SHA256
1
0
forked from pool/libtirpc

Accepting request 750501 from Base:System

OBS-URL: https://build.opensuse.org/request/show/750501
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libtirpc?expand=0&rev=51
This commit is contained in:
Dominique Leuenberger 2019-12-02 10:26:29 +00:00 committed by Git OBS Bridge
commit 5bbe0a79e4
14 changed files with 477 additions and 583 deletions

View File

@ -1,135 +0,0 @@
From: Olaf Kirch <okir@suse.de>
Subject: make libtirpc honor /etc/bindresvport.blacklist
Signed-off-by: Olaf Kirch <okir@suse.de>
--- src/bindresvport.c 2015-04-23 21:22:56.986448281 +0200
+++ src/bindresvport.c 2015-04-23 21:48:06.501561665 +0200
@@ -39,7 +39,10 @@
#include <netdb.h>
#include <netinet/in.h>
+#include <stdio.h>
+#include <ctype.h>
#include <errno.h>
+#include <stdlib.h>
#include <string.h>
#include <unistd.h>
@@ -68,6 +71,80 @@
#define ENDPORT (IPPORT_RESERVED - 1)
#define NPORTS (ENDPORT - STARTPORT + 1)
+/*
+ * Read the file /etc/bindresvport.blacklist, so that we don't bind
+ * to these ports.
+ */
+
+static int blacklist_read;
+static int *list;
+static int list_size = 0;
+
+static void
+load_blacklist (void)
+{
+ FILE *fp;
+ char *buf = NULL;
+ size_t buflen = 0;
+ int size = 0, ptr = 0;
+
+ blacklist_read = 1;
+
+ fp = fopen ("/etc/bindresvport.blacklist", "r");
+ if (NULL == fp)
+ return;
+
+ while (!feof (fp))
+ {
+ unsigned long port;
+ char *tmp, *cp;
+ ssize_t n = getline (&buf, &buflen, fp);
+ if (n < 1)
+ break;
+
+ cp = buf;
+ tmp = strchr (cp, '#'); /* remove comments */
+ if (tmp)
+ *tmp = '\0';
+ while (isspace ((int)*cp)) /* remove spaces and tabs */
+ ++cp;
+ if (*cp == '\0') /* ignore empty lines */
+ continue;
+ if (cp[strlen (cp) - 1] == '\n')
+ cp[strlen (cp) - 1] = '\0';
+
+ port = strtoul (cp, &tmp, 0);
+ while (isspace(*tmp))
+ ++tmp;
+ if (*tmp != '\0' || (port == ULONG_MAX && errno == ERANGE))
+ continue;
+
+ /* Don't bother with out-of-range ports */
+ if (port < LOWPORT || port > ENDPORT)
+ continue;
+
+ if (ptr >= size)
+ {
+ size += 10;
+ list = realloc (list, size * sizeof (int));
+ if (list == NULL)
+ {
+ free (buf);
+ return;
+ }
+ }
+
+ list[ptr++] = port;
+ }
+
+ fclose (fp);
+
+ if (buf)
+ free (buf);
+
+ list_size = ptr;
+}
+
int
bindresvport_sa(sd, sa)
int sd;
@@ -87,6 +164,9 @@
int endport = ENDPORT;
int i;
+ if (!blacklist_read)
+ load_blacklist();
+
mutex_lock(&port_lock);
nports = ENDPORT - startport + 1;
@@ -132,12 +212,21 @@
errno = EADDRINUSE;
again:
for (i = 0; i < nports; ++i) {
- *portp = htons(port++);
- if (port > endport)
- port = startport;
- res = bind(sd, sa, salen);
+ int j;
+
+ /* Check if this port is not blacklisted. */
+ for (j = 0; j < list_size; j++)
+ if (port == list[j])
+ goto try_next_port;
+
+ *portp = htons(port);
+ res = bind(sd, sa, salen);
if (res >= 0 || errno != EADDRINUSE)
break;
+
+try_next_port:
+ if (++port > endport)
+ port = startport;
}
if (i == nports && startport != LOWPORT) {
startport = LOWPORT;

