OBS User unknown 2008-10-06 16:14:39 +00:00 committed by Git OBS Bridge
parent 2588dcf82a
commit 6290148e58
14 changed files with 756 additions and 48 deletions

View File

@ -1,13 +0,0 @@
Index: libtirpc-0.1.7/src/svc_vc.c
===================================================================
--- libtirpc-0.1.7.orig/src/svc_vc.c
+++ libtirpc-0.1.7/src/svc_vc.c
@@ -231,7 +231,7 @@ svc_fd_create(fd, sendsize, recvsize)
if (ss.ss_family == AF_INET) {
map_ipv4_to_ipv6((struct sockaddr_in *)&ss, &sin6);
} else {
- memcpy(&sin6, &ss, sizeof(ss));
+ memcpy(&sin6, &ss, sizeof(sin6));
}
ret->xp_rtaddr.maxlen = ret->xp_rtaddr.len = sizeof(ss);
ret->xp_rtaddr.buf = mem_alloc((size_t)sizeof(ss));

View File

@ -1,5 +1,7 @@
From 95c8f7227e6b15f2e430d7b87dadc95b2acd4a61 Mon Sep 17 00:00:00 2001
From: Olaf Kirch <okir@suse.de> From: Olaf Kirch <okir@suse.de>
Subject: Fix incorrect sizeof() in __rpc_getbroadifs Date: Tue, 2 Sep 2008 12:09:39 -0400
Subject: [PATCH] Fix incorrect sizeof() in __rpc_getbroadifs
__rpc_getbroadifs returns bad broadcast addresses on 32bit __rpc_getbroadifs returns bad broadcast addresses on 32bit
machines because when copying the broadcast addresses, ite machines because when copying the broadcast addresses, ite
@ -7,12 +9,16 @@ applies the sizeof() operator to a pointer to a sockaddr,
rather than the sockaddr itself. rather than the sockaddr itself.
Signed-off-by: Olaf Kirch <okir@suse.de> Signed-off-by: Olaf Kirch <okir@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
src/clnt_bcast.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
Index: libtirpc-0.1.7/src/clnt_bcast.c diff --git a/src/clnt_bcast.c b/src/clnt_bcast.c
=================================================================== index a96db45..aa2b8f2 100644
--- libtirpc-0.1.7.orig/src/clnt_bcast.c --- a/src/clnt_bcast.c
+++ libtirpc-0.1.7/src/clnt_bcast.c +++ b/src/clnt_bcast.c
@@ -163,7 +163,7 @@ __rpc_getbroadifs(int af, int proto, int @@ -163,7 +163,7 @@ __rpc_getbroadifs(int af, int proto, int socktype, broadlist_t *list)
/* memcpy(&bip->broadaddr, ifap->ifa_broadaddr, /* memcpy(&bip->broadaddr, ifap->ifa_broadaddr,
(size_t)ifap->ifa_broadaddr->sa_len);*/ (size_t)ifap->ifa_broadaddr->sa_len);*/
memcpy(&bip->broadaddr, ifap->ifa_broadaddr, memcpy(&bip->broadaddr, ifap->ifa_broadaddr,
@ -21,3 +27,6 @@ Index: libtirpc-0.1.7/src/clnt_bcast.c
sin = (struct sockaddr_in *)(void *)&bip->broadaddr; sin = (struct sockaddr_in *)(void *)&bip->broadaddr;
sin->sin_port = sin->sin_port =
((struct sockaddr_in *) ((struct sockaddr_in *)
--
1.5.6

View File

@ -1,5 +1,7 @@
From ea9f048761d0b9a2ab6310bffa07351f0b04d8c5 Mon Sep 17 00:00:00 2001
From: Olaf Kirch <okir@suse.de> From: Olaf Kirch <okir@suse.de>
Subject: Always make IPv6 sockets V6ONLY Date: Tue, 2 Sep 2008 12:11:15 -0400
Subject: [PATCH] Always make IPv6 sockets V6ONLY
Assume you have a netconfig file looking like this: Assume you have a netconfig file looking like this:
@ -25,15 +27,16 @@ its own using __rpc_nconf2fd.
I think this also improves portability, as BSD code assumes BSD I think this also improves portability, as BSD code assumes BSD
behavior, where this mapping does not occur either. behavior, where this mapping does not occur either.
Signed-off-by: okir@suse.de Signed-off-by: Olaf Kirch <okir@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
--- ---
src/rpc_generic.c | 9 ++++++++- src/rpc_generic.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-) 1 files changed, 8 insertions(+), 1 deletions(-)
Index: libtirpc/src/rpc_generic.c diff --git a/src/rpc_generic.c b/src/rpc_generic.c
=================================================================== index 583aff0..ff4ba16 100644
--- libtirpc.orig/src/rpc_generic.c --- a/src/rpc_generic.c
+++ libtirpc/src/rpc_generic.c +++ b/src/rpc_generic.c
@@ -525,11 +525,18 @@ int @@ -525,11 +525,18 @@ int
__rpc_nconf2fd(const struct netconfig *nconf) __rpc_nconf2fd(const struct netconfig *nconf)
{ {
@ -54,3 +57,6 @@ Index: libtirpc/src/rpc_generic.c
} }
int int
--
1.5.6

