pool/libtirpc
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 738880 from home:pevik:branches:Base:System

Browse Source 
- Updated to libtirpc 1.1.5 rc2 (this includes changes in 1.1.4 release)
  - add libtirpc-1-1-5-rc1.patch and libtirpc-1-1-5-rc2.patch to reflect
    upstream changes after 1.1.4 release
  - remove /etc/bindresvport.blacklist as it's still supported by glibc
    although it's not compiled with --enable-obsolete-rpc
- Drop patches accepted in previous releases or not needed
    - 000-bindresvport_blacklist.patch (accepted in 5b037cc9, libtirpc 1.1.4)
    - 001-new-rpcbindsock-path.patch (not needed, rpcbind now uses /var/run directory)
    - 002-revert-binddynport.patch (fixed in 2802259, libtirpc-1-0-4-rc1)
    - 0001-Fix-regression-introduced-by-change-rpc-version-orde.patch
      (backport of 25d38d7, libtirpc-1-0-4-rc1)
    - 0001-xdrstdio_create-buffers-do-not-output-encoded-values.patch
      (backport of 145272c, libtirpc-1-0-4-rc2)
- Add fixes from upcomming release
    - 0001-Makefile.am-Use-LIBADD-instead-of-LDFLAGS-to-link-ag.patch
    - 0003-man-rpc_secure.3t-Fix-typo-in-manpage.patch
    - 0004-xdr-add-a-defensive-mask-in-xdr_int64_t-and-xdr_u_in.patch

OBS-URL: https://build.opensuse.org/request/show/738880
OBS-URL: https://build.opensuse.org/package/show/Base:System/libtirpc?expand=0&rev=78
This commit is contained in:
Dirk Mueller 2019-10-28 10:03:38 +00:00 committed by Git OBS Bridge
parent ed0d6b1ca7
commit b62bf7c05a
13 changed files with 460 additions and 516 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

135
000-bindresvport_blacklist.patch
View File

@ -1,135 +0,0 @@
From: Olaf Kirch <okir@suse.de>
Subject: make libtirpc honor /etc/bindresvport.blacklist
Signed-off-by: Olaf Kirch <okir@suse.de>
--- src/bindresvport.c 2015-04-23 21:22:56.986448281 +0200
+++ src/bindresvport.c 2015-04-23 21:48:06.501561665 +0200
@@ -39,7 +39,10 @@
#include <netdb.h>
#include <netinet/in.h>
+#include <stdio.h>
+#include <ctype.h>
#include <errno.h>
+#include <stdlib.h>
#include <string.h>
#include <unistd.h>
@@ -68,6 +71,80 @@
#define ENDPORT (IPPORT_RESERVED - 1)
#define NPORTS (ENDPORT - STARTPORT + 1)
+/*
+ * Read the file /etc/bindresvport.blacklist, so that we don't bind
+ * to these ports.
+ */
+
+static int blacklist_read;
+static int *list;
+static int list_size = 0;
+
+static void
+load_blacklist (void)
+{
+ FILE *fp;
+ char *buf = NULL;
+ size_t buflen = 0;
+ int size = 0, ptr = 0;
+
+ blacklist_read = 1;
+
+ fp = fopen ("/etc/bindresvport.blacklist", "r");
+ if (NULL == fp)
+ return;
+
+ while (!feof (fp))
+ {
+ unsigned long port;
+ char *tmp, *cp;
+ ssize_t n = getline (&buf, &buflen, fp);
+ if (n < 1)
+ break;
+
+ cp = buf;
+ tmp = strchr (cp, '#'); /* remove comments */
+ if (tmp)
+ *tmp = '\0';
+ while (isspace ((int)*cp)) /* remove spaces and tabs */
+ ++cp;
+ if (*cp == '\0') /* ignore empty lines */
+ continue;
+ if (cp[strlen (cp) - 1] == '\n')
+ cp[strlen (cp) - 1] = '\0';
+
+ port = strtoul (cp, &tmp, 0);
+ while (isspace(*tmp))
+ ++tmp;
+ if (*tmp != '\0' || (port == ULONG_MAX && errno == ERANGE))
+ continue;
+
+ /* Don't bother with out-of-range ports */
+ if (port < LOWPORT || port > ENDPORT)
+ continue;
+
+ if (ptr >= size)
+ {
+ size += 10;
+ list = realloc (list, size * sizeof (int));
+ if (list == NULL)
+ {
+ free (buf);
+ return;
+ }
+ }
+
+ list[ptr++] = port;
+ }
+
+ fclose (fp);
+
+ if (buf)
+ free (buf);
+
+ list_size = ptr;
+}
+
int
bindresvport_sa(sd, sa)
int sd;
@@ -87,6 +164,9 @@
int endport = ENDPORT;
int i;
+ if (!blacklist_read)
+ load_blacklist();
+
mutex_lock(&port_lock);
nports = ENDPORT - startport + 1;
@@ -132,12 +212,21 @@
errno = EADDRINUSE;
again:
for (i = 0; i < nports; ++i) {
- *portp = htons(port++);
- if (port > endport)
- port = startport;
- res = bind(sd, sa, salen);
+ int j;
+
+ /* Check if this port is not blacklisted. */
+ for (j = 0; j < list_size; j++)
+ if (port == list[j])
+ goto try_next_port;
+
+ *portp = htons(port);
+ res = bind(sd, sa, salen);
if (res >= 0 || errno != EADDRINUSE)
break;
+
+try_next_port:
+ if (++port > endport)
+ port = startport;
}
if (i == nports && startport != LOWPORT) {
startport = LOWPORT;

