| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* limit size of buffers to RPC_MAXDATASIZE
* don't leak memory
* be more picky about bad parameters
From:
https://raw.githubusercontent.com/guidovranken/rpcbomb/master/libtirpc_patch.txt
https://github.com/guidovranken/rpcbomb/blob/master/rpcbind_patch.txt
via NetBSD.
Approved by: re (kib)
|
| |
|
|
|
|
|
|
|
|
|
| |
Add a knob, WITH*_RPCBIND_WARMSTART_SUPPORT, to allow the end-user to build
rpcbind(8) with/without warmstart support.
The knob defaults to off to preserve POLA for the feature.
See rpcbind(8) for more details about the warmstart feature.
Relnotes: yes
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r317155:
rpcbind(8): wordsmith -h description and mention -W in the SYNOPSIS section
-W was already documented in the OPTIONS section.
r317162:
rpcbind(8): add a description for /var/run/rpcbind.sock under the FILES section
r317163:
rpcbind(8): post-humously document -w (warmstart) support added in r74462
warmstart support saves portmap/rpcbind(8) registration state on exit and
restores the saved registration state on restart.
r317164:
Fix indentation per style.Makefile(5)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r314659:
usr.sbin: normalize paths using SRCTOP-relative paths or :H when possible
This simplifies make logic/output
r314676:
Fix build after r314656
Some of the changes I introduced to use .ALLSRC were correct in spirit,
but incorrect in reality -- in particular, ../Makefile.inc hadn't been
pulled in via bsd.init.mk (via bsd.lib.mk, bsd.prog.mk), so the value
of .ALLSRC (evaluated immediately) was empty. .include bsd.init.mk
explicitly so we can be certain that the values used as dependencies in
the targets are defined when the target recipe has been evaluated.
Reminder: thou shalt separate out separate functional changes before
committing them.
(YUGE) Pointyhat to: ngie
In collaboration with: bdrewery
|
| |
|
|
|
|
|
|
|
| |
Print out the signal number on exit in terminate(..) if WARMSTART is compiled
into rpcbind.
The signal number can provide helpful diagnostic info.
Obtained from: Isilon OneFS
|
| |
|
|
|
| |
Conditionalize wrap(3) use based on MK_TCP_WRAPPERS instead of
always building support into rpcbind.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
usr.sbin/rpcbind/tests/addrmerge_test.c
Fix some sizeof calculations that work only by luck on 64-bit
platforms.
PR: 210314
Reviewed by: ngie
Approved by: re (kib)
Reported by: Mark Millard
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
Differential Revision: https://reviews.freebsd.org/D6855
|
| |
|
|
|
|
| |
xdr_rpcproc, xdr_rpcprog and xdr_rpcvers were broken in older
versions of FreeBSD but fixed in r296394. Give them some use
hoping they help make the code somewhat more readable.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Not returning if rtype == RPCBVERS_STAT will cause us to overrun the inf array, as
it's defined to be exactly RPCBVERS_STAT elements in rpcb_prot.x:
> include/rpc/rpcb_prot.x:typedef rpcb_stat rpcb_stat_byvers[RPCBVERS_STAT];
The proposed change also matches the rest of the rtype upper bound checks in the
file, so the original change was likely a typo.
MFC after: 2 weeks
Reported by: Coverity
CID: 1007567
Reviewed by: truckman
Sponsored by: EMC / Isilon Storage Division
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the event MK_INET6 != no in userspace, but is disabled in the
kernel, or if there aren't any IPv6 addresses configured in userspace
(for lo0 and all physical interfaces), rpcbind would terminate
immediately instead of silently failing on
Skip over the IPv6 block to its respective cleanup with freeifaddrs if
creating the socket failed instead of terminating rpcbind immediately
MFC after: 6 days
X-MFC with: r300932
Reported by: O. Hartmann <ohartman@zedat.fu-berlin.de>
Sponsored by: EMC / Isilon Storage Division
|
| |
|
|
|
|
|
|
|
|
| |
- getaddrinfo() sets res = NULL on failure and freeaddrinfo() always
dereferences its argument, so we should only free the address list after
a successful call.