View File

@ -1,73 +0,0 @@
From 25d38d744997d5ff03d8b0f2cdd79c0fb7185cca Mon Sep 17 00:00:00 2001
From: Thomas Blume <Thomas.Blume@suse.com>
Date: Wed, 18 Apr 2018 08:44:49 -0400
Subject: [PATCH] Fix regression introduced by change rpc version order patch
Fix a socket leak introduced by commit 5e7b57bc20bd9cadff
(rpcinfo: change order of version to be tried to 4, 3, 2)
The new function __try_protocol_version_2 doesn't return
the client, so it can't be closed via CLNT_DESTROY in the
calling function.
Signed-off-by: Thomas Blume <Thomas.Blume@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
src/rpcb_clnt.c | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
diff --git a/src/rpcb_clnt.c b/src/rpcb_clnt.c
index a94fc73..4b44364 100644
--- a/src/rpcb_clnt.c
+++ b/src/rpcb_clnt.c
@@ -752,7 +752,7 @@ __try_protocol_version_2(program, version, nconf, host, tp)
client = getpmaphandle(nconf, host, &parms.r_addr);
if (client == NULL)
- return (NULL);
+ goto error;
/*
* Set retry timeout.
@@ -771,11 +771,11 @@ __try_protocol_version_2(program, version, nconf, host, tp)
if (clnt_st != RPC_SUCCESS) {
rpc_createerr.cf_stat = RPC_PMAPFAILURE;
clnt_geterr(client, &rpc_createerr.cf_error);
- return (NULL);
+ goto error;
} else if (port == 0) {
pmapaddress = NULL;
rpc_createerr.cf_stat = RPC_PROGNOTREGISTERED;
- return (NULL);
+ goto error;
}
port = htons(port);
CLNT_CONTROL(client, CLGET_SVC_ADDR, (char *)&remote);
@@ -789,14 +789,24 @@ __try_protocol_version_2(program, version, nconf, host, tp)
free(pmapaddress);
pmapaddress = NULL;
}
- return (NULL);
+ goto error;
}
memcpy(pmapaddress->buf, remote.buf, remote.len);
memcpy(&((char *)pmapaddress->buf)[sizeof (short)],
(char *)(void *)&port, sizeof (short));
pmapaddress->len = pmapaddress->maxlen = remote.len;
+ CLNT_DESTROY(client);
return pmapaddress;
+
+error:
+ if (client) {
+ CLNT_DESTROY(client);
+ client = NULL;
+
+ }
+ return (NULL);
+
}
#endif
--
2.13.6

View File

@ -0,0 +1,36 @@
From 013cc45abef8055b3ee135fc072e402611a4a3f0 Mon Sep 17 00:00:00 2001
From: Laurent Bigonville <bigon@bigon.be>
Date: Tue, 11 Jun 2019 11:34:16 -0400
Subject: [PATCH 1/7] Makefile.am: Use LIBADD instead of LDFLAGS to link
against krb5
LDFLAGS shouldn't be used to link against libraries as this would break
positional flags like --as-needed
Use LIBADD instead
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1639032
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Petr Vorel <pvorel@suse.cz>
[Upstream status: 013cc45abef8055b3ee135fc072e402611a4a3f0]
---
src/Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/Makefile.am b/src/Makefile.am
index 932414d..b40a6b4 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -38,7 +38,7 @@ endif
if GSS
libtirpc_la_SOURCES += auth_gss.c authgss_prot.c svc_auth_gss.c \
rpc_gss_utils.c
- libtirpc_la_LDFLAGS += $(GSSAPI_LIBS)
+ libtirpc_la_LIBADD = $(GSSAPI_LIBS)
libtirpc_la_CFLAGS = -DHAVE_RPCSEC_GSS $(GSSAPI_CFLAGS)
endif
--
2.23.0

View File

@ -1,69 +0,0 @@
From 145272c2b6d89a1c3a7de86a2cbef43880f1b61b Mon Sep 17 00:00:00 2001
From: Steve Dickson <steved@redhat.com>
Date: Wed, 11 Jul 2018 11:21:39 -0400
Subject: [PATCH] xdrstdio_create buffers do not output encoded values on ppc
References: bsc#1126096
Patch-mainline: libtirpc-1-0-4
Git-commit: 145272c2b6d89a1c3a7de86a2cbef43880f1b61b
The cause is that the xdr_putlong uses a long to store the
converted value, then passes it to fwrite as a byte buffer.
Only the first 4 bytes are written, which is okay for a LE
system after byteswapping, but writes all zeroes on BE systems.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1261738
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
Acked-by: Michal Suchanek <msuchanek@suse.de>
---
src/xdr_stdio.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/src/xdr_stdio.c b/src/xdr_stdio.c
index 4410262275b6..846c7bf2a9c7 100644
--- a/src/xdr_stdio.c
+++ b/src/xdr_stdio.c
@@ -38,6 +38,7 @@
*/
#include <stdio.h>
+#include <stdint.h>
#include <arpa/inet.h>
#include <rpc/types.h>
@@ -103,10 +104,12 @@ xdrstdio_getlong(xdrs, lp)
XDR *xdrs;
long *lp;
{
+ int32_t mycopy;
- if (fread(lp, sizeof(int32_t), 1, (FILE *)xdrs->x_private) != 1)
+ if (fread(&mycopy, sizeof(int32_t), 1, (FILE *)xdrs->x_private) != 1)
return (FALSE);
- *lp = (long)ntohl((u_int32_t)*lp);
+
+ *lp = (long)ntohl(mycopy);
return (TRUE);
}
@@ -115,8 +118,14 @@ xdrstdio_putlong(xdrs, lp)
XDR *xdrs;
const long *lp;
{
- long mycopy = (long)htonl((u_int32_t)*lp);
+ int32_t mycopy;
+
+#if defined(_LP64)
+ if ((*lp > UINT32_MAX) || (*lp < INT32_MIN))
+ return (FALSE);
+#endif
+ mycopy = (int32_t)htonl((int32_t)*lp);
if (fwrite(&mycopy, sizeof(int32_t), 1, (FILE *)xdrs->x_private) != 1)
return (FALSE);
return (TRUE);
--
2.20.1