73
0001-Fix-regression-introduced-by-change-rpc-version-orde.patch
View File

@ -1,73 +0,0 @@
From 25d38d744997d5ff03d8b0f2cdd79c0fb7185cca Mon Sep 17 00:00:00 2001
From: Thomas Blume <Thomas.Blume@suse.com>
Date: Wed, 18 Apr 2018 08:44:49 -0400
Subject: [PATCH] Fix regression introduced by change rpc version order patch
Fix a socket leak introduced by commit 5e7b57bc20bd9cadff
(rpcinfo: change order of version to be tried to 4, 3, 2)
The new function __try_protocol_version_2 doesn't return
the client, so it can't be closed via CLNT_DESTROY in the
calling function.
Signed-off-by: Thomas Blume <Thomas.Blume@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
src/rpcb_clnt.c | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
diff --git a/src/rpcb_clnt.c b/src/rpcb_clnt.c
index a94fc73..4b44364 100644
--- a/src/rpcb_clnt.c
+++ b/src/rpcb_clnt.c
@@ -752,7 +752,7 @@ __try_protocol_version_2(program, version, nconf, host, tp)
client = getpmaphandle(nconf, host, &parms.r_addr);
if (client == NULL)
- return (NULL);
+ goto error;
/*
* Set retry timeout.
@@ -771,11 +771,11 @@ __try_protocol_version_2(program, version, nconf, host, tp)
if (clnt_st != RPC_SUCCESS) {
rpc_createerr.cf_stat = RPC_PMAPFAILURE;
clnt_geterr(client, &rpc_createerr.cf_error);
- return (NULL);
+ goto error;
} else if (port == 0) {
pmapaddress = NULL;
rpc_createerr.cf_stat = RPC_PROGNOTREGISTERED;
- return (NULL);
+ goto error;
}
port = htons(port);
CLNT_CONTROL(client, CLGET_SVC_ADDR, (char *)&remote);
@@ -789,14 +789,24 @@ __try_protocol_version_2(program, version, nconf, host, tp)
free(pmapaddress);
pmapaddress = NULL;
}
- return (NULL);
+ goto error;
}
memcpy(pmapaddress->buf, remote.buf, remote.len);
memcpy(&((char *)pmapaddress->buf)[sizeof (short)],
(char *)(void *)&port, sizeof (short));
pmapaddress->len = pmapaddress->maxlen = remote.len;
+ CLNT_DESTROY(client);
return pmapaddress;
+
+error:
+ if (client) {
+ CLNT_DESTROY(client);
+ client = NULL;
+
+ }
+ return (NULL);
+
}
#endif
--
2.13.6

36
0001-Makefile.am-Use-LIBADD-instead-of-LDFLAGS-to-link-ag.patch Normal file
View File

@ -0,0 +1,36 @@
From 013cc45abef8055b3ee135fc072e402611a4a3f0 Mon Sep 17 00:00:00 2001
From: Laurent Bigonville <bigon@bigon.be>
Date: Tue, 11 Jun 2019 11:34:16 -0400
Subject: [PATCH 1/7] Makefile.am: Use LIBADD instead of LDFLAGS to link
against krb5
LDFLAGS shouldn't be used to link against libraries as this would break
positional flags like --as-needed
Use LIBADD instead
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1639032
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Petr Vorel <pvorel@suse.cz>
[Upstream status: 013cc45abef8055b3ee135fc072e402611a4a3f0]
---
src/Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/Makefile.am b/src/Makefile.am
index 932414d..b40a6b4 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -38,7 +38,7 @@ endif
if GSS
libtirpc_la_SOURCES += auth_gss.c authgss_prot.c svc_auth_gss.c \
rpc_gss_utils.c
- libtirpc_la_LDFLAGS += $(GSSAPI_LIBS)
+ libtirpc_la_LIBADD = $(GSSAPI_LIBS)
libtirpc_la_CFLAGS = -DHAVE_RPCSEC_GSS $(GSSAPI_CFLAGS)
endif
--
2.23.0