- Address a second potential leak caused by getaddrinfo(AF_INET6)
overwriting the address list returned by getaddrinfo(AF_INET).
X-MFC-With: r300941
|
| |
|
|
|
|
|
| |
This is some low hanging fruit necessary for making this WARNS?= 6 clean
MFC after: 3 days
Sponsored by: EMC / Isilon Storage Division
|
| |
|
|
|
| |
MFC after: 3 days
Sponsored by: EMC / Isilon Storage Division
|
| |
|
|
|
| |
MFC after: 3 days
Sponsored by: EMC / Isilon Storage Division
|
| |
|
|
|
|
|
|
|
| |
Call freeaddrinfo on it after it's been used
MFC after: 1 week
Reported by: Coverity
CID: 1225050
Sponsored by: EMC / Isilon Storage Division
|
| |
|
|
|
|
| |
MFC after: 1 week
Obtained from: NetBSD v1.18
Sponsored by: EMC / Isilon Storage Division
|
| |
|
|
|
|
|
|
|
|
|
| |
- malloc failing will result in a delayed segfault
- socket failing will result in delayed failures with setsockopt
Exit in the event that either of these high-level conditions are met.
Reported by: Coverity
CID: 976288, 976321, 976858
Sponsored by: EMC / Isilon Storage Division
|
| |
|
|
|
|
|
|
| |
This fixes a -Wunused-but-set-variable warning with gcc
MFC after: 1 week
Reported by: gcc 5
Sponsored by: EMC / Isilon Storage Division
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
after r298107
Summary of changes:
- Replace all instances of FILES/TESTS with ${PACKAGE}FILES. This ensures that
namespacing is kept with FILES appropriately, and that this shouldn't need
to be repeated if the namespace changes -- only the definition of PACKAGE
needs to be changed
- Allow PACKAGE to be overridden by callers instead of forcing it to always be
`tests`. In the event we get to the point where things can be split up
enough in the base system, it would make more sense to group the tests
with the blocks they're a part of, e.g. byacc with byacc-tests, etc
- Remove PACKAGE definitions where possible, i.e. where FILES wasn't used
previously.
- Remove unnecessary TESTSPACKAGE definitions; this has been elided into
bsd.tests.mk
- Remove unnecessary BINDIRs used previously with ${PACKAGE}FILES;
${PACKAGE}FILESDIR is now automatically defined in bsd.test.mk.
- Fix installation of files under data/ subdirectories in lib/libc/tests/hash
and lib/libc/tests/net/getaddrinfo
- Remove unnecessary .include <bsd.own.mk>s (some opportunistic cleanup)
Document the proposed changes in share/examples/tests/tests/... via examples
so it's clear that ${PACKAGES}FILES is the suggested way forward in terms of
replacing FILES. share/mk/bsd.README didn't seem like the appropriate method
of communicating that info.
MFC after: never probably
X-MFC with: r298107
PR: 209114
Relnotes: yes
Tested with: buildworld, installworld, checkworld; buildworld, packageworld
Sponsored by: EMC / Isilon Storage Division
|
| |
|
|
| |
No functional change.
|
| |\
| |
| |
| | |
Sponsored by: The FreeBSD Foundation
|
| | |
| |
| |
| | |
Sponsored by: EMC / Isilon Storage Division
|
| |/
|
|
| |
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
rpcbind/check_bound.c
Fix CID1347798, a memory leak in mergeaddr.
rpcbind/tests/addrmerge_test.c
Fix CID1347800 through CID1347803, memory leaks in ATF tests. They
are harmless because each ATF test case runs in its own process, but
they are trivial to fix. Fix a few other leaks that Coverity didn't
detect, too.
