| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
If rpcbind is configured with --disable-warmstarts it responds on -w
with its usage string. This is not helpful in a systemd service, so pass
-w conditionally.
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
$ rpcbind -h 127.0.0.1
free(): double free detected in tcache 2
Aborted
Fixes: a6889bba949b ("Removed resource leaks from src/rpcbind.c")
Resolves: https://sourceforge.net/p/rpcbind/bugs/6/
Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
res pointer is not initialized, if for some reason it does not
take any value after calling getaddrinfo, we end up causing oops
when calling freeaddrinfo
Signed-off-by: Roberto Bergantinos Corpas <rbergant@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Use aswell auth.warning for non-libwrap CALLIT logging, otherwise
we'll broadcast everywhere for a call that is not allowed anyway
Signed-off-by: Roberto Bergantinos Corpas <rbergant@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
and reformat doc a bit.
Based on Olaf Kirch's patch for openSUSE.
Signed-off-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Modern versions of glibc no longer provide the rpcsvc headers, so
there's very little point in trying to use them.
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
If libtirpc is providing rpc/rpc.h, including rpcsvc/mount.h may fail if
-I/path/to/tirpc is not passed to the compiler.
Bug: https://bugs.gentoo.org/665222
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Musl based systems are more pedantic than glibc ones about where we
include files from. Correct some headers to include proper files.
In file included from src/rpcb_svc_com.c:45:0:
/usr/include/sys/poll.h:1:2: warning: #warning redirecting incorrect #include <sys/poll.h> to <poll.h> [-Wcpp]
#warning redirecting incorrect #include <sys/poll.h> to <poll.h>
^~~~~~~
In file included from src/rpcbind.c:45:0:
/usr/include/sys/errno.h:1:2: warning: #warning redirecting incorrect #include <sys/errno.h> to <errno.h> [-Wcpp]
#warning redirecting incorrect #include <sys/errno.h> to <errno.h>
^~~~~~~
In file included from src/rpcbind.c:49:0:
/usr/include/sys/signal.h:1:2: warning: #warning redirecting incorrect #include <sys/signal.h> to <signal.h> [-Wcpp]
#warning redirecting incorrect #include <sys/signal.h> to <signal.h>
^~~~~~~
In file included from src/util.c:48:0:
/usr/include/sys/poll.h:1:2: warning: #warning redirecting incorrect #include <sys/poll.h> to <poll.h> [-Wcpp]
#warning redirecting incorrect #include <sys/poll.h> to <poll.h>
^~~~~~~
Signed-off-by: Amadeusz Sławiński <amade@asmblr.net>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On musl systems there are implicit function declaration warnings due to
missing string.h include.
src/pmap_svc.c: In function ‘pmapproc_change’:
src/pmap_svc.c:225:8: warning: implicit declaration of function ‘memcmp’ [-Wimplicit-function-declaration]
if (!memcmp(rpcbreg.r_netid, "udp6", 4) ||
^~~~~~
src/pmap_svc.c: In function ‘pmap_netid2ipprot’:
src/pmap_svc.c:408:6: warning: implicit declaration of function ‘strcmp’ [-Wimplicit-function-declaration]
if (strcmp(netid, tcptrans) == 0)
^~~~~~
src/warmstart.c: In function ‘read_struct’:
src/warmstart.c:116:22: warning: implicit declaration of function ‘strerror’; did you mean ‘perror’? [-Wimplicit-function-declaration]
filename, errno, strerror(errno));
^~~~~~~~
perror
Signed-off-by: Amadeusz Sławiński <amade@asmblr.net>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the rpcbind program returns the first IP address that matches the hint
IP, i.e.: The first interface found that is UP and on the same network
as the hint IP address (bestmatch).
That could be wrong if there are multiple ips in the same subnet for the
same interface configured.
For instance output of ip addr:
~> ip addr
inet 10.xxx.xx.133/22 brd 10.xxx.xx.255 scope global mgmt <------first ip-address which matches the hint
inet 10.xxx.xx.147/22 scope global eth0 <----actual ip-address where nfs server is configured
inet 10.xxx.xx.160/22 scope global secondary eth0
~>
rpc mount export: RPC: Timed out
rpc mount export: RPC: Timed out
For multiple IP adresses in the same subnet, it should try to find an
exact match first and only if that fails return the best match.
Signed-off-by: Thomas Blume <thomas.blume@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
*** buffer overflow detected ***: rpcinfo terminated
======= Backtrace: =========
/lib64/libc.so.6(+0x721af)[0x7ff24c4451af]
/lib64/libc.so.6(__fortify_fail+0x37)[0x7ff24c4ccdc7]
/lib64/libc.so.6(+0xf8050)[0x7ff24c4cb050]
rpcinfo(+0x435f)[0xef3be2635f]
rpcinfo(+0x1c62)[0xef3be23c62]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7ff24c3f36e5]
rpcinfo(+0x2739)[0xef3be24739]
======= Memory map: ========
...