View File

@ -0,0 +1,32 @@
From 9e7ba0c7a02031294fefadfbca42b3dd5f2d841f Mon Sep 17 00:00:00 2001
From: Olaf Kirch <okir@suse.de>
Date: Tue, 16 Sep 2008 08:46:29 -0400
Subject: [PATCH] Fix for taddr2addr conversion bug of local addresses
When converting af_local socket addresses in taddr2uaddr, an incorrect
sizeof() would result in a truncated path string. As a result,
rpcbind will report the local /var/lib/rpcbind address to clients
as "/v" on a 32bit machine.
Signed-off-by: okir@suse.de
Signed-off-by: Steve Dickson <steved@redhat.com>
---
src/rpc_generic.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/rpc_generic.c b/src/rpc_generic.c
index ff4ba16..b436e3a 100644
--- a/src/rpc_generic.c
+++ b/src/rpc_generic.c
@@ -629,7 +629,7 @@ __rpc_taddr2uaddr_af(int af, const struct netbuf *nbuf)
/* if (asprintf(&ret, "%.*s", (int)(sun->sun_len -
offsetof(struct sockaddr_un, sun_path)),
sun->sun_path) < 0)*/
- if (asprintf(&ret, "%.*s", (int)(sizeof(sun) -
+ if (asprintf(&ret, "%.*s", (int)(sizeof(*sun) -
offsetof(struct sockaddr_un, sun_path)),
sun->sun_path) < 0)
--
1.5.6