View File

@ -0,0 +1,31 @@
From e51590d6c4ab61f1a22a2f47104053fe2966ecdd Mon Sep 17 00:00:00 2001
From: Laurent Bigonville <bigon@bigon.be>
Date: Tue, 11 Jun 2019 11:53:14 -0400
Subject: [PATCH 3/7] man/rpc_secure.3t: Fix typo in manpage
Currently the publickey parameter of the authdes_pk_create() function is
not displayed because of a typo
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Petr Vorel <pvorel@suse.cz>
[Upstream status: e51590d6c4ab61f1a22a2f47104053fe2966ecdd]
---
man/rpc_secure.3t | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/man/rpc_secure.3t b/man/rpc_secure.3t
index 4a1ad93..404df0b 100644
--- a/man/rpc_secure.3t
+++ b/man/rpc_secure.3t
@@ -19,7 +19,7 @@
.Ft AUTH *
.Fo authdes_pk_create
.Fa "char *name"
-.FA "netobj *publickey"
+.Fa "netobj *publickey"
.Fa "unsigned window"
.Fa "struct sockaddr *addr"
.Fa "des_block *ckey"
--
2.23.0

View File

@ -0,0 +1,44 @@
From d1208b5de7b52172a34e3a7262e96f99830c9770 Mon Sep 17 00:00:00 2001
From: Stefano Garzarella <sgarzare@redhat.com>
Date: Tue, 3 Sep 2019 10:54:11 -0400
Subject: [PATCH 4/7] xdr: add a defensive mask in xdr_int64_t() and
xdr_u_int64_t()
In order to be more defensive, we should mask bits of u_int64_t
value if we want to use only the first 32bit.
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Petr Vorel <pvorel@suse.cz>
[Upstream status: d1208b5de7b52172a34e3a7262e96f99830c9770]
---
src/xdr.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/xdr.c b/src/xdr.c
index b9a1558..28d1382 100644
--- a/src/xdr.c
+++ b/src/xdr.c
@@ -877,7 +877,8 @@ xdr_int64_t(xdrs, llp)
if (XDR_GETLONG(xdrs, (long *)&ul[1]) == FALSE)
return (FALSE);
*llp = (int64_t)
- (((u_int64_t)ul[0] << 32) | ((u_int64_t)ul[1]));
+ (((u_int64_t)ul[0] << 32) |
+ ((u_int64_t)(ul[1]) & 0xffffffff));
return (TRUE);
case XDR_FREE:
return (TRUE);
@@ -910,7 +911,8 @@ xdr_u_int64_t(xdrs, ullp)
if (XDR_GETLONG(xdrs, (long *)&ul[1]) == FALSE)
return (FALSE);
*ullp = (u_int64_t)
- (((u_int64_t)ul[0] << 32) | ((u_int64_t)ul[1]));
+ (((u_int64_t)ul[0] << 32) |
+ ((u_int64_t)(ul[1]) & 0xffffffff));
return (TRUE);
case XDR_FREE:
return (TRUE);
--
2.23.0

View File

@ -1,35 +0,0 @@
Starting with openSUSE 13.1, rpcbind creates its socket in /var rather that /var/run.
Update libtirpc to go looking for it in the right place.
Signed-off-by: Olaf Kirch <okir@suse.de>
---
tirpc/rpc/rpcb_prot.h | 2 +-
tirpc/rpc/rpcb_prot.x | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
Index: libtirpc-0.2.4-rc2/tirpc/rpc/rpcb_prot.h
===================================================================
--- libtirpc-0.2.4-rc2/tirpc/rpc/rpcb_prot.h
+++ libtirpc-0.2.4-rc2/tirpc/rpc/rpcb_prot.h
@@ -476,7 +476,7 @@ extern bool_t xdr_netbuf(XDR *, struct n
#define RPCBVERS_3 RPCBVERS
#define RPCBVERS_4 RPCBVERS4
-#define _PATH_RPCBINDSOCK "/var/run/rpcbind.sock"
+#define _PATH_RPCBINDSOCK "/run/rpcbind.sock"
#else /* ndef _KERNEL */
#ifdef __cplusplus
Index: libtirpc-0.2.4-rc2/tirpc/rpc/rpcb_prot.x
===================================================================
--- libtirpc-0.2.4-rc2/tirpc/rpc/rpcb_prot.x
+++ libtirpc-0.2.4-rc2/tirpc/rpc/rpcb_prot.x
@@ -410,7 +410,7 @@ program RPCBPROG {
%#define RPCBVERS_3 RPCBVERS
%#define RPCBVERS_4 RPCBVERS4
%
-%#define _PATH_RPCBINDSOCK "/var/run/rpcbind.sock"
+%#define _PATH_RPCBINDSOCK "/run/rpcbind.sock"
%
%#else /* ndef _KERNEL */
%#ifdef __cplusplus