The patch below fixes it.
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Thomas Blume <thomas.blume@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Added a new configuration flag --enable-rmtcalls
which will be needed to enable the remote call
functionality.
This also stops rpcbind from opening up random
listening ports.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to systemd.special(7) manpage:
rpcbind.target
The portmapper/rpcbind pulls in this target and orders itself
before it, to indicate its availability. systemd automatically
adds dependencies of type After= for this target unit to
all SysV init script service units with an LSB header
referring to the "$portmap" facility.
Signed-off-by: Steve Dickson <steved@redhat.com>
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1431574
|
| |
|
|
|
|
| |
src/rpcb_svc_com.c:1055:6: warning: unused variable 'n' [-Wunused-variable]
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to its own man page, the rpcbind program "can only be
started by the super-user." On systems where a distinction is made, it
therefore makes sense to install rpcbind to the autotools sbindir
rather than the regular bindir where it is currently installed. This
is accomplished by three small changes:
1. Move rpcbind from bin_PROGRAMS to sbin_PROGRAMS in Makefile.am.
2. Change @_bindir@ to @_sbindir@ in the rpcbind systemd service file.
3. Tell configure.ac that it should substitute the value of $sbindir
into @_sbindir@ instead of $bindir$ into @_bindir@.
The rpcinfo tool remains where it is, in bindir, since unprivileged
users are able to usefully run it. This avoids forcing maintainers to
choose between two bad options: hiding rpcinfo from unprivileged
users, or installing a useless rpcbind for them.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Now that sendz is a fixed size (UDPMSGSIZE) which
is small then RPC_BUF_MAX, no need to check the
sendz size.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
commit 7ea36ee introduced a svc_freeargs() call
that ended up freeing static pointer.
It turns out the allocations for the rmt_args
is not necessary . The xdr routines (xdr_bytes) will
handle the memory management and the largest
possible message size is UDPMSGSIZE (due to UDP only)
which is smaller than RPC_BUF_MAX
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
All if (debugging) stanzas and their accompanying xlog()s and aborts
should be within #ifdef RPCBIND_DEBUG.
Fixes a compilation failure due to non-inclusion of <syslog.h> in the
non-debugging case.
Signed-off-by: Nick Alcock <nick.alcock@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
commit 7ea36eee introduce a typo that caused
NIS (aka ypbind) to fail.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch is to address CVE-2017-8779 "rpcbomb" in rpcbind, discussed
at [1], [2], [3]. The last link suggests this issue is actually a bug
in rpcbind, which led me here.
The leak caused by the reproducer at [4] appears to come from
rpcb_service_4(), in the case where svc_getargs() returns false and the
function had an early return, rather than passing through the cleanup
path at done:, as would otherwise occur.
It also addresses a couple of other locations where the same fault seems
to exist, though I haven't been able to exercise those. I hope someone
more intimate with rpc(3) can confirm my understanding is correct, and
that I haven't introduced any new bugs.
Without this patch, using the reproducer (and variants) repeatedly
against rpcbind with a numBytes argument of 1_000_000_000, /proc/$(pidof
rpcbind)/status reports VmSize increase of 976564 kB each call, and
VmRSS increase of around 260 kB every 33 calls - the specific numbers
are probably an artifact of my rhel/glibc version. With the patch,
there is a small (~50 kB) VmSize increase with the first message, but
thereafter both VmSize and VmRSS remain steady.
[1]: http://seclists.org/oss-sec/2017/q2/209
[2]: https://bugzilla.redhat.com/show_bug.cgi?id=1448124
[3]: https://sourceware.org/ml/libc-alpha/2017-05/msg00129.html
[4]: https://github.com/guidovranken/rpcbomb/
Signed-off-by: Doran Moppert <dmoppert@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
From: Yann Leprince <yann.leprince@ylep.fr>
This fix ensures that a separate /var partition will be mounted before
rpcbind tries to write its status to /var/run.
Acked-by: NeilBrown <neilb@suse.com>
Signed-off-by: Yann Leprince <yann.leprince@ylep.fr>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Due to a miscommunication,
Commit: 0cc39c519278 ("Provide systemd unit files for rpcbind")
used sbindir as the location of rpcbind to put in the systemd unit
file instead of bindir, which is where rpcbind gets installed.
So change those few instances of sbindir to bindir so that the unit
file will have the correct path.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
rpcbind can save state in a file to allow restart without forgetting
about running services.
The default location is currently "/tmp" which is
not ideal for system files. It is particularly unpleasant
to put simple files there rather than creating a directory
to contain them.
On a modern Linux system it is preferable to use /run, and there it is
even more consistent with practice to use a subdirectory.
