| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Code that works in GLIBC's runrpc implementation fails with libtirpc.
libtirpc forces the RPC library to talk to the portmapper via UDP,
even when the client specifies TCP. This breaks existing code which
expect the protocol specified to be honored, even when talking to
portmapper.
This is upstreaming of an old patch by Rob Riggs reported in Fedora.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1725329
Signed-off-by: Rob Riggs <rob+redhat@pangalactic.org>
Signed-off-by: Dan Hork <dan@danny.cz>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
By adapting CodeChecker for libtirpc related tests, it complains
an improper waiting time for function getnetconfigent with
a valid input value, either it should be treated as a wrong
input or just take it as a proper value without sleeping
link: https://bugzilla.redhat.com/show_bug.cgi?id=2150611
Signed-off-by: Zhi Li <yieli@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Since clntraw_private could be dereferenced before
allocated, protect it by checking its value in advance.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2138317
Signed-off-by: Zhi Li <yieli@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
| |
Fixes compilation warning.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Close the FILE *fp of load_blacklist() in another
return path to avoid potential resource leakage.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2135405
Signed-off-by: Zhi Li <yieli@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
| |
rpcb_clnt.c:224:21: error: argument 'netid' doesn't match prototype
const char *host, *netid;
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
rpcb_clnt.c was using a read/write lock mechanism to manage the address
cache. This was wrong, because the wrote locked deletion of a cached
entry did not prevent concurrent access by other calls that required
a read lock (e.g. by check_cache()). Thus, the cache could get
corrupted.
Instead of a RW locking mechanist, the cache (a linkedf list) need a
simple mutex to grant access. To avoid deadlocks while accessing a cache
from functions that may recurse, the mutexed part of the cache access
should be isolated more to only the code areas necessary.
Also, cache lookup should return an independent deep copy of the matching
cached element, rather than a pointer to the element in the cache, for
operations that can (and should be) performed outside of the mutexed
areas for cache access.
With the changes, the code is more MT-dafe, more robust, and also
simpler to follow.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
bindresvport()_sa(), in bidresvport.c checks blacklist_read w/o mutex
before calling load_blacklist() which changes blacklist_read() also
unmutexed.
Clearly, the point is to read the blacklist only once on the first call,
but because the checking whether the blacklist is loaded is not mutexed,
more than one thread may race to load the blacklist concurrently, which
of course can jumble the list because of the race condition.
The fix simply moves the checking within the mutexed aread of the code
to eliminate the race condition.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
If clnt_dg_destroy() or clnt_vc_destroy() is awoken with other blocked
operations pending (such as clnt_*_call(), clnt_*_control(), or
clnt_*_freeres()) but no active operation currently being executed, then the
client gets destroyed. Then, as the other blocked operations get subsequently
awoken, they will try operate on an invalid client handle, potentially causing
unpredictable behavior and stack corruption.
Signed-off-by: Attila Kovacs <attipaci@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
In clnt_dg.c in clnt_dg_freeres(), cu_fd_lock->active is set to TRUE, with no
corresponding clearing when the operation (*xdr_res() call) is completed. This
would leave other waiting operations blocked indefinitely, effectively
deadlocking the client. For comparison, clnt_vd_freeres() in clnt_vc.c does not
set the active state to TRUE. I believe the vc behavior is correct, while the
dg behavior is a bug.
Signed-off-by: Attila Kovacs <attipaci@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In cnlt_dg_freeres() and clnt_vc_freeres(), cond_signal() is called after
unlocking the mutex (clnt_fd_lock). The manual of pthread_cond_signal()
allows that, but mentions that for consistent scheduling, cond_signal()
should be called with the waiting mutex locked.
clnt_fd_lock is locked on L171, but then not released if jumping to the
err1 label on an error (L175 and L180). This means that those errors
will deadlock all further operations that require clnt_fd_lock access.
Same in clnt_vc.c in clnt_vc_create, on lines 215, 222, and 230 respectively.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There have been previous attempts to revert protocol tryout
algorithm from v4,v3,v2 to previous v2,v4,v3 :
https://www.spinics.net/lists/linux-nfs/msg89228.html
Apart from GETADDR/NAT issue originating that proposed change,
its possible that some legacy custom applications still use
v2 of protocol with libtirpc.
The change proposed here, introduces an environment variable
"RPCB_V2FIRST" so that, if defined, old behaviour is used.
This is more flexible and allow us to selectively pick what
application reverts to old behaviour instead of a system-wide
change.
Signed-off-by: Roberto Bergantinos Corpas <rbergant@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
During some valgrind test, the following is observed
==11391== 64 bytes in 4 blocks are definitely lost in loss record 11 of 16
==11391== at 0x4C2A2AF: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==11391== by 0x50ECED9: strdup (in /lib64/libc-2.22.so)
==11391== by 0x4E4AFBF: getclnthandle (in /lib64/libtirpc.so.3.0.0)
==11391== by 0x4E4BD8A: __rpcb_findaddr_timed (in /lib64/libtirpc.so.3.0.0)
==11391== by 0x4E443AF: clnt_tp_create_timed (in /lib64/libtirpc.so.3.0.0)
==11391== by 0x4E44580: clnt_create_timed (in /lib64/libtirpc.so.3.0.0)
==11391== by 0x400755: main (in /local/02/xdtadti/tirpc-test/client)
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
| |
Free the cbuf after obtaining the error number.
