6 Oct
2008
6 Oct
'08
16:14
Hello community, here is the log from the commit of package libtirpc checked in at Mon Oct 6 18:14:39 CEST 2008. -------- --- libtirpc/libtirpc.changes 2008-09-02 19:05:21.000000000 +0200 +++ /mounts/work_src_done/STABLE/libtirpc/libtirpc.changes 2008-10-01 12:35:39.000000000 +0200 @@ -1,0 +2,12 @@ +Wed Oct 1 12:32:45 CEST 2008 - mkoenig@suse.de + +- add recent patches from git which fix some more bugs + * fix __rpc_getconfip + * fix getpeereid + * svc_getcaller_netbuf macro seems broken + * introduce __rpc_set_netbuf helper + * kill map_ipv4_to_ipv6 + * Fix xp_raddr handling in svc_fd_create etc + * fix for taddr2addr conversion bug of local addresses [bnc#426883] + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- libtirpc-0.1.7-overflow_fix.patch libtirpc-0.1.9-fix_broadcast.patch libtirpc-0.1.9-ipv6_sockets_v6only.patch libtirpc-0.1.9-lib_version.patch New: ---- libtirpc-0.1.9-0001-Fix-incorrect-sizeof-in-__rpc_getbroadifs.patch libtirpc-0.1.9-0002-Always-make-IPv6-sockets-V6ONLY.patch libtirpc-0.1.9-0003-Fix-for-taddr2addr-conversion-bug-of-local-addresses.patch libtirpc-0.1.9-0004--Fixed-version-info-in-src-Makefile.am-to-reflect-t.patch libtirpc-0.1.9-0005-Fix-xp_raddr-handling-in-svc_fd_create-etc.patch libtirpc-0.1.9-0006-Kill-map_ipv4_to_ipv6.patch libtirpc-0.1.9-0007-Introduce-__rpc_set_netbuf-helper.patch libtirpc-0.1.9-0008-svc_getcaller_netbuf-macro-seems-broken.patch libtirpc-0.1.9-0009-Fix-getpeereid.patch libtirpc-0.1.9-0010-Fix-__rpc_getconfip.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libtirpc.spec ++++++ --- /var/tmp/diff_new_pack.Z28783/_old 2008-10-06 18:13:12.000000000 +0200 +++ /var/tmp/diff_new_pack.Z28783/_new 2008-10-06 18:13:12.000000000 +0200 @@ -24,15 +24,23 @@ Group: System/Libraries AutoReqProv: on Version: 0.1.9 -Release: 1 +Release: 2 Summary: Transport Independent RPC Library Url: http://nfsv4.bullopensource.org/doc/tirpc_rpcbind.php Source: %{name}-%{version}.tar.bz2 +# patches from git +Patch1: libtirpc-0.1.9-0001-Fix-incorrect-sizeof-in-__rpc_getbroadifs.patch +Patch2: libtirpc-0.1.9-0002-Always-make-IPv6-sockets-V6ONLY.patch +Patch3: libtirpc-0.1.9-0003-Fix-for-taddr2addr-conversion-bug-of-local-addresses.patch +Patch4: libtirpc-0.1.9-0004--Fixed-version-info-in-src-Makefile.am-to-reflect-t.patch +Patch5: libtirpc-0.1.9-0005-Fix-xp_raddr-handling-in-svc_fd_create-etc.patch +Patch6: libtirpc-0.1.9-0006-Kill-map_ipv4_to_ipv6.patch +Patch7: libtirpc-0.1.9-0007-Introduce-__rpc_set_netbuf-helper.patch +Patch8: libtirpc-0.1.9-0008-svc_getcaller_netbuf-macro-seems-broken.patch +Patch9: libtirpc-0.1.9-0009-Fix-getpeereid.patch +Patch10: libtirpc-0.1.9-0010-Fix-__rpc_getconfip.patch +# Patch20: libtirpc-0.1.7-use_sysconfdir.patch -Patch21: libtirpc-0.1.7-overflow_fix.patch -Patch24: libtirpc-0.1.9-fix_broadcast.patch -Patch25: libtirpc-0.1.9-ipv6_sockets_v6only.patch -Patch26: libtirpc-0.1.9-lib_version.