31
0003-man-rpc_secure.3t-Fix-typo-in-manpage.patch Normal file
View File

@ -0,0 +1,31 @@
From e51590d6c4ab61f1a22a2f47104053fe2966ecdd Mon Sep 17 00:00:00 2001
From: Laurent Bigonville <bigon@bigon.be>
Date: Tue, 11 Jun 2019 11:53:14 -0400
Subject: [PATCH 3/7] man/rpc_secure.3t: Fix typo in manpage
Currently the publickey parameter of the authdes_pk_create() function is
not displayed because of a typo
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Petr Vorel <pvorel@suse.cz>
[Upstream status: e51590d6c4ab61f1a22a2f47104053fe2966ecdd]
---
man/rpc_secure.3t | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/man/rpc_secure.3t b/man/rpc_secure.3t
index 4a1ad93..404df0b 100644
--- a/man/rpc_secure.3t
+++ b/man/rpc_secure.3t
@@ -19,7 +19,7 @@
.Ft AUTH *
.Fo authdes_pk_create
.Fa "char *name"
-.FA "netobj *publickey"
+.Fa "netobj *publickey"
.Fa "unsigned window"
.Fa "struct sockaddr *addr"
.Fa "des_block *ckey"
--
2.23.0

44
0004-xdr-add-a-defensive-mask-in-xdr_int64_t-and-xdr_u_in.patch Normal file
View File

@ -0,0 +1,44 @@
From d1208b5de7b52172a34e3a7262e96f99830c9770 Mon Sep 17 00:00:00 2001
From: Stefano Garzarella <sgarzare@redhat.com>
Date: Tue, 3 Sep 2019 10:54:11 -0400
Subject: [PATCH 4/7] xdr: add a defensive mask in xdr_int64_t() and
xdr_u_int64_t()
In order to be more defensive, we should mask bits of u_int64_t
value if we want to use only the first 32bit.
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Petr Vorel <pvorel@suse.cz>
[Upstream status: d1208b5de7b52172a34e3a7262e96f99830c9770]
---
src/xdr.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/xdr.c b/src/xdr.c
index b9a1558..28d1382 100644
--- a/src/xdr.c
+++ b/src/xdr.c
@@ -877,7 +877,8 @@ xdr_int64_t(xdrs, llp)
if (XDR_GETLONG(xdrs, (long *)&ul[1]) == FALSE)
return (FALSE);
*llp = (int64_t)
- (((u_int64_t)ul[0] << 32) | ((u_int64_t)ul[1]));
+ (((u_int64_t)ul[0] << 32) |
+ ((u_int64_t)(ul[1]) & 0xffffffff));
return (TRUE);
case XDR_FREE:
return (TRUE);
@@ -910,7 +911,8 @@ xdr_u_int64_t(xdrs, ullp)
if (XDR_GETLONG(xdrs, (long *)&ul[1]) == FALSE)
return (FALSE);
*ullp = (u_int64_t)
- (((u_int64_t)ul[0] << 32) | ((u_int64_t)ul[1]));
+ (((u_int64_t)ul[0] << 32) |
+ ((u_int64_t)(ul[1]) & 0xffffffff));
return (TRUE);
case XDR_FREE:
return (TRUE);
--
2.23.0

35
001-new-rpcbindsock-path.patch
View File

@ -1,35 +0,0 @@
Starting with openSUSE 13.1, rpcbind creates its socket in /var rather that /var/run.
Update libtirpc to go looking for it in the right place.
Signed-off-by: Olaf Kirch <okir@suse.de>
---
tirpc/rpc/rpcb_prot.h | 2 +-
tirpc/rpc/rpcb_prot.x | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
Index: libtirpc-0.2.4-rc2/tirpc/rpc/rpcb_prot.h
===================================================================
--- libtirpc-0.2.4-rc2/tirpc/rpc/rpcb_prot.h
+++ libtirpc-0.2.4-rc2/tirpc/rpc/rpcb_prot.h
@@ -476,7 +476,7 @@ extern bool_t xdr_netbuf(XDR *, struct n
#define RPCBVERS_3 RPCBVERS
#define RPCBVERS_4 RPCBVERS4
-#define _PATH_RPCBINDSOCK "/var/run/rpcbind.sock"
+#define _PATH_RPCBINDSOCK "/run/rpcbind.sock"
#else /* ndef _KERNEL */
#ifdef __cplusplus
Index: libtirpc-0.2.4-rc2/tirpc/rpc/rpcb_prot.x
===================================================================
--- libtirpc-0.2.4-rc2/tirpc/rpc/rpcb_prot.x
+++ libtirpc-0.2.4-rc2/tirpc/rpc/rpcb_prot.x
@@ -410,7 +410,7 @@ program RPCBPROG {
%#define RPCBVERS_3 RPCBVERS
%#define RPCBVERS_4 RPCBVERS4
%
-%#define _PATH_RPCBINDSOCK "/var/run/rpcbind.sock"
+%#define _PATH_RPCBINDSOCK "/run/rpcbind.sock"
%
%#else /* ndef _KERNEL */
%#ifdef __cplusplus