View File

@ -1,256 +0,0 @@
diff --git a/src/Makefile.am b/src/Makefile.am
index 932414d..fba2aa4 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -15,9 +15,8 @@ lib_LTLIBRARIES = libtirpc.la
libtirpc_la_LDFLAGS = @LDFLAG_NOUNDEFINED@ -no-undefined -lpthread
libtirpc_la_LDFLAGS += -version-info @LT_VERSION_INFO@
-libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c \
- binddynport.c bindresvport.c \
- clnt_bcast.c clnt_dg.c clnt_generic.c clnt_perror.c clnt_raw.c clnt_simple.c \
+libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c bindresvport.c clnt_bcast.c \
+ clnt_dg.c clnt_generic.c clnt_perror.c clnt_raw.c clnt_simple.c \
clnt_vc.c rpc_dtablesize.c getnetconfig.c getnetpath.c getrpcent.c \
getrpcport.c mt_misc.c pmap_clnt.c pmap_getmaps.c pmap_getport.c \
pmap_prot.c pmap_prot2.c pmap_rmt.c rpc_prot.c rpc_commondata.c \
diff --git a/src/binddynport.c b/src/binddynport.c
deleted file mode 100644
index 062629a..0000000
--- a/src/binddynport.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/*
- * Copyright (c) 2018, Oracle America, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * - Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- * - Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * - Neither the name of "Oracle America, Inc." nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <sys/time.h>
-
-#include <netdb.h>
-#include <netinet/in.h>
-
-#include <stdlib.h>
-#include <unistd.h>
-#include <errno.h>
-#include <string.h>
-
-#include <rpc/rpc.h>
-
-#include "reentrant.h"
-#include "rpc_com.h"
-
-extern pthread_mutex_t port_lock;
-
-/*
- * Dynamic port range as defined in RFC 6335 Section 6.
- * This range avoids all IANA-assigned service port
- * numbers.
- */
-enum {
- LOWPORT = 49152,
- ENDPORT = 65534,
- NPORTS = ENDPORT - LOWPORT + 1,
-};
-
-/*
- * Bind a socket to a dynamically-assigned IP port.
- *
- * @fd is an open but unbound socket.
- *
- * On each call, a port number is chosen at random from
- * within the dynamic/private port range, even if the
- * caller has CAP_NET_ADMIN_BIND.
- *
- * Returns 0 on success, -1 on failure. errno may be
- * set to a non-determinant value.
- *
- * This function is re-entrant.
- */
-int __binddynport(int fd)
-{
- struct sockaddr_storage ss;
-#ifdef INET6
- struct sockaddr_in6 *sin6;
-#endif
- struct sockaddr_in *sin;
- static unsigned int seed;
- in_port_t port, *portp;
- struct sockaddr *sap;
- socklen_t salen;
- int i, res;
-
- if (__rpc_sockisbound(fd))
- return 0;
-
- res = -1;
- sap = (struct sockaddr *)(void *)&ss;
- salen = sizeof(ss);
- memset(sap, 0, salen);
-
- mutex_lock(&port_lock);
-
- if (getsockname(fd, sap, &salen) == -1)
- goto out;
-
- switch (ss.ss_family) {
- case AF_INET:
- sin = (struct sockaddr_in *)(void *)&ss;
- portp = &sin->sin_port;
- salen = sizeof(struct sockaddr_in);
- break;
-#ifdef INET6
- case AF_INET6:
- sin6 = (struct sockaddr_in6 *)(void *)&ss;
- portp = &sin6->sin6_port;
- salen = sizeof(struct sockaddr_in6);
- break;
-#endif
- default:
- goto out;
