forked from pool/glibc
Andreas Schwab
a9219ffbc4
- Update to glibc 2.41
* In /etc/resolv.conf and the RES_OPTIONS environment variable, option
flags can now be prefixed with “-” to clear previously set flags
* The DNS stub resolver now supports the strict-error option
* On Linux, the sched_setattr and sched_getattr functions have been
added
* The iconv program now supports converting files in place
* Character encoding, character type info, and transliteration tables
have been updated to Unicode 16.0.0
* The following ISO C23 function families (introduced in TS
18661-4:2015) are now supported in <math.h>:
- Trigonometric functions: acospi, asinpi, atan2pi, atanpi, cospi,
sinpi, tanpi.
* The GNU C Library now supports a feature test macro _ISOC2Y_SOURCE to
enable features from the draft ISO C2Y standard
* Optimized and correctly rounded exp10m1f, exp2m1f, expm1f, log10f,
log2p1f, log1pf, log10p1f, cbrtf, erff, erfcf, lgammaf, tgammaf,
tanf, acosf, acoshf, asinf, asinhf, atanf, atan2f, atanhf, coshf,
sinhf, and tanhf functions have been added from the CORE-MATH
project <https://core-math.gitlabpages.inria.fr/>
* A new tunable, glibc.rtld.execstack, can be used to control whether an
executable stack is allowed from the main program, either implicitly
due to a mising GNU_STACK ELF header or explicit explicitly because
of the executable bit in GNU_STACK
* Support for the extensible rseq ABI introduced in the Linux kernel
version 6.3 has been added
* The GNU C Library now supports the Guarded Control Stack extension
that allows to use shadow stacks on AArch64 systems that support this
extension
* Significant effort has been put into improving the code generation
OBS-URL: https://build.opensuse.org/request/show/1242430
OBS-URL: https://build.opensuse.org/package/show/Base:System/glibc?expand=0&rev=730
159 lines
3.5 KiB
Diff
159 lines
3.5 KiB
Diff
Index: glibc-2.32/inet/bindresvport.c
|
|
===================================================================
|
|
--- glibc-2.32.orig/inet/bindresvport.c
|
|
+++ glibc-2.32/inet/bindresvport.c
|
|
@@ -29,6 +29,9 @@
|
|
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*/
|
|
|
|
+#include <stdio.h>
|
|
+#include <ctype.h>
|
|
+#include <stdlib.h>
|
|
#include <errno.h>
|
|
#include <unistd.h>
|
|
#include <string.h>
|
|
@@ -42,6 +45,93 @@
|
|
*/
|
|
__libc_lock_define_initialized (static, lock);
|
|
|
|
+#define STARTPORT 600
|
|
+#define LOWPORT 512
|
|
+#define ENDPORT (IPPORT_RESERVED - 1)
|
|
+#define NPORTS (ENDPORT - STARTPORT + 1)
|
|
+
|
|
+/* Read the file /etc/rpc.blacklisted, so that we don't bind to these
|
|
+ ports. */
|
|
+
|
|
+static int blacklist_read;
|
|
+static int *list;
|
|
+static int list_size = 0;
|
|
+
|
|
+static void
|
|
+load_blacklist (void)
|
|
+{
|
|
+ FILE *fp;
|
|
+ char *buf = NULL;
|
|
+ size_t buflen = 0;
|
|