View File

@ -0,0 +1,169 @@
From 628788c1cc84c86ee4cb36ee5d4fe8954e90fca5 Mon Sep 17 00:00:00 2001
From: Steve Dickson <steved@redhat.com>
Date: Tue, 16 Sep 2008 11:32:31 -0400
Subject: [PATCH] - Fixed version-info in src/Makefile.am to reflect the correct version
- Fixed some of warnings in: src/auth_time.c, src/clnt_dg.c and
src/clnt_raw.c
- Added some #ifdef NOTUSED around some code in src/rpbc_clnt.c
that was not being used...
Signed-off-by: Steve Dickson <steved@redhat.com>
---
src/Makefile.am | 2 +-
src/auth_time.c | 3 ++-
src/clnt_dg.c | 2 +-
src/clnt_raw.c | 6 ++++--
src/rpbc_clnt.c | 8 ++++++--
src/rpcb_clnt.c | 7 ++++++-
6 files changed, 20 insertions(+), 8 deletions(-)
diff --git a/src/Makefile.am b/src/Makefile.am
index edab300..a76c377 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -11,7 +11,7 @@ INCLUDES = -I../tirpc -DPORTMAP -DINET6 -DVERSION="\"$(VERSION)\"" \
lib_LTLIBRARIES = libtirpc.la
-libtirpc_la_LDFLAGS = -lnsl -lpthread -version-info 1:8:0
+libtirpc_la_LDFLAGS = -lnsl -lpthread -version-info 1:9:0
libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c bindresvport.c clnt_bcast.c \
clnt_dg.c clnt_generic.c clnt_perror.c clnt_raw.c clnt_simple.c \
diff --git a/src/auth_time.c b/src/auth_time.c
index d77bcf5..7cfbb7e 100644
--- a/src/auth_time.c
+++ b/src/auth_time.c
@@ -248,7 +248,8 @@ __rpc_get_time_offset(td, srv, thost, uaddr, netid)
nis_server tsrv;
void (*oldsig)() = NULL; /* old alarm handler */
struct sockaddr_in sin;
- int s = RPC_ANYSOCK, len;
+ int s = RPC_ANYSOCK;
+ socklen_t len;
int type = 0;
td->tv_sec = 0;
diff --git a/src/clnt_dg.c b/src/clnt_dg.c
index 0e35742..da01c5b 100644
--- a/src/clnt_dg.c
+++ b/src/clnt_dg.c
@@ -306,7 +306,7 @@ clnt_dg_call(cl, proc, xargs, argsp, xresults, resultsp, utimeout)
int nrefreshes = 2; /* number of times to refresh cred */
struct timeval timeout;
struct pollfd fd;
- int total_time, nextsend_time, tv;
+ int total_time, nextsend_time, tv=0;
struct sockaddr *sa;
sigset_t mask;
sigset_t newmask;
diff --git a/src/clnt_raw.c b/src/clnt_raw.c
index 36035c8..f184066 100644
--- a/src/clnt_raw.c
+++ b/src/clnt_raw.c
@@ -84,8 +84,8 @@ clnt_raw_create(prog, vers)
{
struct clntraw_private *clp;
struct rpc_msg call_msg;
- XDR *xdrs = &clp->xdr_stream;
- CLIENT *client = &clp->client_object;
+ XDR *xdrs;
+ CLIENT *client;
mutex_lock(&clntraw_lock);
clp = clntraw_private;
@@ -101,6 +101,8 @@ clnt_raw_create(prog, vers)
clp->_raw_buf = __rpc_rawcombuf;
clntraw_private = clp;
}
+ xdrs = &clp->xdr_stream;
+ client = &clp->client_object;
/*
* pre-serialize the static part of the call msg and stash it away
*/
diff --git a/src/rpbc_clnt.c b/src/rpbc_clnt.c
index 75811f0..0e25747 100644
--- a/src/rpbc_clnt.c
+++ b/src/rpbc_clnt.c
@@ -109,7 +109,9 @@ static void delete_cache(struct netbuf *);
static void add_cache(const char *, const char *, struct netbuf *, char *);
static CLIENT *getclnthandle(const char *, const struct netconfig *, char **);
static CLIENT *local_rpcb(void);
+#if NOTUSED
static struct netbuf *got_entry(rpcb_entry_list_ptr, const struct netconfig *);
+#endif
/*
* This routine adjusts the timeout used for calls to the remote rpcbind.
@@ -625,7 +627,7 @@ rpcb_unset(program, version, nconf)
CLNT_DESTROY(client);
return (rslt);
}
-
+#ifdef NOTUSED
/*
* From the merged list, find the appropriate entry
*/
@@ -657,7 +659,7 @@ got_entry(relp, nconf)
}
return (na);
}
-
+#endif
/*
* Quick check to see if rpcbind is up. Tries to connect over
* local transport.
@@ -725,7 +727,9 @@ __rpcb_findaddr_timed(program, version, nconf, host, clpp, tp)
CLIENT **clpp;
struct timeval *tp;
{
+#ifdef NOTUSED
static bool_t check_rpcbind = TRUE;
+#endif
CLIENT *client = NULL;
RPCB parms;
enum clnt_stat clnt_st;
diff --git a/src/rpcb_clnt.c b/src/rpcb_clnt.c
index 040f4ce..ed16f00 100644
--- a/src/rpcb_clnt.c
+++ b/src/rpcb_clnt.c
@@ -109,7 +109,9 @@ static void delete_cache(struct netbuf *);
static void add_cache(const char *, const char *, struct netbuf *, char *);
static CLIENT *getclnthandle(const char *, const struct netconfig *, char **);
static CLIENT *local_rpcb(void);
+#ifdef NOTUSED
static struct netbuf *got_entry(rpcb_entry_list_ptr, const struct netconfig *);
+#endif
/*
* This routine adjusts the timeout used for calls to the remote rpcbind.
@@ -625,7 +627,7 @@ rpcb_unset(program, version, nconf)
CLNT_DESTROY(client);
return (rslt);
}
-
+#ifdef NOTUSED
/*
* From the merged list, find the appropriate entry
*/
@@ -657,6 +659,7 @@ got_entry(relp, nconf)
}
return (na);
}
+#endif
/*
* Quick check to see if rpcbind is up. Tries to connect over
@@ -725,7 +728,9 @@ __rpcb_findaddr_timed(program, version, nconf, host, clpp, tp)
CLIENT **clpp;
struct timeval *tp;
{
+#ifdef NOTUSED
static bool_t check_rpcbind = TRUE;
+#endif
CLIENT *client = NULL;
RPCB parms;
enum clnt_stat clnt_st;
--
1.5.6