- }
-
- if (!seed) {
- struct timeval tv;
-
- gettimeofday(&tv, NULL);
- seed = tv.tv_usec * getpid();
- }
- port = (rand_r(&seed) % NPORTS) + LOWPORT;
- for (i = 0; i < NPORTS; ++i) {
- *portp = htons(port++);
- res = bind(fd, sap, salen);
- if (res >= 0) {
- res = 0;
- break;
- }
- if (errno != EADDRINUSE)
- break;
- if (port > ENDPORT)
- port = LOWPORT;
- }
-
-out:
- mutex_unlock(&port_lock);
- return res;
-}
diff --git a/src/clnt_generic.c b/src/clnt_generic.c
index e5a314f..3f3dabf 100644
--- a/src/clnt_generic.c
+++ b/src/clnt_generic.c
@@ -47,7 +47,6 @@
extern bool_t __rpc_is_local_host(const char *);
int __rpc_raise_fd(int);
-extern int __binddynport(int fd);
#ifndef NETIDLEN
#define NETIDLEN 32
@@ -341,8 +340,7 @@ clnt_tli_create(int fd, const struct netconfig *nconf,
servtype = nconf->nc_semantics;
if (!__rpc_fd2sockinfo(fd, &si))
goto err;
- if (__binddynport(fd) == -1)
- goto err;
+ bindresvport(fd, NULL);
} else {
if (!__rpc_fd2sockinfo(fd, &si))
goto err;
diff --git a/src/rpc_soc.c b/src/rpc_soc.c
index af6c482..ed0892a 100644
--- a/src/rpc_soc.c
+++ b/src/rpc_soc.c
@@ -67,8 +67,6 @@
extern mutex_t rpcsoc_lock;
-extern int __binddynport(int fd);
-
static CLIENT *clnt_com_create(struct sockaddr_in *, rpcprog_t, rpcvers_t,
int *, u_int, u_int, char *, int);
static SVCXPRT *svc_com_create(int, u_int, u_int, char *);
@@ -147,8 +145,7 @@ clnt_com_create(raddr, prog, vers, sockp, sendsz, recvsz, tp, flags)
bindaddr.maxlen = bindaddr.len = sizeof (struct sockaddr_in);
bindaddr.buf = raddr;
- if (__binddynport(fd) == -1)
- goto err;
+ bindresvport(fd, NULL);
cl = clnt_tli_create(fd, nconf, &bindaddr, prog, vers,
sendsz, recvsz);
if (cl) {
@@ -316,6 +313,7 @@ svc_com_create(fd, sendsize, recvsize, netid)
SVCXPRT *svc;
int madefd = FALSE;
int port;
+ struct sockaddr_in sin;
if ((nconf = __rpc_getconfip(netid)) == NULL) {
(void) syslog(LOG_ERR, "Could not get %s transport", netid);
@@ -332,6 +330,10 @@ svc_com_create(fd, sendsize, recvsize, netid)
madefd = TRUE;
}
+ memset(&sin, 0, sizeof sin);
+ sin.sin_family = AF_INET;
+ bindresvport(fd, &sin);
+ listen(fd, SOMAXCONN);
svc = svc_tli_create(fd, nconf, NULL, sendsize, recvsize);
(void) freenetconfigent(nconf);
if (svc == NULL) {
diff --git a/src/svc_generic.c b/src/svc_generic.c
index 52a56c2..7aae796 100644
--- a/src/svc_generic.c
+++ b/src/svc_generic.c
@@ -53,7 +53,6 @@
#include <rpc/svc.h>
extern int __svc_vc_setflag(SVCXPRT *, int);
-extern int __binddynport(int fd);
/*
* The highest level interface for server creation.
@@ -221,10 +220,15 @@ svc_tli_create(fd, nconf, bindaddr, sendsz, recvsz)
*/
if (madefd || !__rpc_sockisbound(fd)) {
if (bindaddr == NULL) {
- if (__binddynport(fd) == -1) {
- warnx(
+ if (bindresvport(fd, NULL) < 0) {
+ memset(&ss, 0, sizeof ss);
+ ss.ss_family = si.si_af;
+ if (bind(fd, (struct sockaddr *)(void *)&ss,
+ (socklen_t)si.si_alen) < 0) {
+ warnx(
"svc_tli_create: could not bind to anonymous port");
- goto freedata;
+ goto freedata;
+ }
}
listen(fd, SOMAXCONN);
} else {