256
002-revert-binddynport.patch
View File

@ -1,256 +0,0 @@
diff --git a/src/Makefile.am b/src/Makefile.am
index 932414d..fba2aa4 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -15,9 +15,8 @@ lib_LTLIBRARIES = libtirpc.la
libtirpc_la_LDFLAGS = @LDFLAG_NOUNDEFINED@ -no-undefined -lpthread
libtirpc_la_LDFLAGS += -version-info @LT_VERSION_INFO@
-libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c \
- binddynport.c bindresvport.c \
- clnt_bcast.c clnt_dg.c clnt_generic.c clnt_perror.c clnt_raw.c clnt_simple.c \
+libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c bindresvport.c clnt_bcast.c \
+ clnt_dg.c clnt_generic.c clnt_perror.c clnt_raw.c clnt_simple.c \
clnt_vc.c rpc_dtablesize.c getnetconfig.c getnetpath.c getrpcent.c \
getrpcport.c mt_misc.c pmap_clnt.c pmap_getmaps.c pmap_getport.c \
pmap_prot.c pmap_prot2.c pmap_rmt.c rpc_prot.c rpc_commondata.c \
diff --git a/src/binddynport.c b/src/binddynport.c
deleted file mode 100644
index 062629a..0000000
--- a/src/binddynport.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/*
- * Copyright (c) 2018, Oracle America, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * - Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- * - Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * - Neither the name of "Oracle America, Inc." nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <sys/time.h>
-
-#include <netdb.h>
-#include <netinet/in.h>
-
-#include <stdlib.h>
-#include <unistd.h>
-#include <errno.h>
-#include <string.h>
-
-#include <rpc/rpc.h>
-
-#include "reentrant.h"
-#include "rpc_com.h"
-
-extern pthread_mutex_t port_lock;
-
-/*
- * Dynamic port range as defined in RFC 6335 Section 6.
- * This range avoids all IANA-assigned service port
- * numbers.
- */
-enum {
- LOWPORT = 49152,
- ENDPORT = 65534,
- NPORTS = ENDPORT - LOWPORT + 1,
-};
-
-/*
- * Bind a socket to a dynamically-assigned IP port.
- *
- * @fd is an open but unbound socket.
- *
- * On each call, a port number is chosen at random from
- * within the dynamic/private port range, even if the
- * caller has CAP_NET_ADMIN_BIND.
- *
- * Returns 0 on success, -1 on failure. errno may be
- * set to a non-determinant value.
- *
- * This function is re-entrant.
- */
-int __binddynport(int fd)
-{
- struct sockaddr_storage ss;
-#ifdef INET6
- struct sockaddr_in6 *sin6;
-#endif
- struct sockaddr_in *sin;
- static unsigned int seed;
- in_port_t port, *portp;
- struct sockaddr *sap;
- socklen_t salen;
- int i, res;
-
- if (__rpc_sockisbound(fd))
- return 0;
-
- res = -1;
- sap = (struct sockaddr *)(void *)&ss;
- salen = sizeof(ss);
- memset(sap, 0, salen);
-
- mutex_lock(&port_lock);
-
- if (getsockname(fd, sap, &salen) == -1)
- goto out;
-
- switch (ss.ss_family) {
- case AF_INET:
- sin = (struct sockaddr_in *)(void *)&ss;
- portp = &sin->sin_port;
- salen = sizeof(struct sockaddr_in);
- break;
-#ifdef INET6
- case AF_INET6:
- sin6 = (struct sockaddr_in6 *)(void *)&ss;
- portp = &sin6->sin6_port;
- salen = sizeof(struct sockaddr_in6);
- break;
-#endif