View File

@ -0,0 +1,176 @@
From 59c374c4b507aeca957ed0096d98006edf601375 Mon Sep 17 00:00:00 2001
From: Olaf Kirch <okir@suse.de>
Date: Tue, 30 Sep 2008 15:04:17 -0400
Subject: [PATCH] Fix xp_raddr handling in svc_fd_create etc
Currently svc_fd_create tries to do some clever tricks
with IPv4/v6 address mapping.
This is broken for several reasons.
1. We don't want IPv4 based transport to look like IPv6
transports. Old applications compiled against tirpc
will expect AF_INET addresses, and are not equipped
to deal with AF_INET6.
2. There's a buffer overflow.
memcpy(&sin6, &ss, sizeof(ss));
copies a full struct sockaddr to a sockaddr_in6 on
the stack. Unlikely to be exploitable, but I wonder
if this ever worked....
Signed-off-by: Olaf Kirch <okir@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
src/rpc_com.h | 2 +
src/svc_dg.c | 7 +-----
src/svc_vc.c | 65 +++++++++++++++++++++++++++-----------------------------
3 files changed, 34 insertions(+), 40 deletions(-)
diff --git a/src/rpc_com.h b/src/rpc_com.h
index 110d35a..a935080 100644
--- a/src/rpc_com.h
+++ b/src/rpc_com.h
@@ -85,6 +85,8 @@ bool_t __svc_clean_idle(fd_set *, int, bool_t);
bool_t __xdrrec_setnonblock(XDR *, int);
bool_t __xdrrec_getrec(XDR *, enum xprt_stat *, bool_t);
void __xprt_unregister_unlocked(SVCXPRT *);
+void __xprt_set_raddr(SVCXPRT *, const struct sockaddr_storage *);
+
SVCXPRT **__svc_xports;
int __svc_maxrec;
diff --git a/src/svc_dg.c b/src/svc_dg.c
index a72abe4..76a480e 100644
--- a/src/svc_dg.c
+++ b/src/svc_dg.c
@@ -193,12 +193,7 @@ again:
xprt->xp_rtaddr.len = alen;
}
memcpy(xprt->xp_rtaddr.buf, &ss, alen);
-#ifdef PORTMAP
- if (ss.ss_family == AF_INET6) {
- xprt->xp_raddr = *(struct sockaddr_in6 *)xprt->xp_rtaddr.buf;
- xprt->xp_addrlen = sizeof (struct sockaddr_in6);
- }
-#endif /* PORTMAP */
+ __xprt_set_raddr(xprt, &ss);
xdrs->x_op = XDR_DECODE;
XDR_SETPOS(xdrs, 0);
if (! xdr_callmsg(xdrs, msg)) {
diff --git a/src/svc_vc.c b/src/svc_vc.c
index 3d77aef..c62343b 100644
--- a/src/svc_vc.c
+++ b/src/svc_vc.c
@@ -117,6 +117,29 @@ map_ipv4_to_ipv6(sin, sin6)
}
/*
+ * This is used to set xprt->xp_raddr in a way legacy
+ * apps can deal with
+ */
+void
+__xprt_set_raddr(SVCXPRT *xprt, const struct sockaddr_storage *ss)
+{
+ switch (ss->ss_family) {
+ case AF_INET6:
+ memcpy(&xprt->xp_raddr, ss, sizeof(struct sockaddr_in6));
+ xprt->xp_addrlen = sizeof (struct sockaddr_in6);
+ break;
+ case AF_INET:
+ memcpy(&xprt->xp_raddr, ss, sizeof(struct sockaddr_in));
+ xprt->xp_addrlen = sizeof (struct sockaddr_in);
+ break;
+ default:
+ xprt->xp_raddr.sin6_family = AF_UNSPEC;
+ xprt->xp_addrlen = sizeof (struct sockaddr);
+ break;
+ }
+}
+
+/*
* Usage:
* xprt = svc_vc_create(sock, send_buf_size, recv_buf_size);
*
@@ -201,7 +224,6 @@ svc_fd_create(fd, sendsize, recvsize)
u_int recvsize;
{
struct sockaddr_storage ss;
- struct sockaddr_in6 sin6;
socklen_t slen;
SVCXPRT *ret;
@@ -228,28 +250,16 @@ svc_fd_create(fd, sendsize, recvsize)
warnx("svc_fd_create: could not retrieve remote addr");
goto freedata;
}
- if (ss.ss_family == AF_INET) {
- map_ipv4_to_ipv6((struct sockaddr_in *)&ss, &sin6);
- } else {
- memcpy(&sin6, &ss, sizeof(ss));
- }
ret->xp_rtaddr.maxlen = ret->xp_rtaddr.len = sizeof(ss);
ret->xp_rtaddr.buf = mem_alloc((size_t)sizeof(ss));
if (ret->xp_rtaddr.buf == NULL) {
warnx("svc_fd_create: no mem for local addr");
goto freedata;
}
- if (ss.ss_family == AF_INET)
- memcpy(ret->xp_rtaddr.buf, &ss, (size_t)sizeof(ss));
- else
- memcpy(ret->xp_rtaddr.buf, &sin6, (size_t)sizeof(ss));
-#ifdef PORTMAP
- if (sin6.sin6_family == AF_INET6 || sin6.sin6_family == AF_LOCAL) {
- memcpy(&ret->xp_raddr, ret->xp_rtaddr.buf,
- sizeof(struct sockaddr_in6));
- ret->xp_addrlen = sizeof (struct sockaddr_in6);
- }
-#endif /* PORTMAP */
+ memcpy(ret->xp_rtaddr.buf, &ss, (size_t)sizeof(ss));
+
+ /* Set xp_raddr for compatibility */
+ __xprt_set_raddr(ret, &ss);
return ret;
@@ -312,7 +322,6 @@ rendezvous_request(xprt, msg)
struct cf_rendezvous *r;
struct cf_conn *cd;
struct sockaddr_storage addr;
- struct sockaddr_in6 sin6;
socklen_t len;
struct __rpc_sockinfo si;
SVCXPRT *newxprt;
@@ -344,27 +353,15 @@ again:
*/
newxprt = makefd_xprt(sock, r->sendsize, r->recvsize);
- if (addr.ss_family == AF_INET) {
- map_ipv4_to_ipv6((struct sockaddr_in *)&addr, &sin6);
- } else {
- memcpy(&sin6, &addr, len);
- }
newxprt->xp_rtaddr.buf = mem_alloc(len);
if (newxprt->xp_rtaddr.buf == NULL)
return (FALSE);
- if (addr.ss_family == AF_INET)
- memcpy(newxprt->xp_rtaddr.buf, &addr, len);
- else
- memcpy(newxprt->xp_rtaddr.buf, &sin6, len);
+ memcpy(newxprt->xp_rtaddr.buf, &addr, len);
newxprt->xp_rtaddr.maxlen = newxprt->xp_rtaddr.len = len;
-#ifdef PORTMAP
- if (sin6.sin6_family == AF_INET6 || sin6.sin6_family == AF_LOCAL) {
- memcpy(&newxprt->xp_raddr, newxprt->xp_rtaddr.buf,
- sizeof(struct sockaddr_in6));
- newxprt->xp_addrlen = sizeof(struct sockaddr_in6);
- }
-#endif /* PORTMAP */
+
+ __xprt_set_raddr(newxprt, &addr);
+
if (__rpc_fd2sockinfo(sock, &si) && si.si_proto == IPPROTO_TCP) {
len = 1;
/* XXX fvdl - is this useful? */
--
1.5.6