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %define debug_package_requires libtirpc1 = %{version} @@ -88,11 +96,17 @@ %prep %setup +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 +%patch10 -p1 %patch20 -p1 -%patch21 -p1 -%patch24 -p1 -%patch25 -p1 -%patch26 -p1 %build autoreconf -fi @@ -138,6 +152,15 @@ %{_mandir}/man3/* %changelog +* Wed Oct 01 2008 mkoenig@suse.de +- add recent patches from git which fix some more bugs + * fix __rpc_getconfip + * fix getpeereid + * svc_getcaller_netbuf macro seems broken + * introduce __rpc_set_netbuf helper + * kill map_ipv4_to_ipv6 + * Fix xp_raddr handling in svc_fd_create etc + * fix for taddr2addr conversion bug of local addresses [bnc#426883] * Tue Sep 02 2008 mkoenig@suse.de - update to version 0.1.9 * several bugfixes ++++++ libtirpc-0.1.9-0001-Fix-incorrect-sizeof-in-__rpc_getbroadifs.patch ++++++ >From 95c8f7227e6b15f2e430d7b87dadc95b2acd4a61 Mon Sep 17 00:00:00 2001 From: Olaf KirchDate: Tue, 2 Sep 2008 12:09:39 -0400 Subject: [PATCH] Fix incorrect sizeof() in __rpc_getbroadifs __rpc_getbroadifs returns bad broadcast addresses on 32bit machines because when copying the broadcast addresses, ite applies the sizeof() operator to a pointer to a sockaddr, rather than the sockaddr itself. Signed-off-by: Olaf Kirch Signed-off-by: Steve Dickson --- src/clnt_bcast.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/clnt_bcast.c b/src/clnt_bcast.c index a96db45..aa2b8f2 100644 --- a/src/clnt_bcast.c +++ b/src/clnt_bcast.c @@ -163,7 +163,7 @@ __rpc_getbroadifs(int af, int proto, int socktype, broadlist_t *list) /* memcpy(&bip->broadaddr, ifap->ifa_broadaddr, (size_t)ifap->ifa_broadaddr->sa_len);*/ memcpy(&bip->broadaddr, ifap->ifa_broadaddr, - (size_t)sizeof(ifap->ifa_broadaddr)); + sizeof(bip->broadaddr)); sin = (struct sockaddr_in *)(void *)&bip->broadaddr; sin->sin_port = ((struct sockaddr_in *) -- 1.5.6 ++++++ libtirpc-0.1.9-0002-Always-make-IPv6-sockets-V6ONLY.patch ++++++ >From ea9f048761d0b9a2ab6310bffa07351f0b04d8c5 Mon Sep 17 00:00:00 2001 From: Olaf Kirch Date: Tue, 2 Sep 2008 12:11:15 -0400 Subject: [PATCH] Always make IPv6 sockets V6ONLY Assume you have a netconfig file looking like this: udp tpi_clts v inet udp - - udp6 tpi_clts v inet6 udp - - ... a call to svc_tli_create(... &someaddr, "udp") will fail to create an IPv6 server socket. The problem is that on Linux, passive IPv6 sockets will also accept packets/connections from IPv4, and will simply map the sender's address to an IPv6 mapped IPv4 address. So if you want to bind both a UDPv4 and UDPv6 socket to the same port, this will fail with EADDRINUSE. The way to avoid this behavior is to change the socket to V6ONLY, which tells the kernel to avoid the autmatic mapping. The change proposed in the patch below does this. I *think* this is a good place to do this, as it will also fix applications that do not use svc_tli_create() - such as rpcbind, which creates the sockets on its own using __rpc_nconf2fd. I think this also improves portability, as BSD code assumes BSD behavior, where this mapping does not occur either. Signed-off-by: Olaf Kirch Signed-off-by: Steve Dickson --- src/rpc_generic.c | 9 ++++++++- 1 files changed, 8 insertions(+), 1 deletions(-) diff --git a/src/rpc_generic.c b/src/rpc_generic.c index 583aff0..ff4ba16 100644 --- a/src/rpc_generic.c +++ b/src/rpc_generic.c @@ -525,11 +525,18 @@ int __rpc_nconf2fd(const struct netconfig *nconf) { struct __rpc_sockinfo si; + int fd; if (!