- default:
- goto out;
- }
-
- if (!seed) {
- struct timeval tv;
-
- gettimeofday(&tv, NULL);
- seed = tv.tv_usec * getpid();
- }
- port = (rand_r(&seed) % NPORTS) + LOWPORT;
- for (i = 0; i < NPORTS; ++i) {
- *portp = htons(port++);
- res = bind(fd, sap, salen);
- if (res >= 0) {
- res = 0;
- break;
- }
- if (errno != EADDRINUSE)
- break;
- if (port > ENDPORT)
- port = LOWPORT;
- }
-
-out:
- mutex_unlock(&port_lock);
- return res;
-}
diff --git a/src/clnt_generic.c b/src/clnt_generic.c
index e5a314f..3f3dabf 100644
--- a/src/clnt_generic.c
+++ b/src/clnt_generic.c
@@ -47,7 +47,6 @@
extern bool_t __rpc_is_local_host(const char *);
int __rpc_raise_fd(int);
-extern int __binddynport(int fd);
#ifndef NETIDLEN
#define NETIDLEN 32
@@ -341,8 +340,7 @@ clnt_tli_create(int fd, const struct netconfig *nconf,
servtype = nconf->nc_semantics;
if (!__rpc_fd2sockinfo(fd, &si))
goto err;
- if (__binddynport(fd) == -1)
- goto err;
+ bindresvport(fd, NULL);
} else {
if (!__rpc_fd2sockinfo(fd, &si))
goto err;
diff --git a/src/rpc_soc.c b/src/rpc_soc.c
index af6c482..ed0892a 100644
--- a/src/rpc_soc.c
+++ b/src/rpc_soc.c
@@ -67,8 +67,6 @@
extern mutex_t rpcsoc_lock;
-extern int __binddynport(int fd);
-
static CLIENT *clnt_com_create(struct sockaddr_in *, rpcprog_t, rpcvers_t,
int *, u_int, u_int, char *, int);
static SVCXPRT *svc_com_create(int, u_int, u_int, char *);
@@ -147,8 +145,7 @@ clnt_com_create(raddr, prog, vers, sockp, sendsz, recvsz, tp, flags)
bindaddr.maxlen = bindaddr.len = sizeof (struct sockaddr_in);
bindaddr.buf = raddr;
- if (__binddynport(fd) == -1)
- goto err;
+ bindresvport(fd, NULL);
cl = clnt_tli_create(fd, nconf, &bindaddr, prog, vers,
sendsz, recvsz);
if (cl) {
@@ -316,6 +313,7 @@ svc_com_create(fd, sendsize, recvsize, netid)
SVCXPRT *svc;
int madefd = FALSE;
int port;
+ struct sockaddr_in sin;
if ((nconf = __rpc_getconfip(netid)) == NULL) {
(void) syslog(LOG_ERR, "Could not get %s transport", netid);
@@ -332,6 +330,10 @@ svc_com_create(fd, sendsize, recvsize, netid)
madefd = TRUE;
}
+ memset(&sin, 0, sizeof sin);
+ sin.sin_family = AF_INET;
+ bindresvport(fd, &sin);
+ listen(fd, SOMAXCONN);
svc = svc_tli_create(fd, nconf, NULL, sendsize, recvsize);
(void) freenetconfigent(nconf);
if (svc == NULL) {
diff --git a/src/svc_generic.c b/src/svc_generic.c
index 52a56c2..7aae796 100644
--- a/src/svc_generic.c
+++ b/src/svc_generic.c
@@ -53,7 +53,6 @@
#include <rpc/svc.h>
extern int __svc_vc_setflag(SVCXPRT *, int);
-extern int __binddynport(int fd);
/*
* The highest level interface for server creation.
@@ -221,10 +220,15 @@ svc_tli_create(fd, nconf, bindaddr, sendsz, recvsz)
*/
if (madefd || !__rpc_sockisbound(fd)) {
if (bindaddr == NULL) {
- if (__binddynport(fd) == -1) {
- warnx(
+ if (bindresvport(fd, NULL) < 0) {
+ memset(&ss, 0, sizeof ss);
+ ss.ss_family = si.si_af;
+ if (bind(fd, (struct sockaddr *)(void *)&ss,
+ (socklen_t)si.si_alen) < 0) {
+ warnx(
"svc_tli_create: could not bind to anonymous port");
- goto freedata;
+ goto freedata;
+ }
}
listen(fd, SOMAXCONN);
} else {

