summaryrefslogtreecommitdiffstats
path: root/lib/libc/rpc
Commit message (Collapse)AuthorAgeFilesLines
* Fixed printf format errors.bde1998-06-302-5/+5
|
* Fixed scanf format errors. The error handling is not quite bug for bugbde1998-06-301-7/+4
| | | | | | compatible. I think small negative uids are handled compatibly but other out of bounds ones are truncated differently for certain sizes of uid_t.
* Fix potential resource leak: when call to des_crypt_1() fails, rememberwpaul1998-06-091-2/+3
| | | | to destroy the RPC CLIENT handle before returning.
* The incorrect select() timeout calculation that I fixed in svc_tcp.cwpaul1998-05-211-2/+2
| | | | | also exists here (the timeout can expire much sooner than it's supposed to).
* Replace the getpublickey() stub with the real thing.wpaul1998-05-181-33/+160
|
* Improve DoS avoidance in RPC stream oriented transports. The TCP transportwpaul1998-05-182-34/+70
| | | | | | | | | | | | | | | | | | | | | | uses readtcp() to gather data from the network; readtcp() uses select(), with a timeout of 35 seconds. The problem with this is that if you connect to a TCP server, send two bytes of data, then just pause, the server will remain blocked in readtcp() for up to 35 seconds, which is sort of a long time. If you keep doing this every 35 seconds, you can keep the server occupied indefinitely. To fix this, I modified readtcp() (and its cousin, readunix() in svc_unix.c) to monitor all service transport handles instead of just the current socket. This allows the server to keep handling new connections that arrive while readtcp() is running. This prevents one client from potentially monopolizing a server. Also, while I was here, I fixed a bug in the timeout calculations. Someone attempted to adjust the timeout so that if select() returned EINTR and the loop was restarted, the timeout would be reduced so that rather than waiting for another 35 seconds, you could never wait for more than 35 seconds total. Unfortunately, the calculation was wrong, and the timeout could expire much sooner than 35 seconds.
* Patch RPC library to avoid possible denial of service attacks as describedwpaul1998-05-152-2/+4
| | | | | | recently in BUGTRAQ. If a stream oriented transport fails to properly decode an RPC message header structure where there should be one, it should mark the stream as dead so that the connection will be dropped.
* Fixed the usual missing dependencies on headers generated by rpcgen.bde1998-05-101-2/+2
|
* Fixed wrong prototypes. Most of the prototypes had missing return types,bde1998-01-161-9/+19
| | | | or missing const's or `short *' instead of `[ug]id_t *' in argument types.
* Convert to mdoc format.charnier1998-01-051-248/+146
|
* In clntudp_call(), it is possible that xdr_replymsg() might failwpaul1997-10-261-0/+14
| | | | | | | | | | | | | | | | | | | | | | | | partway through its attempt to decode the result structure sent by the server. If this happens, it can leave the result partially populated with dynamically allocated memory. In this event, the xdr_replymsg() failure is detected and RPC_CANTDECODERES is returned, but the memory in the partially populated result struct is not free()d. The end result is that memory is leaked when an RPC_CANTDECODERES error occurs. (This condition can occur if a CLIENT * handle is created using clntudp_bufcreate() with a receive buffer size that is too small to handle the result sent by the server.) Fixed by setting reply_xdrs.x_op to XDR_FREE and calling xdr_replymsg() again to free the memory if an RPC_CANTDECODERES error is detected. I suspect that the clnt_tcp.c, clnt_unix.c and clnt_raw.c modules may ha a similar problem, but I haven't duplicated the condition with those yet. Found by: dbmalloc
* Sorted lists.bde1997-10-211-23/+22
|
* Fix two bugs which caused various RPC programs (mountd, nfsd, ...)jdp1997-10-171-3/+3
| | | | | | | | | | | | | | | to fail under certain circumstances. 1. In one spot, the ifr_flags member was being examined in the wrong structure, thus it contained garbage. On a machine in which only the loopback interface was up, this caused everything that wanted to talk to the portmapper to fail -- a particular problem with laptops, where the pccard ethernet interface is likely to come up long after the attempt to start mountd, nfsd, amd, etc. 2. Compounding the above problem, get_myaddress() returned a successful status even though it failed to find an address that it considered good enough.