View File

@ -0,0 +1,41 @@
From da5f9861ea3bae59c8eead26d38334721caa9f0a Mon Sep 17 00:00:00 2001
From: Olaf Kirch <okir@suse.de>
Date: Tue, 30 Sep 2008 15:05:20 -0400
Subject: [PATCH] Kill map_ipv4_to_ipv6
After the change to svc_vc.c performed in the previous patch,
this function is no longer needed.
Signed-off-by: Olaf Kirch <okir@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
src/svc_vc.c | 13 -------------
1 files changed, 0 insertions(+), 13 deletions(-)
diff --git a/src/svc_vc.c b/src/svc_vc.c
index c62343b..0d532a0 100644
--- a/src/svc_vc.c
+++ b/src/svc_vc.c
@@ -103,19 +103,6 @@ struct cf_conn { /* kept in xprt->xp_p1 for actual connection */
struct timeval last_recv_time;
};
-static void
-map_ipv4_to_ipv6(sin, sin6)
- struct sockaddr_in *sin;
- struct sockaddr_in6 *sin6;
-{
- sin6->sin6_family = AF_INET6;
- sin6->sin6_port = sin->sin_port;
- sin6->sin6_addr.s6_addr32[0] = 0;
- sin6->sin6_addr.s6_addr32[1] = 0;
- sin6->sin6_addr.s6_addr32[2] = htonl(0xffff);
- sin6->sin6_addr.s6_addr32[3] = *(uint32_t *)&sin->sin_addr;
-}
-
/*
* This is used to set xprt->xp_raddr in a way legacy
* apps can deal with
--
1.5.6