__rpc_nconf2sockinfo(nconf, &si)) return 0; - return socket(si.si_af, si.si_socktype, si.si_proto); + if ((fd = socket(si.si_af, si.si_socktype, si.si_proto)) >= 0 && + si.si_af == AF_INET6) { + int val = 1; + + setsockopt(fd, SOL_IPV6, IPV6_V6ONLY, &val, sizeof(val)); + } + return fd; } int -- 1.5.6 ++++++ libtirpc-0.1.9-0003-Fix-for-taddr2addr-conversion-bug-of-local-addresses.patch ++++++ >From 9e7ba0c7a02031294fefadfbca42b3dd5f2d841f Mon Sep 17 00:00:00 2001 From: Olaf Kirch Date: Tue, 16 Sep 2008 08:46:29 -0400 Subject: [PATCH] Fix for taddr2addr conversion bug of local addresses When converting af_local socket addresses in taddr2uaddr, an incorrect sizeof() would result in a truncated path string. As a result, rpcbind will report the local /var/lib/rpcbind address to clients as "/v" on a 32bit machine. Signed-off-by: okir@suse.de Signed-off-by: Steve Dickson --- src/rpc_generic.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/rpc_generic.c b/src/rpc_generic.c index ff4ba16..b436e3a 100644 --- a/src/rpc_generic.c +++ b/src/rpc_generic.c @@ -629,7 +629,7 @@ __rpc_taddr2uaddr_af(int af, const struct netbuf *nbuf) /* if (asprintf(&ret, "%.*s", (int)(sun->sun_len - offsetof(struct sockaddr_un, sun_path)), sun->sun_path) < 0)*/ - if (asprintf(&ret, "%.*s", (int)(sizeof(sun) - + if (asprintf(&ret, "%.*s", (int)(sizeof(*sun) - offsetof(struct sockaddr_un, sun_path)), sun->sun_path) < 0) -- 1.5.6 ++++++ libtirpc-0.1.9-0004--Fixed-version-info-in-src-Makefile.am-to-reflect-t.patch ++++++ >From 628788c1cc84c86ee4cb36ee5d4fe8954e90fca5 Mon Sep 17 00:00:00 2001 From: Steve Dickson Date: Tue, 16 Sep 2008 11:32:31 -0400 Subject: [PATCH] - Fixed version-info in src/Makefile.am to reflect the correct version - Fixed some of warnings in: src/auth_time.c, src/clnt_dg.c and src/clnt_raw.c - Added some #ifdef NOTUSED around some code in src/rpbc_clnt.c that was not being used... Signed-off-by: Steve Dickson --- src/Makefile.am | 2 +- src/auth_time.c | 3 ++- src/clnt_dg.c | 2 +- src/clnt_raw.c | 6 ++++-- src/rpbc_clnt.c | 8 ++++++-- src/rpcb_clnt.c | 7 ++++++- 6 files changed, 20 insertions(+), 8 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index edab300..a76c377 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -11,7 +11,7 @@ INCLUDES = -I../tirpc -DPORTMAP -DINET6 -DVERSION="\"$(VERSION)\"" \ lib_LTLIBRARIES = libtirpc.la -libtirpc_la_LDFLAGS = -lnsl -lpthread -version-info 1:8:0 +libtirpc_la_LDFLAGS = -lnsl -lpthread -version-info 1:9:0 libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c bindresvport.c clnt_bcast.c \ clnt_dg.c clnt_generic.c clnt_perror.c clnt_raw.c clnt_simple.c \ diff --git a/src/auth_time.c b/src/auth_time.c index d77bcf5..7cfbb7e 100644 --- a/src/auth_time.c +++ b/src/auth_time.c @@ -248,7 +248,8 @@ __rpc_get_time_offset(td, srv, thost, uaddr, netid) nis_server tsrv; void (*oldsig)() = NULL; /* old alarm handler */ struct sockaddr_in sin; - int s = RPC_ANYSOCK, len; + int s = RPC_ANYSOCK; + socklen_t len; int type = 0; td->tv_sec = 0; diff --git a/src/clnt_dg.c b/src/clnt_dg.c index 0e35742..da01c5b 100644 --- a/src/clnt_dg.c +++ b/src/clnt_dg.c @@ -306,7 +306,7 @@ clnt_dg_call(cl, proc, xargs, argsp, xresults, resultsp, utimeout) int nrefreshes = 2; /* number of times to refresh cred */ struct timeval timeout; struct pollfd fd; - int total_time, nextsend_time, tv; + int total_time, nextsend_time, tv=0; struct sockaddr *sa; sigset_t mask; sigset_t newmask; diff --git a/src/clnt_raw.c b/src/clnt_raw.c index 36035c8..f184066 100644 --- a/src/clnt_raw.c +++ b/src/clnt_raw.c @@ -84,8 +84,8 @@ clnt_raw_create(prog, vers) { struct clntraw_private *clp; struct rpc_msg call_msg; - XDR *xdrs = &clp->xdr_stream; - CLIENT *client = &clp->client_object; + XDR *xdrs; + CLIENT *client; mutex_lock(&clntraw_lock); clp = clntraw_private; @@ -101,6 +101,8 @@ clnt_raw_create(prog, vers) clp->_raw_buf = __rpc_rawcombuf; clntraw_private = clp; } + xdrs = &clp->xdr_stream; + client = &clp->client_object; /* * pre-serialize the static part of the call msg and stash it away */ diff --git a/src/rpbc_clnt.c b/src/rpbc_clnt.c index 75811f0..0e25747 100644 --- a/src/rpbc_clnt.c +++ b/src/rpbc_clnt.c @@ -109,7 +109,9 @@ static void delete_cache(struct netbuf *); static void add_cache(const char *, const char *, struct netbuf *, char *); static CLIENT *getclnthandle(const char *, const struct netconfig *, char **); static CLIENT *local_rpcb(void); +#if NOTUSED static struct netbuf *got_entry(rpcb_entry_list_ptr, const struct netconfig *); +#endif /* * This routine adjusts the timeout used for calls to the remote rpcbind. @@ -625,7 +627,7 @@ rpcb_unset(program, version, nconf) CLNT_DESTROY(client); return (rslt); } - +#ifdef NOTUSED /* * From the merged list, find the appropriate entry */ @@ -657,7 +659,7 @@ got_entry(relp, nconf) } return (na); } - +#endif /* * Quick check to see if rpcbind is up. Tries to connect over * local transport. @@ -725,7 +727,9 @@ __rpcb_findaddr_timed(program, version, nconf, host, clpp, tp) CLIENT **clpp; struct timeval *tp; { +#ifdef NOTUSED static bool_t check_rpcbind = TRUE; +#endif CLIENT *client = NULL; RPCB parms; enum clnt_stat clnt_st; diff --git a/src/rpcb_clnt.c b/src/rpcb_clnt.c index 040f4ce..ed16f00 100644 --- a/src/rpcb_clnt.c +++ b/src/rpcb_clnt.c @@ -109,7 +109,9 @@ static void delete_cache(struct netbuf *); static void add_cache(const char *, const char *, struct netbuf *, char *); static CLIENT *getclnthandle(const char *, const struct netconfig *, char **); static CLIENT *local_rpcb(void); +#ifdef NOTUSED static struct netbuf *got_entry(rpcb_entry_list_ptr, const struct netconfig *); +#endif /* * This routine adjusts the timeout used for calls to the remote rpcbind. @@ -625,7 +627,7 @@ rpcb_unset(program, version, nconf) CLNT_DESTROY(client); return (rslt); } - +#ifdef NOTUSED /* * From the merged list, find the appropriate entry */ @@ -657,6 +659,7 @@ got_entry(relp, nconf) } return (na); } +#endif /* * Quick check to see if rpcbind is up. Tries to connect over @@ -725,7 +728,9 @@ __rpcb_findaddr_timed(program, version, nconf, host, clpp, tp) CLIENT **clpp; struct timeval *tp; { +#ifdef NOTUSED static bool_t check_rpcbind = TRUE; +#endif CLIENT *client = NULL; RPCB parms; enum clnt_stat clnt_st; -- 1.5.6 ++++++ libtirpc-0.1.9-0005-Fix-xp_raddr-handling-in-svc_fd_create-etc.patch ++++++ >From 59c374c4b507aeca957ed0096d98006edf601375 Mon Sep 17 00:00:00 2001 From: Olaf Kirch Date: Tue, 30 Sep 2008 15:04:17 -0400 Subject: [PATCH] Fix xp_raddr handling in svc_fd_create etc Currently svc_fd_create tries to do some clever tricks with IPv4/v6 address mapping. This is broken for several reasons. 1. We don't want IPv4 based transport to look like IPv6 transports. Old applications compiled against tirpc will expect AF_INET addresses, and are not equipped to deal with AF_INET6. 