* Removed the subdirectory paths from the definitions of MAN[1-9]. Theybde1997-10-151-7/+6
| | | | | were a workaround for limitations in bsd.man.mk that were fixed about 2 years ago.
* Correct a bug in the 'allow arbitrary number of socket descriptors' changeswpaul1997-10-141-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | made to the RPC code some months ago. The value of __svc_fdsetsize is being calculated incorrectly. Logically, one would assume that __svc_fdsetsize is being used as a substitute for FD_SETSIZE, with the difference being that __svc_fdsetsize can be expanded on the fly to accomodate more descriptors if need be. There are two problems: first, __svc_fdsetsize is not initialized to 0. Second, __svc_fdsetsize is being calculated in svc.c:xprt_registere() as: __svc_fdsetsize = howmany(sock+1, NFDBITS); This is wrong. If we are adding a socket with index value 4 to the descriptor set, then __svc_fdsetsize will be 1 (since fds_bits is an unsigned long, it can support any descriptor from 0 to 31, so we only need one of them). In order for this to make sense with the rest of the code though, it should be: __svc_fdsetsize = howmany(sock+1, NFDBITS) * NFDBITS; Now if sock == 4, __svc_fdsetsize will be 32. This bug causes 2 errors to occur. First, in xprt_register(), it causes the __svc_fdset descriptor array to be freed and reallocated unnecessarily. The code checks if it needs to expand the array using the test: if (sock + 1 > __svc_fdsetsize). The very first time through, __svc_fdsetsize is 0, which is fine: an array has to be allocated the first time out. However __svc_fdsetsize is incorrectly set to 1, so on the second time through, the test (sock + 1 > __svc_fdsetsize) will still succeed, and the __svc_fdset array will be destroyed and reallocated for no reason. Second, the code in svc_run.c:svc_run() can become hopelessly confused. The svc_run() routine malloc()s its own fd_set array using the value of __svc_fdsetsize to decide how much memory to allocate. Once the xprt_register() function expands the __svc_fdset array the first time, the value for __svc_fdsetsize becomes 2, which is too small: the resulting calculation causes the code to allocate an array that's only 32 bits wide when it actually needs 64 bits. It also uses the valuse of __svc_fdsetsize when copying the contents of the __svc_fdset array into the new array. The end result is that all but the first 32 file descriptors get lost. Note: from what I can tell, this bug originated in OpenBSD and was brought over to us when the code was merged. The bug is still there in the OpenBSD source. Total nervous breakdown averted by: Electric Fence 2.0.5
* Make selection logic more strict. Only select AF_INET loopback interfaceswpaul1997-09-211-3/+6
| | | | | that are up on second (loopback only) pass, and only select non-loopback AF_INET interfaces that are up on first pass.
* Add a stub version of getpublickey(), in order to eliminate anjdp1997-08-282-1/+47
| | | | | | | | | | undefined symbol referenced from libc. Without the stub, it is impossible to execute any program using the shared library if LD_BIND_NOW=1 is in the environment. The stub always returns failure, but it can be overridden outside the library when necessary. I don't know whether this is the "correct" fix, but it is intolerable to have any undefined symbols referenced from libc.
* Add to CLEANFILES instead of setting it absolutely. Cleaning of *.S andbde1997-07-211-1/+1
| | | | tags was broken.
* Show the real revision date and not the date that thissteve1997-06-234-4/+4
| | | | manpage is being viewed.