View File

@ -0,0 +1,157 @@
From d94b92d5125242ce595c1baf42a1e6d1004b7756 Mon Sep 17 00:00:00 2001
From: Olaf Kirch <okir@suse.de>
Date: Tue, 30 Sep 2008 15:06:54 -0400
Subject: [PATCH] Introduce __rpc_set_netbuf helper
The RPC code contains a number of places where a netbuf
is initialized with some data. All the mem_alloc/memcpy
stuff is open-coded. Introduce a helper function and
convert the code.
Signed-off-by: Olaf Kirch <okir@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
src/rpc_com.h | 1 +
src/rpc_generic.c | 19 +++++++++++++++++++
src/svc_dg.c | 14 +++-----------
src/svc_vc.c | 24 ++++++------------------
4 files changed, 29 insertions(+), 29 deletions(-)
diff --git a/src/rpc_com.h b/src/rpc_com.h
index a935080..0981471 100644
--- a/src/rpc_com.h
+++ b/src/rpc_com.h
@@ -61,6 +61,7 @@ extern u_int __rpc_get_a_size(int);
extern int __rpc_dtbsize(void);
extern struct netconfig * __rpcgettp(int);
extern int __rpc_get_default_domain(char **);
+struct netbuf *__rpc_set_netbuf(struct netbuf *, const void *, size_t);
char *__rpc_taddr2uaddr_af(int, const struct netbuf *);
struct netbuf *__rpc_uaddr2taddr_af(int, const char *);
diff --git a/src/rpc_generic.c b/src/rpc_generic.c
index b436e3a..9ada668 100644
--- a/src/rpc_generic.c
+++ b/src/rpc_generic.c
@@ -833,3 +833,22 @@ __rpc_sockisbound(int fd)
return 0;
}
+
+/*
+ * Helper function to set up a netbuf
+ */
+struct netbuf *
+__rpc_set_netbuf(struct netbuf *nb, const void *ptr, size_t len)
+{
+ if (nb->len != len) {
+ if (nb->len)
+ mem_free(nb->buf, nb->len);
+ nb->buf = mem_alloc(len);
+ if (nb->buf == NULL)
+ return NULL;
+
+ nb->maxlen = nb->len = len;
+ }
+ memcpy(nb->buf, ptr, len);
+ return nb;
+}
diff --git a/src/svc_dg.c b/src/svc_dg.c
index 76a480e..7df470e 100644
--- a/src/svc_dg.c
+++ b/src/svc_dg.c
@@ -140,10 +140,7 @@ svc_dg_create(fd, sendsize, recvsize)
slen = sizeof ss;
if (getsockname(fd, (struct sockaddr *)(void *)&ss, &slen) < 0)
goto freedata;
- xprt->xp_ltaddr.buf = mem_alloc(sizeof (struct sockaddr_storage));
- xprt->xp_ltaddr.maxlen = sizeof (struct sockaddr_storage);
- xprt->xp_ltaddr.len = slen;
- memcpy(xprt->xp_ltaddr.buf, &ss, slen);
+ __rpc_set_netbuf(&xprt->xp_ltaddr, &ss, slen);
xprt_register(xprt);
return (xprt);
@@ -186,13 +183,8 @@ again:
goto again;
if (rlen == -1 || (rlen < (ssize_t)(4 * sizeof (u_int32_t))))
return (FALSE);
- if (xprt->xp_rtaddr.len < alen) {
- if (xprt->xp_rtaddr.len != 0)
- mem_free(xprt->xp_rtaddr.buf, xprt->xp_rtaddr.len);
- xprt->xp_rtaddr.buf = mem_alloc(alen);
- xprt->xp_rtaddr.len = alen;
- }
- memcpy(xprt->xp_rtaddr.buf, &ss, alen);
+ __rpc_set_netbuf(&xprt->xp_rtaddr, &ss, alen);
+
__xprt_set_raddr(xprt, &ss);
xdrs->x_op = XDR_DECODE;
XDR_SETPOS(xdrs, 0);
diff --git a/src/svc_vc.c b/src/svc_vc.c
index 0d532a0..44d3497 100644
--- a/src/svc_vc.c
+++ b/src/svc_vc.c
@@ -184,14 +184,10 @@ svc_vc_create(fd, sendsize, recvsize)
goto cleanup_svc_vc_create;
}
- xprt->xp_ltaddr.maxlen = xprt->xp_ltaddr.len = sizeof(sslocal);
- xprt->xp_ltaddr.buf = mem_alloc((size_t)sizeof(sslocal));
- if (xprt->xp_ltaddr.buf == NULL) {
+ if (!__rpc_set_netbuf(&xprt->xp_ltaddr, &sslocal, sizeof(sslocal))) {
warnx("svc_vc_create: no mem for local addr");
goto cleanup_svc_vc_create;
}
- memcpy(xprt->xp_ltaddr.buf, &sslocal, (size_t)sizeof(sslocal));
- xprt->xp_rtaddr.maxlen = sizeof (struct sockaddr_storage);
xprt_register(xprt);
return (xprt);
cleanup_svc_vc_create:
@@ -225,25 +221,20 @@ svc_fd_create(fd, sendsize, recvsize)
warnx("svc_fd_create: could not retrieve local addr");
goto freedata;
}
- ret->xp_ltaddr.maxlen = ret->xp_ltaddr.len = sizeof(ss);
- ret->xp_ltaddr.buf = mem_alloc((size_t)sizeof(ss));
- if (ret->xp_ltaddr.buf == NULL) {
+ if (!__rpc_set_netbuf(&ret->xp_ltaddr, &ss, sizeof(ss))) {
warnx("svc_fd_create: no mem for local addr");
goto freedata;
}
- memcpy(ret->xp_ltaddr.buf, &ss, (size_t)sizeof(ss));
+
slen = sizeof (struct sockaddr_storage);
if (getpeername(fd, (struct sockaddr *)(void *)&ss, &slen) < 0) {
warnx("svc_fd_create: could not retrieve remote addr");
goto freedata;
}
- ret->xp_rtaddr.maxlen = ret->xp_rtaddr.len = sizeof(ss);
- ret->xp_rtaddr.buf = mem_alloc((size_t)sizeof(ss));
- if (ret->xp_rtaddr.buf == NULL) {
+ if (!__rpc_set_netbuf(&ret->xp_rtaddr, &ss, sizeof(ss))) {
warnx("svc_fd_create: no mem for local addr");
goto freedata;
}
- memcpy(ret->xp_rtaddr.buf, &ss, (size_t)sizeof(ss));
/* Set xp_raddr for compatibility */
__xprt_set_raddr(ret, &ss);
@@ -340,12 +331,9 @@ again:
*/
newxprt = makefd_xprt(sock, r->sendsize, r->recvsize);
- newxprt->xp_rtaddr.buf = mem_alloc(len);
- if (newxprt->xp_rtaddr.buf == NULL)
- return (FALSE);
- memcpy(newxprt->xp_rtaddr.buf, &addr, len);
- newxprt->xp_rtaddr.maxlen = newxprt->xp_rtaddr.len = len;
+ if (!__rpc_set_netbuf(&newxprt->xp_rtaddr, &addr, len))
+ return (FALSE);
__xprt_set_raddr(newxprt, &addr);
--
1.5.6