2. There's a buffer overflow. memcpy(&sin6, &ss, sizeof(ss)); copies a full struct sockaddr to a sockaddr_in6 on the stack. Unlikely to be exploitable, but I wonder if this ever worked.... Signed-off-by: Olaf Kirch Signed-off-by: Steve Dickson --- src/rpc_com.h | 2 + src/svc_dg.c | 7 +----- src/svc_vc.c | 65 +++++++++++++++++++++++++++----------------------------- 3 files changed, 34 insertions(+), 40 deletions(-) diff --git a/src/rpc_com.h b/src/rpc_com.h index 110d35a..a935080 100644 --- a/src/rpc_com.h +++ b/src/rpc_com.h @@ -85,6 +85,8 @@ bool_t __svc_clean_idle(fd_set *, int, bool_t); bool_t __xdrrec_setnonblock(XDR *, int); bool_t __xdrrec_getrec(XDR *, enum xprt_stat *, bool_t); void __xprt_unregister_unlocked(SVCXPRT *); +void __xprt_set_raddr(SVCXPRT *, const struct sockaddr_storage *); + SVCXPRT **__svc_xports; int __svc_maxrec; diff --git a/src/svc_dg.c b/src/svc_dg.c index a72abe4..76a480e 100644 --- a/src/svc_dg.c +++ b/src/svc_dg.c @@ -193,12 +193,7 @@ again: xprt->xp_rtaddr.len = alen; } memcpy(xprt->xp_rtaddr.buf, &ss, alen); -#ifdef PORTMAP - if (ss.ss_family == AF_INET6) { - xprt->xp_raddr = *(struct sockaddr_in6 *)xprt->xp_rtaddr.buf; - xprt->xp_addrlen = sizeof (struct sockaddr_in6); - } -#endif /* PORTMAP */ + __xprt_set_raddr(xprt, &ss); xdrs->x_op = XDR_DECODE; XDR_SETPOS(xdrs, 0); if (! xdr_callmsg(xdrs, msg)) { diff --git a/src/svc_vc.c b/src/svc_vc.c index 3d77aef..c62343b 100644 --- a/src/svc_vc.c +++ b/src/svc_vc.c @@ -117,6 +117,29 @@ map_ipv4_to_ipv6(sin, sin6) } /* + * This is used to set xprt->xp_raddr in a way legacy + * apps can deal with + */ +void +__xprt_set_raddr(SVCXPRT *xprt, const struct sockaddr_storage *ss) +{ + switch (ss->ss_family) { + case AF_INET6: + memcpy(&xprt->xp_raddr, ss, sizeof(struct sockaddr_in6)); + xprt->xp_addrlen = sizeof (struct sockaddr_in6); + break; + case AF_INET: + memcpy(&xprt->xp_raddr, ss, sizeof(struct sockaddr_in)); + xprt->xp_addrlen = sizeof (struct sockaddr_in); + break; + default: + xprt->xp_raddr.sin6_family = AF_UNSPEC; + xprt->xp_addrlen = sizeof (struct sockaddr); + break; + } +} + +/* * Usage: * xprt = svc_vc_create(sock, send_buf_size, recv_buf_size); * @@ -201,7 +224,6 @@ svc_fd_create(fd, sendsize, recvsize) u_int recvsize; { struct sockaddr_storage ss; - struct sockaddr_in6 sin6; socklen_t slen; SVCXPRT *ret; @@ -228,28 +250,16 @@ svc_fd_create(fd, sendsize, recvsize) warnx("svc_fd_create: could not retrieve remote addr"); goto freedata; } - if (ss.ss_family == AF_INET) { - map_ipv4_to_ipv6((struct sockaddr_in *)&ss, &sin6); - } else { - memcpy(&sin6, &ss, sizeof(ss)); - } ret->xp_rtaddr.maxlen = ret->xp_rtaddr.len = sizeof(ss); ret->xp_rtaddr.buf = mem_alloc((size_t)sizeof(ss)); if (ret->xp_rtaddr.buf == NULL) { warnx("svc_fd_create: no mem for local addr"); goto freedata; } - if (ss.ss_family == AF_INET) - memcpy(ret->xp_rtaddr.buf, &ss, (size_t)sizeof(ss)); - else - memcpy(ret->xp_rtaddr.buf, &sin6, (size_t)sizeof(ss)); -#ifdef PORTMAP - if (sin6.sin6_family == AF_INET6 || sin6.sin6_family == AF_LOCAL) { - memcpy(&ret->xp_raddr, ret->xp_rtaddr.buf, - sizeof(struct sockaddr_in6)); - ret->xp_addrlen = sizeof (struct sockaddr_in6); - } -#endif /* PORTMAP */ + memcpy(ret->xp_rtaddr.buf, &ss, (size_t)sizeof(ss)); + + /* Set xp_raddr for compatibility */ + __xprt_set_raddr(ret, &ss); return ret; @@ -312,7 +322,6 @@ rendezvous_request(xprt, msg) struct cf_rendezvous *r; struct cf_conn *cd; struct sockaddr_storage addr; - struct sockaddr_in6 sin6; socklen_t len; struct __rpc_sockinfo si; SVCXPRT *newxprt; @@ -344,27 +353,15 @@ again: */ newxprt = makefd_xprt(sock, r->sendsize, r->recvsize); - if (addr.ss_family == AF_INET) { - map_ipv4_to_ipv6((struct sockaddr_in *)&addr, &sin6); - } else { - memcpy(&sin6, &addr, len); - } newxprt->xp_rtaddr.buf = mem_alloc(len); if (newxprt->xp_rtaddr.buf == NULL) return (FALSE); - if (addr.ss_family == AF_INET) - memcpy(newxprt->xp_rtaddr.buf, &addr, len); - else - memcpy(newxprt->xp_rtaddr.buf, &sin6, len); + memcpy(newxprt->xp_rtaddr.buf, &addr, len); newxprt->xp_rtaddr.maxlen = newxprt->xp_rtaddr.len = len; -#ifdef PORTMAP - if (sin6.sin6_family == AF_INET6 || sin6.sin6_family == AF_LOCAL) { - memcpy(&newxprt->xp_raddr, newxprt->xp_rtaddr.buf, - sizeof(struct sockaddr_in6)); - newxprt->xp_addrlen = sizeof(struct sockaddr_in6); - } -#endif /* PORTMAP */ + + __xprt_set_raddr(newxprt, &addr); + if (__rpc_fd2sockinfo(sock, &si) && si.si_proto == IPPROTO_TCP) { len = 1; /* XXX fvdl - is this useful? */ -- 1.5.6 ++++++ libtirpc-0.1.9-0006-Kill-map_ipv4_to_ipv6.patch ++++++ >From da5f9861ea3bae59c8eead26d38334721caa9f0a Mon Sep 17 00:00:00 2001 From: Olaf Kirch Date: Tue, 30 Sep 2008 15:05:20 -0400 Subject: [PATCH] Kill map_ipv4_to_ipv6 After the change to svc_vc.c performed in the previous patch, this function is no longer needed. Signed-off-by: Olaf Kirch Signed-off-by: Steve Dickson --- src/svc_vc.c | 13 ------------- 1 files changed, 0 insertions(+), 13 deletions(-) diff --git a/src/svc_vc.c b/src/svc_vc.c index c62343b..0d532a0 100644 --- a/src/svc_vc.c +++ b/src/svc_vc.c @@ -103,19 +103,6 @@ struct cf_conn { /* kept in xprt->xp_p1 for actual connection */ struct timeval last_recv_time; }; -static void -map_ipv4_to_ipv6(sin, sin6) - struct sockaddr_in *sin; - struct sockaddr_in6 *sin6; -{ - sin6->sin6_family = AF_INET6; - sin6->sin6_port = sin->sin_port; - sin6->sin6_addr.s6_addr32[0] = 0; - sin6->sin6_addr.s6_addr32[1] = 0; - sin6->sin6_addr.s6_addr32[2] = htonl(0xffff); - sin6->sin6_addr.s6_addr32[3] = *(uint32_t *)&sin->sin_addr; -} - /* * This is used to set xprt->xp_raddr in a way legacy * apps can deal with -- 1.5.6 ++++++ libtirpc-0.1.9-0007-Introduce-__rpc_set_netbuf-helper.patch ++++++ >From d94b92d5125242ce595c1baf42a1e6d1004b7756 Mon Sep 17 00:00:00 2001 From: Olaf Kirch Date: Tue, 30 Sep 2008 15:06:54 -0400 Subject: [PATCH] Introduce __rpc_set_netbuf helper The RPC code contains a number of places where a netbuf is initialized with some data. All the mem_alloc/memcpy stuff is open-coded. Introduce a helper function and convert the code. Signed-off-by: Olaf Kirch Signed-off-by: Steve Dickson --- src/rpc_com.h | 1 + src/rpc_generic.c | 19 +++++++++++++++++++ src/svc_dg.c | 14 +++----------- src/svc_vc.c | 24 ++++++------------------ 4 files changed, 29 insertions(+), 29 deletions(-) diff --git a/src/rpc_com.h b/src/rpc_com.h index a935080..0981471 100644 --- a/src/rpc_com.h +++ b/src/rpc_com.h @@ -61,6 +61,7 @@ extern u_int __rpc_get_a_size(int); extern int __rpc_dtbsize(void); extern struct netconfig * __rpcgettp(int); extern int __rpc_get_default_domain(char **); +struct netbuf *__rpc_set_netbuf(struct netbuf *, const void *, size_t); char *__rpc_taddr2uaddr_af(int, const struct netbuf *); struct netbuf *__rpc_uaddr2taddr_af(int, const char *); diff --git a/src/rpc_generic.c b/src/rpc_generic.c index b436e3a..9ada668 100644 --- a/src/rpc_generic.c +++ b/src/rpc_generic.c @@ -833,3 +833,22 @@ __rpc_sockisbound(int fd) return 0; } + +/* + * Helper function to set up a netbuf + */ +struct netbuf * +__rpc_set_netbuf(struct netbuf *nb, const void *ptr, size_t len) +{ + if (nb->len != len) { + if (nb->len) + mem_free(nb->buf, nb->len); + nb->buf = mem_alloc(len); + if (nb->buf == NULL) + return NULL; + + nb->maxlen = nb->len = len; + } + memcpy(nb->buf, ptr, len); + return nb; +} diff --git a/src/svc_dg.c b/src/svc_dg.c index 76a480e..7df470e 100644 --- a/src/svc_dg.c +++ b/src/svc_dg.c @@ -140,10 +140,7 @@ svc_dg_create(fd, sendsize, recvsize) slen = sizeof ss; if (getsockname(fd, (struct sockaddr *)(void *)&ss, &slen) < 0) goto freedata; - xprt->xp_ltaddr.buf = mem_alloc(sizeof (struct sockaddr_storage)); - xprt->xp_ltaddr.maxlen = sizeof (struct sockaddr_storage); - xprt->xp_ltaddr.len = slen; - memcpy(xprt->xp_ltaddr.buf, &ss, slen); + __rpc_set_netbuf(&xprt->xp_ltaddr, &ss, slen); xprt_register(xprt); return (xprt); @@ -186,13 +183,8 @@ again: goto again; if (rlen == -1 || (rlen < (ssize_t)(4 * sizeof (u_int32_t)))) return (FALSE); - if (xprt->xp_rtaddr.len < alen) { - if (xprt->xp_rtaddr.len != 0) - mem_free(xprt->xp_rtaddr.buf, xprt->xp_rtaddr.len); - xprt->xp_rtaddr.buf = mem_alloc(alen); - xprt->xp_rtaddr.len = alen; - } - memcpy(xprt->xp_rtaddr.buf, &ss, alen); + __rpc_set_netbuf(&xprt->xp_rtaddr, &ss, alen); + __xprt_set_raddr(xprt, &ss); xdrs->x_op = XDR_DECODE; XDR_SETPOS(xdrs, 0); diff --git a/src/svc_vc.c b/src/svc_vc.c index 0d532a0..44d3497 100644 --- a/src/svc_vc.c +++ b/src/svc_vc.c @@ -184,14 +184,10 @@ svc_vc_create(fd, sendsize, recvsize) goto cleanup_svc_vc_create; } - xprt->xp_ltaddr.maxlen = xprt->xp_ltaddr.len = sizeof(sslocal); - xprt->xp_ltaddr.buf = mem_alloc((size_t)sizeof(sslocal)); - if (xprt->xp_ltaddr.buf == NULL) { + if (!__rpc_set_netbuf(&xprt->xp_ltaddr, &sslocal, sizeof(sslocal))) { warnx("svc_vc_create: no mem for local addr"); goto cleanup_svc_vc_create; } - memcpy(xprt->xp_ltaddr.buf, &sslocal, (size_t)sizeof(sslocal)); - xprt->xp_rtaddr.maxlen = sizeof (struct sockaddr_storage); xprt_register(xprt); return (xprt); cleanup_svc_vc_create: @@ -225,25 +221,20 @@ svc_fd_create(fd, sendsize, recvsize) warnx("svc_fd_create: could not retrieve local addr"); goto freedata; } - ret->xp_ltaddr.maxlen = ret->xp_ltaddr.len = sizeof(ss); - ret->xp_ltaddr.buf = mem_alloc((size_t)sizeof(ss)); - if (ret->xp_ltaddr.buf == NULL) { + if (!__rpc_set_netbuf(&ret->xp_ltaddr, &ss, sizeof(ss))) { warnx("svc_fd_create: no mem for local addr"); goto freedata; } - memcpy(ret->xp_ltaddr.buf, &ss, (size_t)sizeof(ss)); + slen = sizeof (struct sockaddr_storage); if (getpeername(fd, (struct sockaddr *)(void *)&ss, &slen) < 0) { warnx("svc_fd_create: could not retrieve remote addr"); goto freedata; } - ret->xp_rtaddr.maxlen = ret->xp_rtaddr.len = sizeof(ss); - ret->xp_rtaddr.buf = mem_alloc((size_t)sizeof(ss)); - if (ret->xp_rtaddr.buf == NULL) { + if (!__rpc_set_netbuf(&ret->xp_rtaddr, &ss, sizeof(ss))) { warnx("svc_fd_create: no mem for local addr"); goto freedata; } - memcpy(ret->xp_rtaddr.buf, &ss, (size_t)sizeof(ss)); /* Set xp_raddr for compatibility */ __xprt_set_raddr(ret, &ss); @@ -340,12 +331,9 @@ again: */ newxprt = makefd_xprt(sock, r->sendsize, r->recvsize); - newxprt->xp_rtaddr.buf = mem_alloc(len); - if (newxprt->xp_rtaddr.buf == NULL) - return (FALSE); - memcpy(newxprt->xp_rtaddr.buf, &addr, len); - newxprt->xp_rtaddr.maxlen = newxprt->xp_rtaddr.len = len; + if (!