SHA256
1
0
forked from pool/libtirpc
libtirpc/000-bindresvport_blacklist.patch
Cristian Rodríguez 167c8f44ce Accepting request 305737 from home:kukuk:NIS
- Fix HAVE_AUTHDES/HAVE_GSSAPI in public header files
  (001-tirpc-features.patch)

- Update to official release 0.3.0. authdes was disabled by default
  upstream.
- Following patches were merged:
  - 001-symbol-versions-v5.patch
  - 003-add-des_crypt.diff
- Remove 002-old-automake.patch, not needed anymore

- Update 001-symbol-versions-v4.patch with
  001-symbol-versions-v5.patch: Add --disable-symvers option

- Update 003-add-des_crypt.diff, fix unresolved des functions

- Update to git
- Add 003-add-des_crypt.diff to fix unresolved *_crypt() functions

- Disable gssapi for SLE11, kerberos version is too old

- rpc/rpc.h requires now indirectly gssapi.h from krb5-devel

- Update to current git.
- The following patches were accepted upstream:
  - 003-xdr_h-fix.patch
  - 005-disable-rpcent.patch
  - 006-no-libnsl.patch
  - patch1_7.diff
  - patch2_7.diff
  - patch3_7.diff

OBS-URL: https://build.opensuse.org/request/show/305737
OBS-URL: https://build.opensuse.org/package/show/Base:System/libtirpc?expand=0&rev=43
2015-05-07 19:52:27 +00:00

136 lines
2.8 KiB
Diff

From: Olaf Kirch <okir@suse.de>
Subject: make libtirpc honor /etc/bindresvport.blacklist
Signed-off-by: Olaf Kirch <okir@suse.de>
--- src/bindresvport.c 2015-04-23 21:22:56.986448281 +0200
+++ src/bindresvport.c 2015-04-23 21:48:06.501561665 +0200
@@ -39,7 +39,10 @@
#include <netdb.h>
#include <netinet/in.h>
+#include <stdio.h>
+#include <ctype.h>
#include <errno.h>
+#include <stdlib.h>
#include <string.h>
#include <unistd.h>
@@ -68,6 +71,80 @@
#define ENDPORT (IPPORT_RESERVED - 1)
#define NPORTS (ENDPORT - STARTPORT + 1)
+/*
+ * Read the file /etc/bindresvport.blacklist, so that we don't bind
+ * to these ports.
+ */
+
+static int blacklist_read;
+static int *list;
+static int list_size = 0;
+
+static void
+load_blacklist (void)
+{
+ FILE *fp;
+ char *buf = NULL;
+ size_t buflen = 0;
+ int size = 0, ptr = 0;
+
+ blacklist_read = 1;
+
+ fp = fopen ("/etc/bindresvport.blacklist", "r");
+ if (NULL == fp)
+ return;
+
+ while (!feof (fp))
+ {
+ unsigned long port;
+ char *tmp, *cp;
+ ssize_t n = getline (&buf, &buflen, fp);
+ if (n < 1)
+ break;
+
+ cp = buf;
+ tmp = strchr (cp, '#'); /* remove comments */
+ if (tmp)
+ *tmp = '\0';
+ while (isspace ((int)*cp)) /* remove spaces and tabs */
+ ++cp;
+ if (*cp == '\0') /* ignore empty lines */
+ continue;
+ if (cp[strlen (cp) - 1] == '\n')
+ cp[strlen (cp) - 1] = '\0';
+
+ port = strtoul (cp, &tmp, 0);
+ while (isspace(*tmp))
+ ++tmp;
+ if (*tmp != '\0' || (port == ULONG_MAX && errno == ERANGE))
+ continue;
+
+ /* Don't bother with out-of-range ports */
+ if (port < LOWPORT || port > ENDPORT)
+ continue;
+
+ if (ptr >= size)
+ {
+ size += 10;
+ list = realloc (list, size * sizeof (int));
+ if (list == NULL)
+ {
+ free (buf);
+ return;
+ }
+ }
+
+ list[ptr++] = port;
+ }
+
+ fclose (fp);
+
+ if (buf)
+ free (buf);
+
+ list_size = ptr;
+}
+
int
bindresvport_sa(sd, sa)
int sd;
@@ -87,6 +164,9 @@
int endport = ENDPORT;
int i;
+ if (!blacklist_read)
+ load_blacklist();
+
mutex_lock(&port_lock);
nports = ENDPORT - startport + 1;
@@ -132,12 +212,21 @@
errno = EADDRINUSE;
again:
for (i = 0; i < nports; ++i) {
- *portp = htons(port++);
- if (port > endport)
- port = startport;
- res = bind(sd, sa, salen);
+ int j;
+
+ /* Check if this port is not blacklisted. */
+ for (j = 0; j < list_size; j++)
+ if (port == list[j])
+ goto try_next_port;
+
+ *portp = htons(port);
+ res = bind(sd, sa, salen);
if (res >= 0 || errno != EADDRINUSE)
break;
+
+try_next_port:
+ if (++port > endport)
+ port = startport;
}
if (i == nports && startport != LOWPORT) {
startport = LOWPORT;