170
libtirpc-1-1-5-rc1.patch Normal file
View File

@ -0,0 +1,170 @@
git diff libtirpc-1-1-4..libtirpc-1-1-5-rc1
Commits:
e49077d clnt_vc.c: remove a false positive from a covscan
4d2ceca svc_simple.c: resource_leak
92d4b35 svc_generic.c: resource_leak
3b2e537 rtime.c: resource_leak
830e3f6 rpcb_clnt.c: resource_leak
c0885a7 rpc_soc.c: buffer_size_warning
6db7f04 rpc_soc.c: resource_leak
710a713 rpc_generic.c: resource_leak
57d1529 getnetpath.c: resource_leak
a1fae25 getnetconfig.c: cppcheck_warning
55d1460 clnt_vc.c: resource_leak
757f379 clnt_bcast.c: resource_leak
489dd50 auth_gss.c: buffer_size_warning
25fdba9 auth_gss.c: resource_leak
Signed-off-by: Petr Vorel <pvorel@suse.cz>
diff --git a/src/auth_gss.c b/src/auth_gss.c
index 5959893..7d08262 100644
--- a/src/auth_gss.c
+++ b/src/auth_gss.c
@@ -207,6 +207,7 @@ authgss_create(CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec)
rpc_createerr.cf_stat = RPC_SYSTEMERROR;
rpc_createerr.cf_error.re_errno = ENOMEM;
free(auth);
+ free(gd);
return (NULL);
}
}
@@ -592,7 +593,7 @@ _rpc_gss_refresh(AUTH *auth, rpc_gss_options_ret_t *options_ret)
if (rpc_gss_oid_to_mech(actual_mech_type, &mechanism)) {
strncpy(options_ret->actual_mechanism,
mechanism,
- sizeof(options_ret->actual_mechanism));
+ (sizeof(options_ret->actual_mechanism)-1));
}
gd->established = TRUE;
diff --git a/src/clnt_bcast.c b/src/clnt_bcast.c
index 98cf061..2ad6c89 100644
--- a/src/clnt_bcast.c
+++ b/src/clnt_bcast.c
@@ -330,6 +330,7 @@ rpc_broadcast_exp(prog, vers, proc, xargs, argsp, xresults, resultsp,
if (nettype == NULL)
nettype = "datagram_n";
if ((handle = __rpc_setconf(nettype)) == NULL) {
+ AUTH_DESTROY(sys_auth);
return (RPC_UNKNOWNPROTO);
}
while ((nconf = __rpc_getconf(handle)) != NULL) {
diff --git a/src/getnetconfig.c b/src/getnetconfig.c
index 92e7c43..d67d97d 100644
--- a/src/getnetconfig.c
+++ b/src/getnetconfig.c
@@ -709,6 +709,8 @@ struct netconfig *ncp;
p->nc_lookups = (char **)malloc((size_t)(p->nc_nlookups+1) * sizeof(char *));
if (p->nc_lookups == NULL) {
free(p->nc_netid);
+ free(p);
+ free(tmp);
return(NULL);
}
for (i=0; i < p->nc_nlookups; i++) {
diff --git a/src/getnetpath.c b/src/getnetpath.c
index 7c19932..ea1a18c 100644
--- a/src/getnetpath.c
+++ b/src/getnetpath.c
@@ -88,6 +88,7 @@ setnetpath()
}
if ((np_sessionp->nc_handlep = setnetconfig()) == NULL) {
syslog (LOG_ERR, "rpc: failed to open " NETCONFIG);
+ free(np_sessionp);
return (NULL);
}
np_sessionp->valid = NP_VALID;
diff --git a/src/rpc_generic.c b/src/rpc_generic.c
index 589cbd5..51f36ac 100644
--- a/src/rpc_generic.c
+++ b/src/rpc_generic.c
@@ -319,6 +319,7 @@ __rpc_setconf(nettype)
handle->nflag = FALSE;
break;
default:
+ free(handle);
return (NULL);
}
diff --git a/src/rpc_soc.c b/src/rpc_soc.c
index 5a6eeb7..a85cb17 100644
--- a/src/rpc_soc.c
+++ b/src/rpc_soc.c
@@ -663,15 +663,17 @@ svcunix_create(sock, sendsize, recvsize, path)
strcmp(nconf->nc_protofmly, NC_LOOPBACK) == 0)
break;
}
- if (nconf == NULL)
+ if (nconf == NULL) {
+ endnetconfig(localhandle);
return(xprt);
+ }
if ((sock = __rpc_nconf2fd(nconf)) < 0)
goto done;
memset(&sun, 0, sizeof sun);
sun.sun_family = AF_LOCAL;
- strncpy(sun.sun_path, path, sizeof(sun.sun_path));
+ strncpy(sun.sun_path, path, (sizeof(sun.sun_path)-1));
addrlen = sizeof(struct sockaddr_un);
sa = (struct sockaddr *)&sun;
@@ -692,6 +694,8 @@ svcunix_create(sock, sendsize, recvsize, path)
}
xprt = (SVCXPRT *)svc_tli_create(sock, nconf, &taddr, sendsize, recvsize);
+ if (xprt == NULL)
+ close(sock);
done:
endnetconfig(localhandle);
diff --git a/src/rpcb_clnt.c b/src/rpcb_clnt.c
index e45736a..0c34cb7 100644
--- a/src/rpcb_clnt.c
+++ b/src/rpcb_clnt.c
@@ -547,6 +547,7 @@ try_nconf:
if (tmpnconf == NULL) {
rpc_createerr.cf_stat = RPC_UNKNOWNPROTO;
mutex_unlock(&loopnconf_lock);
+ endnetconfig(nc_handle);
return (NULL);
}
loopnconf = getnetconfigent(tmpnconf->nc_netid);
diff --git a/src/rtime.c b/src/rtime.c
index b642840..29fbf0a 100644
--- a/src/rtime.c
+++ b/src/rtime.c
@@ -90,6 +90,7 @@ rtime(addrp, timep, timeout)
/* TCP and UDP port are the same in this case */
if ((serv = getservbyname("time", "tcp")) == NULL) {
+ do_close(s);
return(-1);
}
diff --git a/src/svc_generic.c b/src/svc_generic.c
index 52a56c2..20abaa2 100644
--- a/src/svc_generic.c
+++ b/src/svc_generic.c
@@ -113,6 +113,7 @@ svc_create(dispatch, prognum, versnum, nettype)
if (l == NULL) {
warnx("svc_create: no memory");
mutex_unlock(&xprtlist_lock);
+ __rpc_endconf(handle);
return (0);
}
l->xprt = xprt;
diff --git a/src/svc_simple.c b/src/svc_simple.c
index cb58002..c32fe0a 100644
--- a/src/svc_simple.c
+++ b/src/svc_simple.c
@@ -157,6 +157,7 @@ rpc_reg(prognum, versnum, procnum, progname, inproc, outproc, nettype)
((netid = strdup(nconf->nc_netid)) == NULL)) {
warnx(rpc_reg_err, rpc_reg_msg, __no_mem_str);
SVC_DESTROY(svcxprt);
+ free(xdrbuf);
break;
}
madenow = TRUE;

