizeof(*mesgp));
+ mesgp->msg_iov = &iov;
+ mesgp->msg_iovlen = 1;
+ mesgp->msg_name = (struct sockaddr *)(void *) &ss;
+ mesgp->msg_namelen = sizeof (struct sockaddr_storage);
+ mesgp->msg_control = su->su_cmsg;
+ mesgp->msg_controllen = sizeof(su->su_cmsg);
+
+ rlen = recvmsg(xprt->xp_fd, mesgp, 0);
if (rlen == -1 && errno == EINTR)
goto again;
if (rlen == -1 || (rlen < (ssize_t)(4 * sizeof (u_int32_t))))
return (FALSE);
- __rpc_set_netbuf(&xprt->xp_rtaddr, &ss, alen);
+ __rpc_set_netbuf(&xprt->xp_rtaddr, &ss, mesgp->msg_namelen);
+
+ /* Check whether there's an IP_PKTINFO or IP6_PKTINFO control message.
+ * If yes, preserve it for svc_dg_reply; otherwise just zap an cmsgs */
+ if (!svc_dg_valid_pktinfo(mesgp)) {
+ mesgp->msg_control = NULL;
+ mesgp->msg_controllen = 0;
+ }
__xprt_set_raddr(xprt, &ss);
xdrs->x_op = XDR_DECODE;
@@ -194,8 +217,9 @@ again:
su->su_xid = msg->rm_xid;
if (su->su_cache != NULL) {
if (cache_get(xprt, msg, &reply, &replylen)) {
- (void)sendto(xprt->xp_fd, reply, replylen, 0,
- (struct sockaddr *)(void *)&ss, alen);
+ iov.iov_base = reply;
+ iov.iov_len = replylen;
+ (void) sendmsg(xprt->xp_fd, mesgp, 0);
return (FALSE);
}
}
@@ -216,10 +240,18 @@ svc_dg_reply(xprt, msg)
XDR_SETPOS(xdrs, 0);
msg->rm_xid = su->su_xid;
if (xdr_replymsg(xdrs, msg)) {
- slen = XDR_GETPOS(xdrs);
- if (sendto(xprt->xp_fd, rpc_buffer(xprt), slen, 0,
- (struct sockaddr *)xprt->xp_rtaddr.buf,
- (socklen_t)xprt->xp_rtaddr.len) == (ssize_t) slen) {
+ struct msghdr *msg = &su->su_msghdr;
+ struct iovec iov;
+
+ iov.iov_base = rpc_buffer(xprt);
+ iov.iov_len = slen = XDR_GETPOS(xdrs);
+ msg->msg_iov = &iov;
+ msg->msg_iovlen = 1;
+ msg->msg_name = (struct sockaddr *)(void *) xprt->xp_rtaddr.buf;
+ msg->msg_namelen = xprt->xp_rtaddr.len;
+ /* cmsg already set in svc_dg_recv */
+
+ if (sendmsg(xprt->xp_fd, msg, 0) == (ssize_t) slen) {
stat = TRUE;
if (su->su_cache)
cache_set(xprt, slen);
@@ -583,3 +615,76 @@ cache_get(xprt, msg, replyp, replylenp)
mutex_unlock(&dupreq_lock);
return (0);
}
+
+/*
+ * Enable reception of PKTINFO control messages
+ */
+void
+svc_dg_enable_pktinfo(int fd, const struct __rpc_sockinfo *si)
+{
+ int val = 1;
+
+ switch (si->si_af) {
+ case AF_INET:
+ (void) setsockopt(fd, SOL_IP, IP_PKTINFO, &val, sizeof(val));
+ break;
+
+ case AF_INET6:
+ (void) setsockopt(fd, SOL_IPV6, IPV6_PKTINFO, &val, sizeof(val));
+ break;
+ }
+}
+
+/*
+ * When given a control message received from the socket
+ * layer, check whether it contains valid PKTINFO data matching
+ * the address family of the peer address.
+ */
+int
+svc_dg_valid_pktinfo(struct msghdr *msg)
+{
+ struct cmsghdr *cmsg;
+
+ if (!msg->msg_name)
+ return 0;
+
+ if (msg->msg_flags & MSG_CTRUNC)
+ return 0;
+
+ cmsg = CMSG_FIRSTHDR(msg);
+ if (cmsg == NULL || CMSG_NXTHDR(msg, cmsg) != NULL)
+ return 0;
+
+ switch (((struct sockaddr *) msg->msg_name)->sa_family) {
+ case AF_INET:
+ if (cmsg->cmsg_level != SOL_IP
+ || cmsg->cmsg_type != IP_PKTINFO
+ || cmsg->cmsg_len < CMSG_LEN(sizeof (struct in_pktinfo))) {
+ return 0;
+ } else {
+ struct in_pktinfo *pkti;
+
+ pkti = (struct in_pktinfo *) CMSG_DATA (cmsg);
+ pkti->ipi_ifindex = 0;
+ }
+ break;
+
+ case AF_INET6:
+ if (cmsg->cmsg_level != SOL_IPV6
+ || cmsg->cmsg_type != IPV6_PKTINFO
+ || cmsg->cmsg_len < CMSG_LEN(sizeof (struct in6_pktinfo))) {
+ return 0;
+ } else {
+ struct in6_pktinfo *pkti;
+
+ pkti = (struct in6_pktinfo *) CMSG_DATA (cmsg);
+ pkti->ipi6_ifindex = 0;
+ }
+ break;
+
+ default:
+ return 0;
+ }
+
+ return 1;
+}
diff --git a/tirpc/rpc/svc_dg.h b/tirpc/rpc/svc_dg.h
index 67d2564..88e7df7 100644
--- a/tirpc/rpc/svc_dg.h
+++ b/tirpc/rpc/svc_dg.h
@@ -46,6 +46,9 @@ struct svc_dg_data {
XDR su_xdrs; /* XDR handle */
char su_verfbody[MAX_AUTH_BYTES]; /* verifier body */
void *su_cache; /* cached data, NULL if none */
+
+ struct msghdr su_msghdr; /* msghdr received from clnt */
+ unsigned char su_cmsg[64]; /* cmsghdr received from clnt */
};
#define __rpcb_get_dg_xidp(x) (&((struct svc_dg_data *)(x)->xp_p2)->su_xid)