* Hm... wonder how long this has been here.wpaul1997-06-201-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The logic in get_myaddress() is broken: it always returns the loopback address due to the following rule: if ((ifreq.ifr_flags & IFF_UP) && ifr->ifr_addr.sa_family == AF_INET && (loopback == 1 && (ifreq.ifr_flags & IFF_LOOPBACK))) { The idea is that we want to select the interface address only if it's up and it's in the AF_INET family. If it turns uout we don't have such an interface available, we make a second pass through the loop, this time settling for the loopback interface. But the logic inadvertently locks out all cases when loopback == 0, so nothing is ever selected until the second pass (when loopback == 1). This is changed to: if (((ifreq.ifr_flags & IFF_UP) && ifr->ifr_addr.sa_family == AF_INET) || (loopback == 1 && (ifreq.ifr_flags & IFF_LOOPBACK))) { which I think does the right thing. This is yet another bogon I discovered during NIS+ testing; I need get_myaddress() to work correctly so that the callback code in the client library will work.
* Remember to zero sockaddr_in struct before calling uaddr_to_sockaddr() towpaul1997-06-151-0/+1
| | | | | populate it. Not doing this can result in a garbage sockaddr_in, which will cause connect() to block inside clnttcp_create().
* getnetid() crashes if no /etc/netid file is present (it tries to fclose()wpaul1997-06-121-1/+2
| | | | a FILE * handle that wasn't really open).
* Fix other small things that got lost in the merge:wpaul1997-05-282-3/+3
| | | | | | | | | | - bde's change to includes section in getrpcent.3 - Lost comment in svc_run.c (the code here was actually the same since I had fixed the 'fds + 1' bug in my stuff at home before mailing Peter about it, but I didn't notce that he'd made a change to the comment right above the changed line). Also pointed out by the ever vigilant: bde
* Resolve conflicts.wpaul1997-05-2833-84/+425
| | | | | | | | | | | This concludes tonight's entertainment. Once I'm sure I haven't destroyed the world with all these changes, I'll import the utilities. Everything should continue to work as before. If it doesn't let me know. Special thanks to Mark Murray for running a test 'make world' for me to shake out the bugs, which, hopefully, I have fixed. (And there was much rejoicing.)
* This commit was generated by cvs2svn to compensate for changes in r26219,wpaul1997-05-2820-0/+4989
| | | | which included commits to RCS files with non-trunk default branches.
* Changed all paths to be relative to src/lib instead of src/lib/libcjb1997-05-031-2/+6
| | | | | | | | | | so that all these makefiles can be used to build libc_r too. Added .if ${LIB} == "c" tests to restrict man page builds to libc to avoid needlessly building them with libc_r too. Split libc Makefile into Makefile and Makefile.inc to allow the libc_r Makefile to include Makefile.inc too.
* Fixed wrong #include in synopsis.bde1997-04-131-1/+1
|
* Revert $FreeBSD$ to $Id$peter1997-02-2231-31/+31
|
* Make the long-awaited change from $Id$ to $FreeBSD$jkh1997-01-1431-31/+31
| | | | | | | | This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long. Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
* Correct logic braino when attempting to exclude loopback addresses onpeter1997-01-091-2/+2
| | | | | | the first pass. Submitted by: Greg Lehey <grog@lemis.de>
* Two minor changes to try and make it more robust in the face of manypeter1997-01-091-2/+4
| | | | | | | | | interfaces, until it's redone to use sysctl(). - bump the SIOCGIFCONF buffer size from 1K to 8K - if we didn't find a suitable address, return a failure. Previously if it didn't find anything it left the return address uninitialised. Perhaps it would be better to return AF_INET/111/127.0.0.1 rather than failing?
* Eliminate unnecessary warning introduced by a missing forward declaration.jkh1997-01-011-1/+3
|
* prototype of shared function now in include filepeter1996-12-311-3/+1
|
* use svc_maxfd + 1 in the select() call.peter1996-12-311-3/+3
| | | | | | | | (There may be a behavior difference between the 2.1 and 2.2/3.0 kernels in this area, it seemed to work for me but I have a horribly hacked select() that might have a bug in the handling of this) Submitted by: wpaul
* Oops! Bad Idea! (TM)peter1996-12-301-3/+13
| | | | | | | | Restore the clamp on the return value from rpc_dtablesize().. Some programs (eg: ypserv) use this as an indication of how large svc_fdset is in their hand-rolled svc_run() loops. The svc_fdset table is maintained by the rpc library explicitly for compatability with such programs. (It uses a different variable-sized bitmap itself internally)
* - make wire protocol 64 bit type safepeter1996-12-301-11/+9
| | | | | | | | - extern prototypes now in include file - fix local prototypes - use standard functions Obtained from: a diff of FreeBSD vs. OpenBSD/NetBSD rpc code.