This directory needs to be create one each boot, and while there are
tools (e.g. systemd-tmpfiles) which can do that it is cleaner to keep
rpcbind self-contained and have it create the directory.
So change the default location to /var/run/rpcbind, and create that
directory. If a different user-id is used, we need to create
and chown the directory before dropping privileges. We do this
with care so avoid chowning the wrong thing by mistake.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To encourage uniformity across distributions, provide
systemd unit files.
If extra arguments are wanted for rpcbind, a drop-in should be used
to set the Environment= or read and EnvironmentFile=
Even though libtirpc and the kernel contact rpcbind via
/var/run/rcpbind.sock, tell systemd to place the socket
in /run/rpcbind.sock as systems using systemd always
use /run, and often symlink /var/run to /run.
rpcbind.service pulls in rpcbind.socket so that the listening sockets
chosen there will always be used.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The __P() macro is a legacy compatibility macro aimed making pre-ANSI
(i.e. K&R) compilers that do not support function prototypes happy,
while still allowing such prototypes for ANSI-compliant compilers.
Since virtually all compilers have been ANSI-compliant for a few decades
now, use of __P() is totally useless.
Furthermore, __P() is defined in the non-standard sys/cdefs.h header.
This header is present in glibc and uClibc, and both have it included
from many of their headers. So, sys/cdefs.h is automagically included in
most cases and its macros are available.
However, the musl C library does not provide this sys/cdefs.h header.
Thus, the build breaks on musl.
For all the above reasons, get rid of __P() wherever it is used; just
always declare real function prototypes.
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Steve Dickson <steved@redhat.com>
Cc: Chuck Lever <chuck.lever@oracle.com>
Cc: Steve Dickson <SteveD@redhat.com>
Cc: Mike Frysinger <vapier@gentoo.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
rpcbind and libtirpc are both using poll in svc_run(),
but rpcbind used the old svc_fdset interface for this.
This limits the possible connections to 1024, while both
could handle much more. rpcbind is now accessing directly
the svc_pollfd data of libtirpc.
Signed-off-by: Thorsten Kukuk <kukuk@thkukuk.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
From: Laurent Bigonville <bigon@bigon.be>
If systemd has created the unix socket on our behalf, we shouldn't try
to delete it.
https://bugzilla.redhat.com/show_bug.cgi?id=1279076
Signed-off-by: Laurent Bigonville <bigon@bigon.be
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
In the latest libtirpc version to access the xp_auth
one must use the SVC_XP_AUTH macro. To be backwards
compatible a couple ifdefs were added to use the
macro when it exists.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- A PMAP_CALLIT call comes in on IPv4 UDP
- rpcbind duplicates the caller's address to a netbuf and stores it in
FINFO[0].caller_addr. caller_addr->buf now points to a memory region A
with a size of 16 bytes
- rpcbind forwards the call to the local service, receives a reply
- when processing the reply, it does this in xprt_set_caller:
xprt->xp_rtaddr = *FINFO[0].caller_addr
It sends out the reply, and then frees the netbuf caller_addr and
caller_addr.buf.
However, it does not clear xp_rtaddr, so xp_rtaddr.buf now refers
to memory region A, which is free.
- When the next call comes in on the UDP/IPv4 socket, svc_dg_recv will
be called, which will set xp_rtaddr to the client's address.
It will reuse the buffer inside xp_rtaddr, ie it will write a
sockaddr_in to region A
Some time down the road, an incoming TCP connection is accepted,
allocating a fresh SVCXPRT. The memory region A is inside the
new SVCXPRT
- While processing the TCP call, another UDP call comes in, again
overwriting region A with the client's address
- TCP client closes connection. In svc_destroy, we now trip over
the garbage left in region A
We ran into the case where a commercial scanner was triggering
occasional rpcbind segfaults. The core file that was captured showed
a corrupted xprt->xp_netid pointer that was really a sockaddr_in.
Signed-off-by: Olaf Kirch <okir@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
src/security.c:100:8: warning: implicit declaration of function 'xlog'
[-Wimplicit-function-declaration]
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Recently a libtirpc_set_debug() command was
added to libtirpc that enables debugging in
the library.
Now when debug is enabled with rpcbind, this
new library debugging will be enabled as well,
when the interface exists.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
implicit declaration of function ?xlog?
Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The function check_callit() attempts to reference a number of defines
from files that might not be available for everything but glibc.
For simplicity assume that if there is no rpcsvc/mount.h all the other
includes do not exist either.
Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
To make it possible for debugging to happen in
background, separate the -d flag from the -f flag
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
| |
Enable the logging depending on background or foreground
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
| |
Convert all the fprint() to xlog()s calls
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
To improve rpcbind's debugging the xlog code
from the nfs-utils package has been ported.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
