319232 |
30-May-2017 |
ngie |
MFC r317155,r317162,r317163,r317164:
r317155:
rpcbind(8): wordsmith -h description and mention -W in the SYNOPSIS section
-W was already documented in the OPTIONS section.
r317162:
rpcbind(8): add a description for /var/run/rpcbind.sock under the FILES section
r317163:
rpcbind(8): post-humously document -w (warmstart) support added in r74462
warmstart support saves portmap/rpcbind(8) registration state on exit and restores the saved registration state on restart.
r317164:
Fix indentation per style.Makefile(5) |
301605 |
08-Jun-2016 |
ngie |
Bounds check rpcbs_rmtcall(..) to ensure rtype is less than RPCBVERS_STAT
Not returning if rtype == RPCBVERS_STAT will cause us to overrun the inf array, as it's defined to be exactly RPCBVERS_STAT elements in rpcb_prot.x:
> include/rpc/rpcb_prot.x:typedef rpcb_stat rpcb_stat_byvers[RPCBVERS_STAT];
The proposed change also matches the rest of the rtype upper bound checks in the file, so the original change was likely a typo.
MFC after: 2 weeks Reported by: Coverity CID: 1007567 Reviewed by: truckman Sponsored by: EMC / Isilon Storage Division
|
300973 |
29-May-2016 |
ngie |
Follow up to r300932
In the event MK_INET6 != no in userspace, but is disabled in the kernel, or if there aren't any IPv6 addresses configured in userspace (for lo0 and all physical interfaces), rpcbind would terminate immediately instead of silently failing on
Skip over the IPv6 block to its respective cleanup with freeifaddrs if creating the socket failed instead of terminating rpcbind immediately
MFC after: 6 days X-MFC with: r300932 Reported by: O. Hartmann <ohartman@zedat.fu-berlin.de> Sponsored by: EMC / Isilon Storage Division
|
300932 |
29-May-2016 |
ngie |
Catch malloc(3) errors and socket(2) errors
- malloc failing will result in a delayed segfault - socket failing will result in delayed failures with setsockopt
Exit in the event that either of these high-level conditions are met.
Reported by: Coverity CID: 976288, 976321, 976858 Sponsored by: EMC / Isilon Storage Division
|
299094 |
04-May-2016 |
ngie |
Merge ^/user/ngie/release-pkg-fix-tests to unbreak how test files are installed after r298107
Summary of changes:
- Replace all instances of FILES/TESTS with ${PACKAGE}FILES. This ensures that namespacing is kept with FILES appropriately, and that this shouldn't need to be repeated if the namespace changes -- only the definition of PACKAGE needs to be changed - Allow PACKAGE to be overridden by callers instead of forcing it to always be `tests`. In the event we get to the point where things can be split up enough in the base system, it would make more sense to group the tests with the blocks they're a part of, e.g. byacc with byacc-tests, etc - Remove PACKAGE definitions where possible, i.e. where FILES wasn't used previously. - Remove unnecessary TESTSPACKAGE definitions; this has been elided into bsd.tests.mk - Remove unnecessary BINDIRs used previously with ${PACKAGE}FILES; ${PACKAGE}FILESDIR is now automatically defined in bsd.test.mk. - Fix installation of files under data/ subdirectories in lib/libc/tests/hash and lib/libc/tests/net/getaddrinfo - Remove unnecessary .include <bsd.own.mk>s (some opportunistic cleanup)
Document the proposed changes in share/examples/tests/tests/... via examples so it's clear that ${PACKAGES}FILES is the suggested way forward in terms of replacing FILES. share/mk/bsd.README didn't seem like the appropriate method of communicating that info.
MFC after: never probably X-MFC with: r298107 PR: 209114 Relnotes: yes Tested with: buildworld, installworld, checkworld; buildworld, packageworld Sponsored by: EMC / Isilon Storage Division
|
298107 |
16-Apr-2016 |
gjb |
Merge the projects/release-pkg branch to head.
This allows packaging the base system with pkg(8), including but not limited to providing the ability to provide upstream binary update possibilities for non-tier-1 architectures.
This merge is a requirement of the 11.0-RELEASE, and as such, thank you to everyone that has tested the project branch.
Documentation in build(7) etc. is still somewhat sparse, but updates to those parts will follow.
Sponsored by: The FreeBSD Foundation
|
293833 |
13-Jan-2016 |
asomers |
Fix Coverity warnings regarding r293229
rpcbind/check_bound.c Fix CID1347798, a memory leak in mergeaddr.
rpcbind/tests/addrmerge_test.c Fix CID1347800 through CID1347803, memory leaks in ATF tests. They are harmless because each ATF test case runs in its own process, but they are trivial to fix. Fix a few other leaks that Coverity didn't detect, too.
Coverity CID: 1347798, 1347800, 1347801, 1347802, 1347803 MFC after: 2 weeks X-MFC-With: 293229 Sponsored by: Spectra Logic Corp
|
293229 |
06-Jan-2016 |
asomers |
"source routing" in rpcbind
Fix a bug in rpcbind for multihomed hosts. If the server had interfaces on two separate subnets, and a client on the first subnet contacted rpcbind at the address on the second subnet, rpcbind would advertise addresses on the first subnet. This is a bug, because it should prefer to advertise the address where it was contacted. The requested service might be firewalled off from the address on the first subnet, for example.
usr.sbin/rpcbind/check_bound.c If the address on which a request was received is known, pass that to addrmerge as the clnt_uaddr parameter. That is what addrmerge's comment indicates the parameter is supposed to mean. The previous behavior is that clnt_uaddr would contain the address from which the client sent the request.