* - prototypes now in include filepeter1996-12-301-26/+48
| | | | | | | | - overhaul for unlimited fd's - OpenBSD's ftp port bounce attack fix - fix timeouts Obtained from: a diff of FreeBSD vs. OpenBSD/NetBSD rpc code.
* - canonical function declarationpeter1996-12-301-7/+6
| | | | | | | - prototypes now in common include file - use standard functions Obtained from: a diff of FreeBSD vs. OpenBSD/NetBSD rpc code.
* - overhaul for unlimited file descriptorspeter1996-12-301-15/+24
| | | | | | | | | | - prototypes now in include files Obtained from: a diff of FreeBSD vs. OpenBSD/NetBSD rpc code. Note: potential bug here, It looks like there could be a null pointer dereference depending on what has already been called to initialise some shared data.
* - make wire protocol 64 bit type safepeter1996-12-301-4/+4
| | | | | | - use standard functions Obtained from: a diff of FreeBSD vs. OpenBSD/NetBSD rpc code.
* - major overhaul to make this deal with unlimited fd's.peter1996-12-301-56/+68
| | | | | | | | | | | | - kill non-FD_SETSIZE code Obtained from: a diff of FreeBSD vs. OpenBSD/NetBSD rpc code. Note, there was a nasty bug with our old code here. It would trash the stack if a fd > 31 was passed in. It was using a "long" as though it was an "fd_set", ie: it was assuming that a long was 256 bits wide. :-( This has been lurking here for a while, since the FD_SETSIZE #ifdef's were first implemented.
* - make wire protocol 64 bit type safepeter1996-12-301-10/+10
| | | | Obtained from: a diff of FreeBSD vs. OpenBSD/NetBSD rpc code.
* Remove our code that clamped the max select() fd number to FD_SETSIZE (256)peter1996-12-301-16/+3
| | | | This function is now unused.
* - kill non-FD_SETSIZE codepeter1996-12-301-5/+2
| | | | Obtained from: a diff of FreeBSD vs. OpenBSD/NetBSD rpc code.
* - 64 bit type safe on-the-wire protocolpeter1996-12-301-17/+15
| | | | | | | - use standard functions - prototype now in include file Obtained from: a diff of FreeBSD vs. OpenBSD/NetBSD rpc code.
* - prototype now in include file, plus no longer needed anywaypeter1996-12-301-37/+44
| | | | | | | | | | | - fix timeout code - better sequence number generation (for long running daemons) - dont close an unopen socket - use standard functions - 64 bit type safe for wire protocols - unlimited file descriptors Obtained from: a diff of FreeBSD vs. OpenBSD/NetBSD rpc code.
* - dont close an unopen socketpeter1996-12-301-2/+3
| | | | Obtained from: a diff of FreeBSD vs. OpenBSD/NetBSD rpc code.
* - Don't close an unopened socketpeter1996-12-301-2/+3
| | | | Obtained from: a diff of FreeBSD vs. OpenBSD/NetBSD rpc code.
* - don't close unopen socketpeter1996-12-301-7/+12
| | | | | | | | - ensure we're not spoofed/confused while trying to talk to the portmapper - handle new get_myaddress failure cases - prototype now in include file Obtained from: a diff of FreeBSD vs. OpenBSD/NetBSD rpc code.
* - missing prototype from include filepeter1996-12-301-5/+5
| | | | | | | - canconical function declaration (ctags safe) - use standard functions Obtained from: a diff of FreeBSD vs. OpenBSD/NetBSD rpc code.
OpenPOWER on IntegriCloud