6
libtirpc.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Tue Feb 22 05:07:13 UTC 2011 - nfbrown@novell.com
- Use correct source address on replies [bnc#587934,bnc#587811]
- Prevent bindresvport from binding to blacklisted ports [bnc#579315]
-------------------------------------------------------------------
Sun Oct 31 12:37:02 UTC 2010 - jengelh@medozas.de

6
libtirpc.spec
View File

@ -24,7 +24,7 @@ License: Other uncritical OpenSource License ; Sun Industry Standards Sou
Group: System/Libraries
AutoReqProv: on
Version: 0.2.1_git201005272057
Release: 3
Release: 4
Summary: Transport Independent RPC Library
Url: http://sourceforge.net/projects/libtirpc/
Source: %{name}-%{version}.tar.bz2
@ -32,6 +32,8 @@ Patch21: libtirpc-clnt_broadcast_fix.patch
Patch22: libtirpc-rpc_broadcast_misformed_replies.patch
Patch31: libtirpc-getpmaphandle.patch
Patch32: libtirpc-pmap-setunset.patch
Patch33: libtirpc-use-correct-source-addr-on-replies.patch
Patch34: libtirpc-bindresvport_blacklist.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%define debug_package_requires libtirpc1 = %{version}-%{release}
@ -91,6 +93,8 @@ Authors:
%patch22 -p1
%patch31 -p1
%patch32 -p1
%patch33 -p1
%patch34 -p1
%build
mkdir m4 #bug