170
libtirpc-1-1-5-rc1.patch Normal file
View File

@ -0,0 +1,170 @@
git diff libtirpc-1-1-4..libtirpc-1-1-5-rc1
Commits:
e49077d clnt_vc.c: remove a false positive from a covscan
4d2ceca svc_simple.c: resource_leak
92d4b35 svc_generic.c: resource_leak
3b2e537 rtime.c: resource_leak
830e3f6 rpcb_clnt.c: resource_leak
c0885a7 rpc_soc.c: buffer_size_warning
6db7f04 rpc_soc.c: resource_leak
710a713 rpc_generic.c: resource_leak
57d1529 getnetpath.c: resource_leak
a1fae25 getnetconfig.c: cppcheck_warning
55d1460 clnt_vc.c: resource_leak
757f379 clnt_bcast.c: resource_leak
489dd50 auth_gss.c: buffer_size_warning
25fdba9 auth_gss.c: resource_leak
Signed-off-by: Petr Vorel <pvorel@suse.cz>
diff --git a/src/auth_gss.c b/src/auth_gss.c
index 5959893..7d08262 100644
--- a/src/auth_gss.c
+++ b/src/auth_gss.c
@@ -207,6 +207,7 @@ authgss_create(CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec)
rpc_createerr.cf_stat = RPC_SYSTEMERROR;
rpc_createerr.cf_error.re_errno = ENOMEM;
free(auth);
+ free(gd);
return (NULL);
}
}
@@ -592,7 +593,7 @@ _rpc_gss_refresh(AUTH *auth, rpc_gss_options_ret_t *options_ret)
if (rpc_gss_oid_to_mech(actual_mech_type, &mechanism)) {
strncpy(options_ret->actual_mechanism,
mechanism,
- sizeof(options_ret->actual_mechanism));
+ (sizeof(options_ret->actual_mechanism)-1));
}
gd->established = TRUE;
diff --git a/src/clnt_bcast.c b/src/clnt_bcast.c
index 98cf061..2ad6c89 100644
--- a/src/clnt_bcast.c
+++ b/src/clnt_bcast.c
@@ -330,6 +330,7 @@ rpc_broadcast_exp(prog, vers, proc, xargs, argsp, xresults, resultsp,
if (nettype == NULL)
nettype = "datagram_n";
if ((handle = __rpc_setconf(nettype)) == NULL) {
+ AUTH_DESTROY(sys_auth);
return (RPC_UNKNOWNPROTO);
}
while ((nconf = __rpc_getconf(handle)) != NULL) {
diff --git a/src/getnetconfig.c b/src/getnetconfig.c
index 92e7c43..d67d97d 100644
--- a/src/getnetconfig.c
+++ b/src/getnetconfig.c
@@ -709,6 +709,8 @@ struct netconfig *ncp;
p->nc_lookups = (char **)malloc((size_t)(p->nc_nlookups+1) * sizeof(char *));
if (p->nc_lookups == NULL) {
free(p->nc_netid);
+ free(p);
+ free(tmp);
return(NULL);
}
for (i=0; i < p->nc_nlookups; i++) {
diff --git a/src/getnetpath.c b/src/getnetpath.c
index 7c19932..ea1a18c 100644
--- a/src/getnetpath.c
+++ b/src/getnetpath.c
@@ -88,6 +88,7 @@ setnetpath()
}
if ((np_sessionp->nc_handlep = setnetconfig()) == NULL) {
syslog (LOG_ERR, "rpc: failed to open " NETCONFIG);
+ free(np_sessionp);
return (NULL);
}
np_sessionp->valid = NP_VALID;
diff --git a/src/rpc_generic.c b/src/rpc_generic.c
index 589cbd5..51f36ac 100644
--- a/src/rpc_generic.c
+++ b/src/rpc_generic.c
@@ -319,6 +319,7 @@ __rpc_setconf(nettype)
handle->nflag = FALSE;
break;
default:
+ free(handle);
return (NULL);
}
diff --git a/src/rpc_soc.c b/src/rpc_soc.c
index 5a6eeb7..a85cb17 100644
--- a/src/rpc_soc.c
+++ b/src/rpc_soc.c
@@ -663,15 +663,17 @@ svcunix_create(sock, sendsize, recvsize, path)
strcmp(nconf->nc_protofmly, NC_LOOPBACK) == 0)
break;
}
- if (nconf == NULL)
+ if (nconf == NULL) {
+ endnetconfig(localhandle);
return(xprt);
+ }
if ((sock = __rpc_nconf2fd(nconf)) < 0)
goto done;
memset(&sun, 0, sizeof sun);
sun.sun_family = AF_LOCAL;
- strncpy(sun.sun_path, path, sizeof(sun.sun_path));
+ strncpy(sun.sun_path, path, (sizeof(sun.sun_path)-1));
addrlen = sizeof(struct sockaddr_un);
sa = (struct sockaddr *)&sun;
@@ -692,6 +694,8 @@ svcunix_create(sock, sendsize, recvsize, path)
}
xprt = (SVCXPRT *)svc_tli_create(sock, nconf, &taddr, sendsize, recvsize);
+ if (xprt == NULL)
+ close(sock);
done:
endnetconfig(localhandle);
diff --git a/src/rpcb_clnt.c b/src/rpcb_clnt.c
index e45736a..0c34cb7 100644
--- a/src/rpcb_clnt.c
+++ b/src/rpcb_clnt.c
@@ -547,6 +547,7 @@ try_nconf:
if (tmpnconf == NULL) {
rpc_createerr.cf_stat = RPC_UNKNOWNPROTO;
mutex_unlock(&loopnconf_lock);
+ endnetconfig(nc_handle);
return (NULL);
}
loopnconf = getnetconfigent(tmpnconf->nc_netid);
diff --git a/src/rtime.c b/src/rtime.c
index b642840..29fbf0a 100644
--- a/src/rtime.c
+++ b/src/rtime.c
@@ -90,6 +90,7 @@ rtime(addrp, timep, timeout)
/* TCP and UDP port are the same in this case */
if ((serv = getservbyname("time", "tcp")) == NULL) {
+ do_close(s);
return(-1);
}
diff --git a/src/svc_generic.c b/src/svc_generic.c
index 52a56c2..20abaa2 100644
--- a/src/svc_generic.c
+++ b/src/svc_generic.c
@@ -113,6 +113,7 @@ svc_create(dispatch, prognum, versnum, nettype)
if (l == NULL) {
warnx("svc_create: no memory");
mutex_unlock(&xprtlist_lock);
+ __rpc_endconf(handle);
return (0);
}
l->xprt = xprt;
diff --git a/src/svc_simple.c b/src/svc_simple.c
index cb58002..c32fe0a 100644
--- a/src/svc_simple.c
+++ b/src/svc_simple.c
@@ -157,6 +157,7 @@ rpc_reg(prognum, versnum, procnum, progname, inproc, outproc, nettype)
((netid = strdup(nconf->nc_netid)) == NULL)) {
warnx(rpc_reg_err, rpc_reg_msg, __no_mem_str);
SVC_DESTROY(svcxprt);
+ free(xdrbuf);
break;
}
madenow = TRUE;