148
libtirpc-1-1-5-rc2.patch Normal file
View File

@ -0,0 +1,148 @@
git diff libtirpc-1-1-5-rc1..libtirpc-1-1-5-rc2
Commits:
3a17941 Fix EOF detection on non-blocking socket
e80e668 getrpcent.c: fix typo
9e738df __getpublickey_real: Removed a warning
959b200 getnetconfig.c: fix a BAD_FREE (CWE-763)
Signed-off-by: Petr Vorel <pvorel@suse.cz>
diff --git a/src/getnetconfig.c b/src/getnetconfig.c
index d67d97d..cfd33c2 100644
--- a/src/getnetconfig.c
+++ b/src/getnetconfig.c
@@ -681,6 +681,7 @@ struct netconfig *ncp;
{
struct netconfig *p;
char *tmp;
+ char *t;
u_int i;
if ((tmp=malloc(MAXNETCONFIGLINE)) == NULL)
@@ -700,22 +701,21 @@ struct netconfig *ncp;
*/
*p = *ncp;
p->nc_netid = (char *)strcpy(tmp,ncp->nc_netid);
- tmp = strchr(tmp, 0) + 1;
- p->nc_protofmly = (char *)strcpy(tmp,ncp->nc_protofmly);
- tmp = strchr(tmp, 0) + 1;
- p->nc_proto = (char *)strcpy(tmp,ncp->nc_proto);
- tmp = strchr(tmp, 0) + 1;
- p->nc_device = (char *)strcpy(tmp,ncp->nc_device);
+ t = strchr(tmp, 0) + 1;
+ p->nc_protofmly = (char *)strcpy(t,ncp->nc_protofmly);
+ t = strchr(t, 0) + 1;
+ p->nc_proto = (char *)strcpy(t,ncp->nc_proto);
+ t = strchr(t, 0) + 1;
+ p->nc_device = (char *)strcpy(t,ncp->nc_device);
p->nc_lookups = (char **)malloc((size_t)(p->nc_nlookups+1) * sizeof(char *));
if (p->nc_lookups == NULL) {
- free(p->nc_netid);
free(p);
free(tmp);
return(NULL);
}
for (i=0; i < p->nc_nlookups; i++) {
- tmp = strchr(tmp, 0) + 1;
- p->nc_lookups[i] = (char *)strcpy(tmp,ncp->nc_lookups[i]);
+ t = strchr(t, 0) + 1;
+ p->nc_lookups[i] = (char *)strcpy(t,ncp->nc_lookups[i]);
}
return(p);
}
diff --git a/src/getpublickey.c b/src/getpublickey.c
index 8cf4dc2..be37a24 100644
--- a/src/getpublickey.c
+++ b/src/getpublickey.c
@@ -74,7 +74,7 @@ __getpublickey_real(netname, publickey)
return (0);
}
*p = '\0';
- (void) strncpy(publickey, lookup, HEXKEYBYTES);
+ memcpy(publickey, lookup, HEXKEYBYTES);
publickey[HEXKEYBYTES] = '\0';
return (1);
}
diff --git a/src/getrpcent.c b/src/getrpcent.c
index cba4cd8..e49dc05 100644
--- a/src/getrpcent.c
+++ b/src/getrpcent.c
@@ -100,7 +100,7 @@ _rpcdata()
return (d);
}
-#if !HAVE_GETRPCBYNYMBER
+#if !HAVE_GETRPCBYNUMBER
struct rpcent *
getrpcbynumber(number)
int number;
diff --git a/src/svc_vc.c b/src/svc_vc.c
index 97a76a3..c23cd36 100644
--- a/src/svc_vc.c
+++ b/src/svc_vc.c
@@ -502,9 +502,14 @@ read_vc(xprtp, buf, len)
cfp = (struct cf_conn *)xprt->xp_p1;
if (cfp->nonblock) {
+ /* Since len == 0 is returned on zero length
+ * read or EOF errno needs to be reset before
+ * the read
+ */
+ errno = 0;
len = read(sock, buf, (size_t)len);
if (len < 0) {
- if (errno == EAGAIN)
+ if (errno == EAGAIN || errno == EWOULDBLOCK)
len = 0;
else
goto fatal_err;
diff --git a/src/xdr_rec.c b/src/xdr_rec.c
index 7d535cf..676cc82 100644
--- a/src/xdr_rec.c
+++ b/src/xdr_rec.c
@@ -61,6 +61,7 @@
#include <rpc/svc.h>
#include <rpc/clnt.h>
#include <stddef.h>
+#include <errno.h>
#include "rpc_com.h"
static bool_t xdrrec_getlong(XDR *, long *);
static bool_t xdrrec_putlong(XDR *, const long *);
@@ -537,7 +538,13 @@ __xdrrec_getrec(xdrs, statp, expectdata)
n = rstrm->readit(rstrm->tcp_handle, rstrm->in_hdrp,
(int)sizeof (rstrm->in_header) - rstrm->in_hdrlen);
if (n == 0) {
- *statp = expectdata ? XPRT_DIED : XPRT_IDLE;
+ /* EAGAIN or EWOULDBLOCK means a zero length
+ * read not an EOF.
+ */
+ if (errno == EAGAIN || errno == EWOULDBLOCK)
+ *statp = XPRT_IDLE;
+ else
+ *statp = expectdata ? XPRT_DIED : XPRT_IDLE;
return FALSE;
}
if (n < 0) {
@@ -564,6 +571,7 @@ __xdrrec_getrec(xdrs, statp, expectdata)
rstrm->in_header &= ~LAST_FRAG;
rstrm->last_frag = TRUE;
}
+ rstrm->in_haveheader = 1;
}
n = rstrm->readit(rstrm->tcp_handle,
@@ -576,7 +584,13 @@ __xdrrec_getrec(xdrs, statp, expectdata)
}
if (n == 0) {
- *statp = expectdata ? XPRT_DIED : XPRT_IDLE;
+ /* EAGAIN or EWOULDBLOCK means a zero length
+ * read not an EOF.
+ */
+ if (errno == EAGAIN || errno == EWOULDBLOCK)
+ *statp = XPRT_IDLE;
+ else
+ *statp = expectdata ? XPRT_DIED : XPRT_IDLE;
return FALSE;
}

