From 1a37a695afffd5764e87790eb357837e73c6fbed23ae102895f2af1d523aeeeb Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Tue, 18 Nov 2008 16:28:47 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libtirpc?expand=0&rev=6 --- libtirpc-clnt_broadcast_fix.patch | 34 +++++++++ ...irpc-rpc_broadcast_misformed_replies.patch | 74 +++++++++++++++++++ libtirpc.changes | 6 ++ libtirpc.spec | 9 ++- 4 files changed, 122 insertions(+), 1 deletion(-) create mode 100644 libtirpc-clnt_broadcast_fix.patch create mode 100644 libtirpc-rpc_broadcast_misformed_replies.patch diff --git a/libtirpc-clnt_broadcast_fix.patch b/libtirpc-clnt_broadcast_fix.patch new file mode 100644 index 0000000..acafde1 --- /dev/null +++ b/libtirpc-clnt_broadcast_fix.patch @@ -0,0 +1,34 @@ +commit 8d096a0572b955835f7f64f267a29047091e0a8e +Author: Olaf Kirch +Date: Wed Nov 12 16:10:53 2008 +0100 + + Fix a bug in clnt broadcast + + Before calling the replyproc function on a broadcast reply, + we convert the server-provided address using uaddr2taddr. + This may fail (eg if the server provided a garbage address), + and return NULL. In this case, we should not call the replyproc + function - because the caller expects the address netbuf to + be a valid pointer, rather than NULL. + + Signed-off-by: Olaf Kirch + +diff --git a/src/clnt_bcast.c b/src/clnt_bcast.c +index aa2b8f2..899eb76 100644 +--- a/src/clnt_bcast.c ++++ b/src/clnt_bcast.c +@@ -607,9 +607,11 @@ rpc_broadcast_exp(prog, vers, proc, xargs, argsp, xresults, resultsp, + #endif + np = uaddr2taddr( + fdlist[i].nconf, uaddrp); +- done = (*eachresult)(resultsp, +- np, fdlist[i].nconf); +- free(np); ++ if (np != NULL) { ++ done = (*eachresult)(resultsp, ++ np, fdlist[i].nconf); ++ free(np); ++ } + #ifdef PORTMAP + } + #endif /* PORTMAP */ diff --git a/libtirpc-rpc_broadcast_misformed_replies.patch b/libtirpc-rpc_broadcast_misformed_replies.patch new file mode 100644 index 0000000..04c937b --- /dev/null +++ b/libtirpc-rpc_broadcast_misformed_replies.patch @@ -0,0 +1,74 @@ +commit 17619288497d76ade1671f0adbda682548d026d5 +Author: Olaf Kirch +Date: Thu Nov 13 10:24:39 2008 +0100 + + rpc_broadcast: handle misformed rpcbind replies + + Some rpcbind implementations seem to return IPv6 uaddrs + in response to an IPv4 broadcast (which is probably due + to their using a single v6 socket to handle both v6 and + v4 requests). + + We can either discard these replies, or fix them up silently. + Here's a patch that implements the latter. + + Signed-off-by: Olaf Kirch + +diff --git a/src/clnt_bcast.c b/src/clnt_bcast.c +index 899eb76..55efc9d 100644 +--- a/src/clnt_bcast.c ++++ b/src/clnt_bcast.c +@@ -227,6 +227,39 @@ __rpc_broadenable(int af, int s, struct broadif *bip) + return 0; + } + ++/* ++ * Some rpcbind implementations use an IPv6 socket to serve both ++ * IPv4 and IPv6 messages, but neglect to check for the caller's ++ * address family when sending broadcast replies. These rpcbind ++ * implementations return an IPv6 address in reply to an IPv4 ++ * broadcast. We can either ignore them, or try to patch them up. ++ */ ++static struct netbuf * ++__ipv6v4_fixup(struct sockaddr_storage *ss, const char *uaddr) ++{ ++ struct sockaddr_in sin; ++ struct netbuf *np; ++ ++ /* ss is the remote rpcbind server's address */ ++ if (ss->ss_family != AF_INET) ++ return NULL; ++ memcpy(&sin, ss, sizeof(sin)); ++ ++ np = __rpc_uaddr2taddr_af(AF_INET6, uaddr); ++ if (np == NULL) ++ return NULL; ++ ++ /* Overwrite the port with that of the service we ++ * wanted to talk to. */ ++ sin.sin_port = ((struct sockaddr_in6 *) np)->sin6_port; ++ ++ /* We know netbuf holds a sockaddr_in6, so it can easily ++ * hold a sockaddr_in as well. */ ++ memcpy(np->buf, &sin, sizeof(sin)); ++ np->len = sizeof(sin); ++ ++ return np; ++} + + enum clnt_stat + rpc_broadcast_exp(prog, vers, proc, xargs, argsp, xresults, resultsp, +@@ -607,6 +640,13 @@ rpc_broadcast_exp(prog, vers, proc, xargs, argsp, xresults, resultsp, + #endif + np = uaddr2taddr( + fdlist[i].nconf, uaddrp); ++ /* Some misguided rpcbind implemenations ++ * seem to return an IPv6 uaddr in IPv4 ++ * responses. */ ++ if (np == NULL) ++ np = __ipv6v4_fixup( ++ &fdlist[i].raddr, ++ uaddrp); + if (np != NULL) { + done = (*eachresult)(resultsp, + np, fdlist[i].nconf); diff --git a/libtirpc.changes b/libtirpc.changes index 5fd287e..2965f27 100644 --- a/libtirpc.changes +++ b/libtirpc.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Nov 17 16:20:57 CET 2008 - mkoenig@suse.de + +- Fix a bug in clnt broadcast and handle misformed rpcbind replies + [bnc#436038] + ------------------------------------------------------------------- Wed Oct 22 16:17:26 CEST 2008 - mrueckert@suse.de diff --git a/libtirpc.spec b/libtirpc.spec index 3290986..70a2711 100644 --- a/libtirpc.spec +++ b/libtirpc.spec @@ -24,7 +24,7 @@ License: Other uncritical OpenSource License; Sun Industry Standards Sour Group: System/Libraries AutoReqProv: on Version: 0.1.9 -Release: 3 +Release: 4 Summary: Transport Independent RPC Library Url: http://nfsv4.bullopensource.org/doc/tirpc_rpcbind.php Source: %{name}-%{version}.tar.bz2 @@ -41,6 +41,8 @@ Patch9: libtirpc-0.1.9-0009-Fix-getpeereid.patch Patch10: libtirpc-0.1.9-0010-Fix-__rpc_getconfip.patch # Patch20: libtirpc-0.1.7-use_sysconfdir.patch +Patch21: libtirpc-clnt_broadcast_fix.patch +Patch22: libtirpc-rpc_broadcast_misformed_replies.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %define debug_package_requires libtirpc1 = %{version}-%{release} @@ -107,6 +109,8 @@ Authors: %patch9 -p1 %patch10 -p1 %patch20 -p1 +%patch21 -p1 +%patch22 -p1 %build autoreconf -fi @@ -152,6 +156,9 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man3/* %changelog +* Mon Nov 17 2008 mkoenig@suse.de +- Fix a bug in clnt broadcast and handle misformed rpcbind replies + [bnc#436038] * Wed Oct 22 2008 mrueckert@suse.de - fix debug_packages_requires define * Wed Oct 01 2008 mkoenig@suse.de