__rpc_set_netbuf(&newxprt->xp_rtaddr, &addr, len)) + return (FALSE); __xprt_set_raddr(newxprt, &addr); -- 1.5.6 ++++++ libtirpc-0.1.9-0008-svc_getcaller_netbuf-macro-seems-broken.patch ++++++ >From 851b0f5c6dca22d634603f03f0a5e3e35c6db867 Mon Sep 17 00:00:00 2001 From: Olaf Kirch Date: Tue, 30 Sep 2008 15:08:07 -0400 Subject: [PATCH] svc_getcaller_netbuf macro seems broken I haven't found any documentation, but the comment in the header file seems to suggest that svc_getcaller_netbuf should return the xp_rtaddr netbuf. Returning the address of the socket descripor seems to be wrong at any rate. Signed-off-by: Olaf Kirch Signed-off-by: Steve Dickson --- tirpc/rpc/svc_soc.h | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/tirpc/rpc/svc_soc.h b/tirpc/rpc/svc_soc.h index a8aabf3..0dc96e2 100644 --- a/tirpc/rpc/svc_soc.h +++ b/tirpc/rpc/svc_soc.h @@ -54,7 +54,7 @@ */ #define svc_getcaller(x) (&(x)->xp_raddr) /* Getting address of a caller using netbuf xp_rtaddr */ -#define svc_getcaller_netbuf(x) (&(x)->xp_fd) +#define svc_getcaller_netbuf(x) (&(x)->xp_rtaddr) /* * Service registration * -- 1.5.6 ++++++ libtirpc-0.1.9-0009-Fix-getpeereid.patch ++++++ >From 6c487efe74adb5c29f7bee5bd51b3ebef4968f7d Mon Sep 17 00:00:00 2001 From: Olaf Kirch Date: Tue, 30 Sep 2008 15:09:06 -0400 Subject: [PATCH] Fix getpeereid getpeereid fails because it uses an incorrect getsockopt call to obtain the peer credentials on a AF_LOCAL socket. This in turn will cause all RPC services to be registered with rpcbind to show up as having been registered by "unknown". This has a serious impact on security - a service owned by "unknown" can essentially be unregistered (and thus replaced) by anyone. Signed-off-by: Olaf Kirch Signed-off-by: Steve Dickson --- src/getpeereid.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/getpeereid.c b/src/getpeereid.c index 9207d9d..57ee197 100644 --- a/src/getpeereid.c +++ b/src/getpeereid.c @@ -41,7 +41,7 @@ getpeereid(int s, uid_t *euid, gid_t *egid) int error; uclen = sizeof(uc); - error = getsockopt(s, 0, SO_PEERCRED, &uc, &uclen); /* SCM_CREDENTIALS */ + error = getsockopt(s, SOL_SOCKET, SO_PEERCRED, &uc, &uclen); /* SCM_CREDENTIALS */ if (error != 0) return (error); // if (uc.cr_version != XUCRED_VERSION) -- 1.5.6 ++++++ libtirpc-0.1.9-0010-Fix-__rpc_getconfip.patch ++++++ >From d9a5ae7079d001a9e3b9b384f9153f591a7158bd Mon Sep 17 00:00:00 2001 From: Olaf Kirch Date: Tue, 30 Sep 2008 15:10:43 -0400 Subject: [PATCH] Fix __rpc_getconfip __rpc_getconfip is supposed to return the first netconf entry supporting tcp or udp, respectively. The code will currently return the *last* entry, plus it will leak memory when there is more than one such entry. This patch fixes this issue. Signed-off-by: Olaf Kirch Signed-off-by: Steve Dickson --- src/rpc_generic.c | 6 ++++-- 1 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/rpc_generic.c b/src/rpc_generic.c index 9ada668..3aad018 100644 --- a/src/rpc_generic.c +++ b/src/rpc_generic.c @@ -254,12 +254,14 @@ __rpc_getconfip(nettype) while ((nconf = getnetconfig(confighandle)) != NULL) { if (strcmp(nconf->nc_protofmly, NC_INET) == 0 || strcmp(nconf->nc_protofmly, NC_INET6) == 0) { - if (strcmp(nconf->nc_proto, NC_TCP) == 0) { + if (strcmp(nconf->nc_proto, NC_TCP) == 0 && + netid_tcp == NULL) { netid_tcp = strdup(nconf->nc_netid); thr_setspecific(tcp_key, (void *) netid_tcp); } else - if (strcmp(nconf->nc_proto, NC_UDP) == 0) { + if (strcmp(nconf->nc_proto, NC_UDP) == 0 && + netid_udp == NULL) { netid_udp = strdup(nconf->nc_netid); thr_setspecific(udp_key, (void *) netid_udp); -- 1.5.6 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org