148
libtirpc-1-1-5-rc2.patch Normal file
View File

@ -0,0 +1,148 @@
git diff libtirpc-1-1-5-rc1..libtirpc-1-1-5-rc2
Commits:
3a17941 Fix EOF detection on non-blocking socket
e80e668 getrpcent.c: fix typo
9e738df __getpublickey_real: Removed a warning
959b200 getnetconfig.c: fix a BAD_FREE (CWE-763)
Signed-off-by: Petr Vorel <pvorel@suse.cz>
diff --git a/src/getnetconfig.c b/src/getnetconfig.c
index d67d97d..cfd33c2 100644
--- a/src/getnetconfig.c
+++ b/src/getnetconfig.c
@@ -681,6 +681,7 @@ struct netconfig *ncp;
{
struct netconfig *p;
char *tmp;
+ char *t;
u_int i;
if ((tmp=malloc(MAXNETCONFIGLINE)) == NULL)
@@ -700,22 +701,21 @@ struct netconfig *ncp;
*/
*p = *ncp;
p->nc_netid = (char *)strcpy(tmp,ncp->nc_netid);
- tmp = strchr(tmp, 0) + 1;
- p->nc_protofmly = (char *)strcpy(tmp,ncp->nc_protofmly);
- tmp = strchr(tmp, 0) + 1;
- p->nc_proto = (char *)strcpy(tmp,ncp->nc_proto);
- tmp = strchr(tmp, 0) + 1;
- p->nc_device = (char *)strcpy(tmp,ncp->nc_device);
+ t = strchr(tmp, 0) + 1;
+ p->nc_protofmly = (char *)strcpy(t,ncp->nc_protofmly);
+ t = strchr(t, 0) + 1;
+ p->nc_proto = (char *)strcpy(t,ncp->nc_proto);
+ t = strchr(t, 0) + 1;
+ p->nc_device = (char *)strcpy(t,ncp->nc_device);
p->nc_lookups = (char **)malloc((size_t)(p->nc_nlookups+1) * sizeof(char *));
if (p->nc_lookups == NULL) {
- free(p->nc_netid);
free(p);
free(tmp);
return(NULL);
}
for (i=0; i < p->nc_nlookups; i++) {
- tmp = strchr(tmp, 0) + 1;
- p->nc_lookups[i] = (char *)strcpy(tmp,ncp->nc_lookups[i]);
+ t = strchr(t, 0) + 1;
+ p->nc_lookups[i] = (char *)strcpy(t,ncp->nc_lookups[i]);
}
return(p);
}
diff --git a/src/getpublickey.c b/src/getpublickey.c
index 8cf4dc2..be37a24 100644
--- a/src/getpublickey.c
+++ b/src/getpublickey.c
@@ -74,7 +74,7 @@ __getpublickey_real(netname, publickey)
return (0);
}
*p = '\0';
- (void) strncpy(publickey, lookup, HEXKEYBYTES);
+ memcpy(publickey, lookup, HEXKEYBYTES);
publickey[HEXKEYBYTES] = '\0';
return (1);
}
diff --git a/src/getrpcent.c b/src/getrpcent.c
index cba4cd8..e49dc05 100644
--- a/src/getrpcent.c
+++ b/src/getrpcent.c
@@ -100,7 +100,7 @@ _rpcdata()
return (d);
}
-#if !HAVE_GETRPCBYNYMBER
+#if !HAVE_GETRPCBYNUMBER
struct rpcent *
getrpcbynumber(number)
int number;
diff --git a/src/svc_vc.c b/src/svc_vc.c
index 97a76a3..c23cd36 100644
--- a/src/svc_vc.c
+++ b/src/svc_vc.c
@@ -502,9 +502,14 @@ read_vc(xprtp, buf, len)
cfp = (struct cf_conn *)xprt->xp_p1;
if (cfp->nonblock) {
+ /* Since len == 0 is returned on zero length
+ * read or EOF errno needs to be reset before
+ * the read
+ */
+ errno = 0;
len = read(sock, buf, (size_t)len);
if (len < 0) {
- if (errno == EAGAIN)
+ if (errno == EAGAIN || errno == EWOULDBLOCK)
len = 0;
else
goto fatal_err;
diff --git a/src/xdr_rec.c b/src/xdr_rec.c
index 7d535cf..676cc82 100644
--- a/src/xdr_rec.c
+++ b/src/xdr_rec.c
@@ -61,6 +61,7 @@
#include <rpc/svc.h>
#include <rpc/clnt.h>
#include <stddef.h>
+#include <errno.h>
#include "rpc_com.h"
static bool_t xdrrec_getlong(XDR *, long *);
static bool_t xdrrec_putlong(XDR *, const long *);
@@ -537,7 +538,13 @@ __xdrrec_getrec(xdrs, statp, expectdata)
n = rstrm->readit(rstrm->tcp_handle, rstrm->in_hdrp,
(int)sizeof (rstrm->in_header) - rstrm->in_hdrlen);
if (n == 0) {
- *statp = expectdata ? XPRT_DIED : XPRT_IDLE;
+ /* EAGAIN or EWOULDBLOCK means a zero length
+ * read not an EOF.
+ */
+ if (errno == EAGAIN || errno == EWOULDBLOCK)
+ *statp = XPRT_IDLE;
+ else
+ *statp = expectdata ? XPRT_DIED : XPRT_IDLE;
return FALSE;
}
if (n < 0) {
@@ -564,6 +571,7 @@ __xdrrec_getrec(xdrs, statp, expectdata)
rstrm->in_header &= ~LAST_FRAG;
rstrm->last_frag = TRUE;
}
+ rstrm->in_haveheader = 1;
}
n = rstrm->readit(rstrm->tcp_handle,
@@ -576,7 +584,13 @@ __xdrrec_getrec(xdrs, statp, expectdata)
}
if (n == 0) {
- *statp = expectdata ? XPRT_DIED : XPRT_IDLE;
+ /* EAGAIN or EWOULDBLOCK means a zero length
+ * read not an EOF.
+ */
+ if (errno == EAGAIN || errno == EWOULDBLOCK)
+ *statp = XPRT_IDLE;
+ else
+ *statp = expectdata ? XPRT_DIED : XPRT_IDLE;
return FALSE;
}

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:86c3a78fc1bddefa96111dd233124c703b22a78884203c55c3e06b3be6a0fd5e
size 509831

3
libtirpc-1.1.4.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2ca529f02292e10c158562295a1ffd95d2ce8af97820e3534fe1b0e3aec7561d
size 510924