View File

@ -0,0 +1,32 @@
From 851b0f5c6dca22d634603f03f0a5e3e35c6db867 Mon Sep 17 00:00:00 2001
From: Olaf Kirch <okir@suse.de>
Date: Tue, 30 Sep 2008 15:08:07 -0400
Subject: [PATCH] svc_getcaller_netbuf macro seems broken
I haven't found any documentation, but the comment in the header
file seems to suggest that svc_getcaller_netbuf should return the
xp_rtaddr netbuf. Returning the address of the socket descripor
seems to be wrong at any rate.
Signed-off-by: Olaf Kirch <okir@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
tirpc/rpc/svc_soc.h | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/tirpc/rpc/svc_soc.h b/tirpc/rpc/svc_soc.h
index a8aabf3..0dc96e2 100644
--- a/tirpc/rpc/svc_soc.h
+++ b/tirpc/rpc/svc_soc.h
@@ -54,7 +54,7 @@
*/
#define svc_getcaller(x) (&(x)->xp_raddr)
/* Getting address of a caller using netbuf xp_rtaddr */
-#define svc_getcaller_netbuf(x) (&(x)->xp_fd)
+#define svc_getcaller_netbuf(x) (&(x)->xp_rtaddr)
/*
* Service registration
*
--
1.5.6

View File

@ -0,0 +1,35 @@
From 6c487efe74adb5c29f7bee5bd51b3ebef4968f7d Mon Sep 17 00:00:00 2001
From: Olaf Kirch <okir@suse.de>
Date: Tue, 30 Sep 2008 15:09:06 -0400
Subject: [PATCH] Fix getpeereid
getpeereid fails because it uses an incorrect getsockopt call to obtain
the peer credentials on a AF_LOCAL socket. This in turn will cause all
RPC services to be registered with rpcbind to show up as having been
registered by "unknown".
This has a serious impact on security - a service owned by "unknown"
can essentially be unregistered (and thus replaced) by anyone.
Signed-off-by: Olaf Kirch <okir@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
src/getpeereid.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/getpeereid.c b/src/getpeereid.c
index 9207d9d..57ee197 100644
--- a/src/getpeereid.c
+++ b/src/getpeereid.c
@@ -41,7 +41,7 @@ getpeereid(int s, uid_t *euid, gid_t *egid)
int error;
uclen = sizeof(uc);
- error = getsockopt(s, 0, SO_PEERCRED, &uc, &uclen); /* SCM_CREDENTIALS */
+ error = getsockopt(s, SOL_SOCKET, SO_PEERCRED, &uc, &uclen); /* SCM_CREDENTIALS */
if (error != 0)
return (error);
// if (uc.cr_version != XUCRED_VERSION)
--
1.5.6

View File

@ -0,0 +1,42 @@
From d9a5ae7079d001a9e3b9b384f9153f591a7158bd Mon Sep 17 00:00:00 2001
From: Olaf Kirch <okir@suse.de>
Date: Tue, 30 Sep 2008 15:10:43 -0400
Subject: [PATCH] Fix __rpc_getconfip
__rpc_getconfip is supposed to return the first netconf
entry supporting tcp or udp, respectively. The code will
currently return the *last* entry, plus it will leak
memory when there is more than one such entry.
This patch fixes this issue.
Signed-off-by: Olaf Kirch <okir@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
src/rpc_generic.c | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/rpc_generic.c b/src/rpc_generic.c
index 9ada668..3aad018 100644
--- a/src/rpc_generic.c
+++ b/src/rpc_generic.c
@@ -254,12 +254,14 @@ __rpc_getconfip(nettype)
while ((nconf = getnetconfig(confighandle)) != NULL) {
if (strcmp(nconf->nc_protofmly, NC_INET) == 0 ||
strcmp(nconf->nc_protofmly, NC_INET6) == 0) {
- if (strcmp(nconf->nc_proto, NC_TCP) == 0) {
+ if (strcmp(nconf->nc_proto, NC_TCP) == 0 &&
+ netid_tcp == NULL) {
netid_tcp = strdup(nconf->nc_netid);
thr_setspecific(tcp_key,
(void *) netid_tcp);
} else
- if (strcmp(nconf->nc_proto, NC_UDP) == 0) {
+ if (strcmp(nconf->nc_proto, NC_UDP) == 0 &&
+ netid_udp == NULL) {
netid_udp = strdup(nconf->nc_netid);
thr_setspecific(udp_key,
(void *) netid_udp);
--
1.5.6