+ int size = 0, ptr = 0;
|
|
+
|
|
+ __libc_lock_lock (lock);
|
|
+ if (blacklist_read)
|
|
+ goto unlock;
|
|
+ blacklist_read = 1;
|
|
+
|
|
+ fp = fopen ("/etc/bindresvport.blacklist", "r");
|
|
+ if (fp == NULL)
|
|
+ goto unlock;
|
|
+
|
|
+ while (!feof_unlocked (fp))
|
|
+ {
|
|
+ unsigned long port;
|
|
+ char *tmp, *cp;
|
|
+ ssize_t n = __getline (&buf, &buflen, fp);
|
|
+ if (n < 1)
|
|
+ break;
|
|
+
|
|
+ cp = buf;
|
|
+ /* Remove comments. */
|
|
+ tmp = strchr (cp, '#');
|
|
+ if (tmp)
|
|
+ *tmp = '\0';
|
|
+ /* Remove spaces and tabs. */
|
|
+ while (isspace ((unsigned char) *cp))
|
|
+ ++cp;
|
|
+ /* Ignore empty lines. */
|
|
+ if (*cp == '\0')
|
|
+ continue;
|
|
+ if (cp[strlen (cp) - 1] == '\n')
|
|
+ cp[strlen (cp) - 1] = '\0';
|
|
+
|
|
+ port = strtoul (cp, &tmp, 0);
|
|
+ while (isspace ((unsigned char) *tmp))
|
|
+ ++tmp;
|
|
+ if (*tmp != '\0' || (port == ULONG_MAX && errno == ERANGE))
|
|
+ continue;
|
|
+
|
|
+ /* Don't bother with out-of-range ports. */
|
|
+ if (port < LOWPORT || port > ENDPORT)
|
|
+ continue;
|
|
+
|
|
+ if (ptr >= size)
|
|
+ {
|
|
+ size += 10;
|
|
+ int *new_list = realloc (list, size * sizeof (int));
|
|
+ if (new_list == NULL)
|
|
+ {
|
|
+ free (list);
|
|
+ list = NULL;
|
|
+ free (buf);
|
|
+ goto unlock;
|
|
+ }
|
|
+ list = new_list;
|
|
+ }
|
|
+
|
|
+ list[ptr++] = port;
|
|
+ }
|
|
+
|
|
+ fclose (fp);
|
|
+ free (buf);
|
|
+ list_size = ptr;
|
|
+
|
|
+ unlock:
|
|
+ __libc_lock_unlock (lock);
|
|
+}
|
|
+
|
|
+
|
|
/*
|
|
* Bind a socket to a privileged IP port
|
|
*/
|
|
@@ -52,12 +142,11 @@ bindresvport (int sd, struct sockaddr_in
|
|
struct sockaddr_in myaddr;
|
|
int i;
|
|
|
|
-#define STARTPORT 600
|
|
-#define LOWPORT 512
|
|
-#define ENDPORT (IPPORT_RESERVED - 1)
|
|
-#define NPORTS (ENDPORT - STARTPORT + 1)
|
|
static short startport = STARTPORT;
|
|
|
|
+ if (!blacklist_read)
|
|
+ load_blacklist ();
|
|
+
|
|
if (sin == (struct sockaddr_in *) 0)
|
|
{
|
|
sin = &myaddr;
|
|
@@ -75,6 +164,7 @@ bindresvport (int sd, struct sockaddr_in
|
|
port = (__getpid () % NPORTS) + STARTPORT;
|
|
}
|
|
|
|
+ __set_errno (EADDRINUSE);
|
|
/* Initialize to make gcc happy. */
|
|
int res = -1;
|
|
|
|
@@ -86,12 +176,22 @@ bindresvport (int sd, struct sockaddr_in
|
|
again:
|
|
for (i = 0; i < nports; ++i)
|
|
{
|
|
- sin->sin_port = htons (port++);
|
|
- if (port > endport)
|
|
- port = startport;
|
|
+ int j;
|
|
+
|
|
+ sin->sin_port = htons (port);
|
|
+
|
|
+ /* Check that this port is not blacklisted. */
|
|
+ for (j = 0; j < list_size; j++)
|
|
+ if (port == list[j])
|
|
+ goto try_next_port;
|
|
+
|
|
res = __bind (sd, sin, sizeof (struct sockaddr_in));
|
|
if (res >= 0 || errno != EADDRINUSE)
|
|
break;
|
|
+
|
|
+ try_next_port:
|
|
+ if (++port > endport)
|
|
+ port = startport;
|
|
}
|
|
|
|
if (i == nports && startport != LOWPORT)
|