View File

@ -1,3 +1,39 @@
-------------------------------------------------------------------
Tue Nov 12 10:24:59 UTC 2019 - Petr Vorel <pvorel@suse.cz>
- Fix previous version:
- actually delete
0001-xdrstdio_create-buffers-do-not-output-encoded-values.patch
- use 0001-Makefile.am-Use-LIBADD-instead-of-LDFLAGS-to-link-ag.patch
- use 0002-man-rpc_secure.3t-Fix-typo-in-manpage.patch (renamed from
0003-man-rpc_secure.3t-Fix-typo-in-manpage.patch)
- use 0003-xdr-add-a-defensive-mask-in-xdr_int64_t-and-xdr_u_in.patch
(renamed from
0004-xdr-add-a-defensive-mask-in-xdr_int64_t-and-xdr_u_in.patch)
-------------------------------------------------------------------
Wed Oct 16 11:46:28 UTC 2019 - Petr Vorel <pvorel@suse.cz>
- Updated to libtirpc 1.1.5 rc2 (this includes changes in 1.1.4 release)
- add libtirpc-1-1-5-rc1.patch and libtirpc-1-1-5-rc2.patch to reflect
upstream changes after 1.1.4 release
- remove /etc/bindresvport.blacklist as it's still supported by glibc
although it's not compiled with --enable-obsolete-rpc
- Drop patches accepted in previous releases or not needed
- 000-bindresvport_blacklist.patch (accepted in 5b037cc9, libtirpc 1.1.4)
- 001-new-rpcbindsock-path.patch (not needed, rpcbind now uses /var/run directory)
- 002-revert-binddynport.patch (fixed in 2802259, libtirpc-1-0-4-rc1)
- 0001-Fix-regression-introduced-by-change-rpc-version-orde.patch
(backport of 25d38d7, libtirpc-1-0-4-rc1)
- 0001-xdrstdio_create-buffers-do-not-output-encoded-values.patch
(backport of 145272c, libtirpc-1-0-4-rc2)
- Add fixes from upcomming release
- 0001-Makefile.am-Use-LIBADD-instead-of-LDFLAGS-to-link-ag.patch
- 0003-man-rpc_secure.3t-Fix-typo-in-manpage.patch
- 0004-xdr-add-a-defensive-mask-in-xdr_int64_t-and-xdr_u_in.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Mar 11 15:23:12 UTC 2019 - Michal Suchanek <msuchanek@suse.de> Mon Mar 11 15:23:12 UTC 2019 - Michal Suchanek <msuchanek@suse.de>

View File

@ -18,7 +18,7 @@
Name: libtirpc Name: libtirpc
# src/crypt_client.c and tirpc/rpcsvc/crypt.x have the BSD advertising clause # src/crypt_client.c and tirpc/rpcsvc/crypt.x have the BSD advertising clause
Version: 1.0.3 Version: 1.1.4
Release: 0 Release: 0
Summary: Transport Independent RPC Library Summary: Transport Independent RPC Library
License: BSD-3-Clause License: BSD-3-Clause
@ -34,13 +34,11 @@ BuildRequires: pkg-config
Url: https://sourceforge.net/projects/libtirpc/ Url: https://sourceforge.net/projects/libtirpc/
Source: %{name}-%{version}.tar.bz2 Source: %{name}-%{version}.tar.bz2
Source1: baselibs.conf Source1: baselibs.conf
Patch0: 000-bindresvport_blacklist.patch Patch0: libtirpc-1-1-5-rc1.patch
# only needed on openSUSE >= 13.1, SLE >= 12 Patch1: libtirpc-1-1-5-rc2.patch
Patch1: 001-new-rpcbindsock-path.patch Patch2: 0001-Makefile.am-Use-LIBADD-instead-of-LDFLAGS-to-link-ag.patch
# Revert upstream change until tirpc 1.0.4 with a final solutions comes out Patch3: 0002-man-rpc_secure.3t-Fix-typo-in-manpage.patch
Patch2: 002-revert-binddynport.patch Patch4: 0003-xdr-add-a-defensive-mask-in-xdr_int64_t-and-xdr_u_in.patch
Patch3: 0001-Fix-regression-introduced-by-change-rpc-version-orde.patch
Patch16: 0001-xdrstdio_create-buffers-do-not-output-encoded-values.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
%define debug_package_requires libtirpc3 = %{version}-%{release} %define debug_package_requires libtirpc3 = %{version}-%{release}
@ -85,13 +83,11 @@ TCP over IPv4.
%prep %prep
%setup -q -n %name-%version %setup -q -n %name-%version
%patch0 -p0 %patch0 -p1
%if 0%{suse_version} >= 1310
%patch1 -p1 %patch1 -p1
%endif
%patch2 -p1 %patch2 -p1
%patch3 -p1 %patch3 -p1
%patch16 -p1 %patch4 -p1
%build %build
sed -i -e 's|@includedir@/tirpc|@includedir@|g' libtirpc.pc.in sed -i -e 's|@includedir@/tirpc|@includedir@|g' libtirpc.pc.in
@ -118,6 +114,7 @@ mv -v %{buildroot}/%{_lib}/pkgconfig %{buildroot}/%{_libdir}
# they are now default # they are now default
mv -v %{buildroot}%{_includedir}/tirpc/* %{buildroot}%{_includedir} mv -v %{buildroot}%{_includedir}/tirpc/* %{buildroot}%{_includedir}
rmdir %{buildroot}%{_includedir}/tirpc rmdir %{buildroot}%{_includedir}/tirpc
rm -v %{buildroot}/etc/bindresvport.blacklist
%post -n libtirpc3 -p /sbin/ldconfig %post -n libtirpc3 -p /sbin/ldconfig