forked from pool/libtirpc
167c8f44ce
- Fix HAVE_AUTHDES/HAVE_GSSAPI in public header files (001-tirpc-features.patch) - Update to official release 0.3.0. authdes was disabled by default upstream. - Following patches were merged: - 001-symbol-versions-v5.patch - 003-add-des_crypt.diff - Remove 002-old-automake.patch, not needed anymore - Update 001-symbol-versions-v4.patch with 001-symbol-versions-v5.patch: Add --disable-symvers option - Update 003-add-des_crypt.diff, fix unresolved des functions - Update to git - Add 003-add-des_crypt.diff to fix unresolved *_crypt() functions - Disable gssapi for SLE11, kerberos version is too old - rpc/rpc.h requires now indirectly gssapi.h from krb5-devel - Update to current git. - The following patches were accepted upstream: - 003-xdr_h-fix.patch - 005-disable-rpcent.patch - 006-no-libnsl.patch - patch1_7.diff - patch2_7.diff - patch3_7.diff OBS-URL: https://build.opensuse.org/request/show/305737 OBS-URL: https://build.opensuse.org/package/show/Base:System/libtirpc?expand=0&rev=43
136 lines
2.8 KiB
Diff
136 lines
2.8 KiB
Diff
From: Olaf Kirch <okir@suse.de>
|
|
Subject: make libtirpc honor /etc/bindresvport.blacklist
|
|
|
|
Signed-off-by: Olaf Kirch <okir@suse.de>
|
|
|
|
--- src/bindresvport.c 2015-04-23 21:22:56.986448281 +0200
|
|
+++ src/bindresvport.c 2015-04-23 21:48:06.501561665 +0200
|
|
@@ -39,7 +39,10 @@
|
|
#include <netdb.h>
|
|
#include <netinet/in.h>
|
|
|
|
+#include <stdio.h>
|
|
+#include <ctype.h>
|
|
#include <errno.h>
|
|
+#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <unistd.h>
|
|
|
|
@@ -68,6 +71,80 @@
|
|
#define ENDPORT (IPPORT_RESERVED - 1)
|
|
#define NPORTS (ENDPORT - STARTPORT + 1)
|
|
|
|
+/*
|
|
+ * Read the file /etc/bindresvport.blacklist, so that we don't bind
|
|
+ * to these ports.
|
|
+ */
|
|
+
|
|
+static int blacklist_read;
|
|
+static int *list;
|
|
+static int list_size = 0;
|
|
+
|
|
+static void
|
|
+load_blacklist (void)
|
|
+{
|
|
+ FILE *fp;
|
|
+ char *buf = NULL;
|
|
+ size_t buflen = 0;
|
|
+ int size = 0, ptr = 0;
|
|
+
|
|
+ blacklist_read = 1;
|
|
+
|
|
+ fp = fopen ("/etc/bindresvport.blacklist", "r");
|
|
+ if (NULL == fp)
|
|
+ return;
|
|
+
|
|
+ while (!feof (fp))
|
|
+ {
|
|
+ unsigned long port;
|
|
+ char *tmp, *cp;
|
|
+ ssize_t n = getline (&buf, &buflen, fp);
|
|
+ if (n < 1)
|
|
+ break;
|
|
+
|
|
+ cp = buf;
|
|
+ tmp = strchr (cp, '#'); /* remove comments */
|
|
+ if (tmp)
|
|
+ *tmp = '\0';
|
|
+ while (isspace ((int)*cp)) /* remove spaces and tabs */
|
|
+ ++cp;
|
|
+ if (*cp == '\0') /* ignore empty lines */
|
|
+ continue;
|
|
+ if (cp[strlen (cp) - 1] == '\n')
|
|
+ cp[strlen (cp) - 1] = '\0';
|
|
+
|
|
+ port = strtoul (cp, &tmp, 0);
|
|
+ while (isspace(*tmp))
|
|
+ ++tmp;
|
|
+ if (*tmp != '\0' || (port == ULONG_MAX && errno == ERANGE))
|
|
+ continue;
|
|
+
|
|
+ /* Don't bother with out-of-range ports */
|
|
+ if (port < LOWPORT || port > ENDPORT)
|
|
+ continue;
|
|
+
|
|
+ if (ptr >= size)
|
|
+ {
|
|
+ size += 10;
|
|
+ list = realloc (list, size * sizeof (int));
|
|
+ if (list == NULL)
|
|
+ {
|
|
+ free (buf);
|
|
+ return;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ list[ptr++] = port;
|
|
+ }
|
|
+
|
|
+ fclose (fp);
|
|
+
|
|
+ if (buf)
|
|
+ free (buf);
|
|
+
|
|
+ list_size = ptr;
|
|
+}
|
|
+
|
|
int
|
|
bindresvport_sa(sd, sa)
|
|
int sd;
|
|
@@ -87,6 +164,9 @@
|
|
int endport = ENDPORT;
|
|
int i;
|
|
|
|
+ if (!blacklist_read)
|
|
+ load_blacklist();
|
|
+
|
|
mutex_lock(&port_lock);
|
|
nports = ENDPORT - startport + 1;
|
|
|
|
@@ -132,12 +212,21 @@
|
|
errno = EADDRINUSE;
|
|
again:
|
|
for (i = 0; i < nports; ++i) {
|
|
- *portp = htons(port++);
|
|
- if (port > endport)
|
|
- port = startport;
|
|
- res = bind(sd, sa, salen);
|
|
+ int j;
|
|
+
|
|
+ /* Check if this port is not blacklisted. */
|
|
+ for (j = 0; j < list_size; j++)
|
|
+ if (port == list[j])
|
|
+ goto try_next_port;
|
|
+
|
|
+ *portp = htons(port);
|
|
+ res = bind(sd, sa, salen);
|
|
if (res >= 0 || errno != EADDRINUSE)
|
|
break;
|
|
+
|
|
+try_next_port:
|
|
+ if (++port > endport)
|
|
+ port = startport;
|
|
}
|
|
if (i == nports && startport != LOWPORT) {
|
|
startport = LOWPORT;
|