View File

@ -1,13 +0,0 @@
Index: libtirpc-0.1.9/src/Makefile.am
===================================================================
--- libtirpc-0.1.9.orig/src/Makefile.am 2008-07-09 20:13:20.000000000 +0200
+++ libtirpc-0.1.9/src/Makefile.am 2008-09-02 19:24:32.000000000 +0200
@@ -11,7 +11,7 @@ INCLUDES = -I../tirpc -DPORTMAP -DINET6
lib_LTLIBRARIES = libtirpc.la
-libtirpc_la_LDFLAGS = -lnsl -lpthread -version-info 1:8:0
+libtirpc_la_LDFLAGS = -lnsl -lpthread -version-info 1:9:0
libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c bindresvport.c clnt_bcast.c \
clnt_dg.c clnt_generic.c clnt_perror.c clnt_raw.c clnt_simple.c \

View File

@ -1,3 +1,15 @@
-------------------------------------------------------------------
Wed Oct 1 12:32:45 CEST 2008 - mkoenig@suse.de
- add recent patches from git which fix some more bugs
* fix __rpc_getconfip
* fix getpeereid
* svc_getcaller_netbuf macro seems broken
* introduce __rpc_set_netbuf helper
* kill map_ipv4_to_ipv6
* Fix xp_raddr handling in svc_fd_create etc
* fix for taddr2addr conversion bug of local addresses [bnc#426883]
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Sep 2 18:49:16 CEST 2008 - mkoenig@suse.de Tue Sep 2 18:49:16 CEST 2008 - mkoenig@suse.de

View File

@ -24,15 +24,23 @@ License: Other uncritical OpenSource License; Sun Industry Standards Sour
Group: System/Libraries Group: System/Libraries
AutoReqProv: on AutoReqProv: on
Version: 0.1.9 Version: 0.1.9
Release: 1 Release: 2
Summary: Transport Independent RPC Library Summary: Transport Independent RPC Library
Url: http://nfsv4.bullopensource.org/doc/tirpc_rpcbind.php Url: http://nfsv4.bullopensource.org/doc/tirpc_rpcbind.php
Source: %{name}-%{version}.tar.bz2 Source: %{name}-%{version}.tar.bz2
# patches from git
Patch1: libtirpc-0.1.9-0001-Fix-incorrect-sizeof-in-__rpc_getbroadifs.patch
Patch2: libtirpc-0.1.9-0002-Always-make-IPv6-sockets-V6ONLY.patch
Patch3: libtirpc-0.1.9-0003-Fix-for-taddr2addr-conversion-bug-of-local-addresses.patch
Patch4: libtirpc-0.1.9-0004--Fixed-version-info-in-src-Makefile.am-to-reflect-t.patch
Patch5: libtirpc-0.1.9-0005-Fix-xp_raddr-handling-in-svc_fd_create-etc.patch
Patch6: libtirpc-0.1.9-0006-Kill-map_ipv4_to_ipv6.patch
Patch7: libtirpc-0.1.9-0007-Introduce-__rpc_set_netbuf-helper.patch
Patch8: libtirpc-0.1.9-0008-svc_getcaller_netbuf-macro-seems-broken.patch
Patch9: libtirpc-0.1.9-0009-Fix-getpeereid.patch
Patch10: libtirpc-0.1.9-0010-Fix-__rpc_getconfip.patch
#
Patch20: libtirpc-0.1.7-use_sysconfdir.patch Patch20: libtirpc-0.1.7-use_sysconfdir.patch
Patch21: libtirpc-0.1.7-overflow_fix.patch
Patch24: libtirpc-0.1.9-fix_broadcast.patch
Patch25: libtirpc-0.1.9-ipv6_sockets_v6only.patch
Patch26: libtirpc-0.1.9-lib_version.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
%define debug_package_requires libtirpc1 = %{version} %define debug_package_requires libtirpc1 = %{version}
@ -88,11 +96,17 @@ Authors:
%prep %prep
%setup %setup
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch20 -p1 %patch20 -p1
%patch21 -p1
%patch24 -p1
%patch25 -p1
%patch26 -p1
%build %build
autoreconf -fi autoreconf -fi
@ -138,6 +152,15 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man3/* %{_mandir}/man3/*
%changelog %changelog
* Wed Oct 01 2008 mkoenig@suse.de
- add recent patches from git which fix some more bugs
* fix __rpc_getconfip
* fix getpeereid
* svc_getcaller_netbuf macro seems broken
* introduce __rpc_set_netbuf helper
* kill map_ipv4_to_ipv6
* Fix xp_raddr handling in svc_fd_create etc
* fix for taddr2addr conversion bug of local addresses [bnc#426883]
* Tue Sep 02 2008 mkoenig@suse.de * Tue Sep 02 2008 mkoenig@suse.de
- update to version 0.1.9 - update to version 0.1.9
* several bugfixes * several bugfixes