Coverity CID: 1347798, 1347800, 1347801, 1347802, 1347803
MFC after: 2 weeks
X-MFC-With: 293229
Sponsored by: Spectra Logic Corp
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix a bug in rpcbind for multihomed hosts. If the server had interfaces on
two separate subnets, and a client on the first subnet contacted rpcbind at
the address on the second subnet, rpcbind would advertise addresses on the
first subnet. This is a bug, because it should prefer to advertise the
address where it was contacted. The requested service might be firewalled
off from the address on the first subnet, for example.
usr.sbin/rpcbind/check_bound.c
If the address on which a request was received is known, pass that
to addrmerge as the clnt_uaddr parameter. That is what addrmerge's
comment indicates the parameter is supposed to mean. The previous
behavior is that clnt_uaddr would contain the address from which the
client sent the request.
usr.sbin/rpcbind/util.c
Modify addrmerge to prefer to use an IP that is equal to clnt_uaddr,
if one is found. Refactor the relevant portion of the function for
clarity, and to reduce the number of ifdefs.
etc/mtree/BSD.tests.dist
usr.sbin/rpcbind/tests/Makefile
usr.sbin/rpcbind/tests/addrmerge_test.c
Add unit tests for usr.sbin/rpcbind/util.c:addrmerge.
usr.sbin/rpcbind/check_bound.c
usr.sbin/rpcbind/rpcbind.h
usr.sbin/rpcbind/util.c
Constify some function arguments
Reviewed by: imp
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
Differential Revision: https://reviews.freebsd.org/D4690
|
| |
|
|
|
| |
shorter than the required length. Note that it rarely happens
because maxlen is almost always 128 which covers struct sockaddr_storage.
|
| |
|
|
| |
working.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
transport specific form of a universal transport address. The
structure is expected to be opaque to consumers. In the current
implementation, the structure contains a pointer to a buffer
that holds the actual address.
In rpcbind(8), netbuf structures are copied directly, which would
result in two netbuf structures that reference to one shared
address buffer. When one of the two netbuf structures is freed,
access to the other netbuf structure would result in an undefined
result that may crash the rpcbind(8) daemon.
Fix this by making a copy of the buffer that is going to be freed
instead of doing a shallow copy.
Security: FreeBSD-SA-15:24.rpcbind
Security: CVE-2015-7236
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.
Still need to add real targets under targets/ to build packages.
Differential Revision: D2796
Reviewed by: brooks imp
|
| | | |
|
| | |\
| |/
|/| |
|
| | |\ |
|
| | | | |
|
| | | | |
|
| | |\ \ |
|
| | |\ \ \ |
|
| | | | | | |
|
| | | | | | |
|
| | |\ \ \ \ |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Requested by: Simon Gerraty <sjg@juniper.net>
|
| | |_|_|_|/
|/| | | |
| | | | |
| | | | | |
Reduce overlinking
|
| | |_|_|/
|/| | | |
|
| | |_|/
|/| |
| | |
| | | |
from the latter.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
new command line options -W, to enable it when needed.
On my tests this change by almost ten times improves rpcbind performance.
No objections: many, net@
|
| | |/
|/|
| |
| | |
permission of Sun Microsystems in 2009.
|
| | |
| |
| |
| | |
Submitted by: Garrett Cooper
|
| |/
|
|
|
|
|
|
|
|
|
|
| |
userland via routing socket or sysctl. This eliminates the following
KAME-specific sin6_scope_id handling routine from each userland utility:
sin6.sin6_scope_id = ntohs(*(u_int16_t *)&sin6.sin6_addr.s6_addr[2]);
This behavior can be controlled by net.inet6.ip6.deembed_scopeid. This is
set to 1 by default (sin6_scope_id will be filled in the kernel).
Reviewed by: bz
|
| | |
|
| |
|
|
|
|
| |
statment's border.
MFC after: 1 month
|
| |
|
|
|
|
| |
PR: bin/154928
Submitted by: Eitan Adler <lists at eitanadler.com>
MFC after: 3 days
|