3
libtirpc-1.0.3.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:86c3a78fc1bddefa96111dd233124c703b22a78884203c55c3e06b3be6a0fd5e
size 509831

3
libtirpc-1.1.4.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2ca529f02292e10c158562295a1ffd95d2ce8af97820e3534fe1b0e3aec7561d
size 510924

23
libtirpc.changes
View File

@ -1,3 +1,26 @@
-------------------------------------------------------------------
Wed Oct 16 11:46:28 UTC 2019 - Petr Vorel <pvorel@suse.cz>
- Updated to libtirpc 1.1.5 rc2 (this includes changes in 1.1.4 release)
- add libtirpc-1-1-5-rc1.patch and libtirpc-1-1-5-rc2.patch to reflect
upstream changes after 1.1.4 release
- remove /etc/bindresvport.blacklist as it's still supported by glibc
although it's not compiled with --enable-obsolete-rpc
- Drop patches accepted in previous releases or not needed
- 000-bindresvport_blacklist.patch (accepted in 5b037cc9, libtirpc 1.1.4)
- 001-new-rpcbindsock-path.patch (not needed, rpcbind now uses /var/run directory)
- 002-revert-binddynport.patch (fixed in 2802259, libtirpc-1-0-4-rc1)
- 0001-Fix-regression-introduced-by-change-rpc-version-orde.patch
(backport of 25d38d7, libtirpc-1-0-4-rc1)
- 0001-xdrstdio_create-buffers-do-not-output-encoded-values.patch
(backport of 145272c, libtirpc-1-0-4-rc2)
- Add fixes from upcomming release
- 0001-Makefile.am-Use-LIBADD-instead-of-LDFLAGS-to-link-ag.patch
- 0003-man-rpc_secure.3t-Fix-typo-in-manpage.patch
- 0004-xdr-add-a-defensive-mask-in-xdr_int64_t-and-xdr_u_in.patch
-------------------------------------------------------------------
Mon Mar 11 15:23:12 UTC 2019 - Michal Suchanek <msuchanek@suse.de>

19
libtirpc.spec
View File

@ -18,7 +18,7 @@
Name: libtirpc
# src/crypt_client.c and tirpc/rpcsvc/crypt.x have the BSD advertising clause
Version: 1.0.3
Version: 1.1.4
Release: 0
Summary: Transport Independent RPC Library
License: BSD-3-Clause
@ -34,13 +34,8 @@ BuildRequires: pkg-config
Url: https://sourceforge.net/projects/libtirpc/
Source: %{name}-%{version}.tar.bz2
Source1: baselibs.conf
Patch0: 000-bindresvport_blacklist.patch
# only needed on openSUSE >= 13.1, SLE >= 12
Patch1: 001-new-rpcbindsock-path.patch
# Revert upstream change until tirpc 1.0.4 with a final solutions comes out
Patch2: 002-revert-binddynport.patch
Patch3: 0001-Fix-regression-introduced-by-change-rpc-version-orde.patch
Patch16: 0001-xdrstdio_create-buffers-do-not-output-encoded-values.patch
Patch0: libtirpc-1-1-5-rc1.patch
Patch1: libtirpc-1-1-5-rc2.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%define debug_package_requires libtirpc3 = %{version}-%{release}
@ -85,13 +80,8 @@ TCP over IPv4.
%prep
%setup -q -n %name-%version
%patch0 -p0
%if 0%{suse_version} >= 1310
%patch0 -p1
%patch1 -p1
%endif
%patch2 -p1
%patch3 -p1
%patch16 -p1
%build
sed -i -e 's|@includedir@/tirpc|@includedir@|g' libtirpc.pc.in
@ -118,6 +108,7 @@ mv -v %{buildroot}/%{_lib}/pkgconfig %{buildroot}/%{_libdir}
# they are now default
mv -v %{buildroot}%{_includedir}/tirpc/* %{buildroot}%{_includedir}
rmdir %{buildroot}%{_includedir}/tirpc
rm -v %{buildroot}/etc/bindresvport.blacklist
%post -n libtirpc3 -p /sbin/ldconfig