usr.sbin/rpcbind/util.c Modify addrmerge to prefer to use an IP that is equal to clnt_uaddr, if one is found. Refactor the relevant portion of the function for clarity, and to reduce the number of ifdefs.
etc/mtree/BSD.tests.dist usr.sbin/rpcbind/tests/Makefile usr.sbin/rpcbind/tests/addrmerge_test.c Add unit tests for usr.sbin/rpcbind/util.c:addrmerge.
usr.sbin/rpcbind/check_bound.c usr.sbin/rpcbind/rpcbind.h usr.sbin/rpcbind/util.c Constify some function arguments
Reviewed by: imp MFC after: 4 weeks Sponsored by: Spectra Logic Corp Differential Revision: https://reviews.freebsd.org/D4690
|
288383 |
29-Sep-2015 |
delphij |
The Sun RPC framework uses a netbuf structure to represent the transport specific form of a universal transport address. The structure is expected to be opaque to consumers. In the current implementation, the structure contains a pointer to a buffer that holds the actual address.
In rpcbind(8), netbuf structures are copied directly, which would result in two netbuf structures that reference to one shared address buffer. When one of the two netbuf structures is freed, access to the other netbuf structure would result in an undefined result that may crash the rpcbind(8) daemon.
Fix this by making a copy of the buffer that is going to be freed instead of doing a shallow copy.
Security: FreeBSD-SA-15:24.rpcbind Security: CVE-2015-7236
|
262860 |
06-Mar-2014 |
mav |
Disable libwrap (TCP wrappers) support in rpcbind by default, introducing new command line options -W, to enable it when needed.
On my tests this change by almost ten times improves rpcbind performance.
No objections: many, net@
|
203710 |
09-Feb-2010 |
imp |
When you have multiple addresses on the same network on different interfaces (such as when you are part of a carp pool), and you run rpcbind -h to restrict which interfaces have rpc services, rpcbind can none-the-less return addresses that aren't in the -h list. This patch enforces the rule that when you specify -h on the command line, then services returned from rpcbind must be to one of the addresses listed in -h, or be a loopback address (since localhost is implicit when running -h).
The root cause of this is the assumption in addrmerge that there can be only one interface that matches a given network IP address. This turns out not to be the case. To retain historical behavior, I didn't try to fix the routine to prefer the address that the request came into, since I didn't know the side effects that might cause in the normal case. My quick analysis suggests that it wouldn't be a problem, but since this code is tricky I opted for the more conservative patch of only restricting the reply when -h is in effect.
Hence, this change will have no effect when you are running rpcbind without -h.
Reviewed by: alfred@ Sponsored by: iX Systems MFC after: 2 weeks
|
156813 |
17-Mar-2006 |
ru |
Reimplementation of world/kernel build options. For details, see:
http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html
The src.conf(5) manpage is to follow in a few days.
Brought to you by: imp, jhb, kris, phk, ru (all bugs are mine)
|
79723 |
14-Jul-2001 |
iedowse |
This is a selection of essentially cosmetic changes: - Use '\0' for a char instead of NULL. - Explicitly compare against the global `nullstring' to determine if a non-NULL uaddr is not malloc'd. - Remove some unnecessary casting of the argument to free(). - In rpcbproc_callit_com(), move the freeing of m_uaddr to the cleanup code at the end of the function. - To avoid confusion and possible alignment problems, change netbufdup() to allocate the netbuf struct and the sockaddr buffer separately, and change netbuffree() accordingly. This makes it produce netbufs that are consistent with all other netbufs in rpcbind.
|
78705 |
24-Jun-2001 |
iedowse |
Clean up the addrmerge() function, which was over-complicated and contained a number of memory leaks. The changes include:
- Add a comment describing what addrmerge() does. - Deal with 0.0.0.0./::. or AF_LOCAL callers correctly. - Use rpcbind_get_conf() instead of getnetconfigent() so we don't have to remember to free the returned netconfig struct. - Make just one pass through the ifaddrs list; we can pick up a fallback interface address in the same pass as the netmask comparison. - Define and use SA2SIN* macros to avoid the need for loads of protocol-specific local variables. - Use mostly protocol-independent code for building the netbuf version of the address to be returned. - Use the common cleanup code for virtually all error and non-error cases, fixing a number of memory leaks.
|
78681 |
23-Jun-2001 |
iedowse |
Fix some return-value brain-damage in forward_register(). This function has a return type of u_int32_t, into which it was somehow supposed to encode: * A valid 32-bit XID (which could be any value including 0). * 0, meaning a duplicate request. * -1, meaning a malloc failed (!); We now ensure that all XIDs are non-zero, and pass the XID out via a pointer argument.
In forward_find() and free_slot_by_xid(), remove an unnecessary and confusing test for a negative result from an unsigned modulo operation, but add an unnecessary cast to highlight why.
|
76037 |
26-Apr-2001 |
iedowse |
Bring in some bugfixes from NetBSD. I'm going to make a more extensive pass through the rpcbind code soon, but I might as well bring these in now.
- (NetBSD util.c r1.5) Move the initialisation of `tbuf' to avoid a case where it could end up containing junk from the stack. This should address the issue in PR bin/26806. - (NetBSD util.c r1.6) Don't `merge' AF_LOCAL addresses, fix a few memory leaks.
PR: bin/26806 Submitted by: Martin Blapp <mb@imp.ch> Obtained from: NetBSD
|
74462 |
19-Mar-2001 |
alfred |
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the 1999 release.
Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface.
Many userland updates were done to bring the code up to par with the recent RPC API.
There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library.
While we're at it, bring in NetBSD's lockd, it's been far too long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
|