Signed-off-by: Frank Sorenson <sorenson@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
| |
For Android bionic, pthread is a part of that c library.
Signed-off-by: Hsia-Jun(Randy) Li <randy.li@synaptics.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
getdtablesize() is not specified in POSIX.1, Android won't
support it at all.
Signed-off-by: Hsia-Jun(Randy) Li <randy.li@synaptics.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently svc_run does not handle poll timeout and rendezvous_request
does not handle EMFILE error returned from accept(2 as it used to.
These two missing functionality were removed by commit b2c9430f46c4.
The effect of not handling poll timeout allows idle TCP conections
to remain ESTABLISHED indefinitely. When the number of connections
reaches the limit of the open file descriptors (ulimit -n) then
accept(2) fails with EMFILE. Since there is no handling of EMFILE
error this causes svc_run() to get in a tight loop calling accept(2).
This resulting in the RPC service of svc_run is being down, it's
no longer able to service any requests.
RPC service rpcbind, statd and mountd are effected by this
problem.
Fix by enhancing rendezvous_request to keep the number of
SVCXPRT conections to 4/5 of the size of the file descriptor
table. When this thresold is reached, it destroys the idle
TCP connections or destroys the least active connection if
no idle connnction was found.
Fixes: 44bf15b8 rpcbind: don't use obsolete svc_fdset interface of libtirpc
Signed-off-by: dai.ngo@oracle.com
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Disallow calling auth_refresh from clnt_{dg,vc}_call if the client is
using RPCSEC_GSS. Doing so can recurse back into clnt_{dg,vc}_call,
where we'll self-deadlock waiting on the condition variable.
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Doug Nazar <nazard@nazar.ca>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
| |
Fix the use of an fd_lock referenced from private client data after it
was freed.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently per-fd locks for the clients are pre-allocated up to
the soft limit of maximum allowed open file desciptors per process as
defined in __rpc_dtbsize():
if (getrlimit(RLIMIT_NOFILE, &rl) == 0) {
return (tbsize = (int)rl.rlim_cur);
}
This limit can be arbitrarily large for any given process resulting in
unreasonable memory allocation. For example, for systemd PID1 process
this limit is set to 1073741816 since version 240. systemd is an
indirect user of this library as it fetches information about users,
groups, etc...
This patch proposes a list implementation of per-fd locks based on glibc
doubly linked lists. It also includes support for a fixed array based
pre-allocation up to a compile-time defined limit of locks for
equivalence to the previous implementation.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In svc_fd_create(), upon error, freeing xp_ltaddr.buf and null
is returned to the caller as expected. The allocated SVCXPRT is
added to svc_pollfd and during destroy __svc_vc_dodestroy(),
xp_ltaddr.buf is being freed again causing double free.
Fix is to reset the pointer when ever freed first.
Reported-by: Sreedharbabu Vykuntam <sreedharbabu.vykuntam@quest.com>
Reviewed-by: Ian Kent <raven@themaw.net>
Signed-off-by: Srinivasarao Cheruku <srinivascheruku@yahoo.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the client code, rlim_max is used to allocate two
arrays used for multithread locking. These arrays are
indexed with open file descriptors.
With some recent changes to systemd, the rlim_max is
now a very large number and no longer represents the
max number of open file descriptors allowed causing
the locking arrays to be huge resulting in processes
being OOM killed.
It turns out the max number opens allowed in a process
is still fairly small (1023) which means rlim_cur (1024)
can be used instead of rlim_max.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
| |
bits/endian.h is an internal header. endian.h should be included.
Fixes compilation with recent musl.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
GCC 10 enables -fno-common by default.
Fixes: https://bugs.gentoo.org/705896
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
bf8f0b82d added back authdes_create() and authdes_pk_create() interfaces
also when authdes compiled out. Add also authdes_seccreate().
Found by LTP rpc-tirpc test, which fails to link:
/usr/lib64/gcc/x86_64-suse-linux/9/../../../../x86_64-suse-linux/bin/ld: /tmp/ccFanCMm.o: in function `main':
testcases/network/rpc/rpc-tirpc/tests_pack/rpc_suite/tirpc/tirpc_auth_authdes_seccreate/tirpc_authdes_seccreate.c:55: undefined reference to `authdes_seccreate'
Fixes: bf8f0b82d ("Add back the authdes interfaces")
Signed-off-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
Instead of compiling out the authdes interfaces
as commit d918e41d8 did, add them back but
they will fail if called.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
AUTH_DES authentication is dead! Has not been
supported in years and know the code is throwing
out coverity scan which don't make sense to fix.
The code is know compiled out by default.
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Tested-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
| |
Optionally fixes compilation with uClibc-ng.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
In order to be more defensive, we should mask bits of u_int64_t
value if we want to use only the first 32bit.
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
LDFLAGS shouldn't be used to link against libraries as this would break
positional flags like --as-needed
Use LIBADD instead
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1639032
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From: Ian Kent <raven@themaw.net>
EOF on a non-blocking socket is incorrectly detected causing
the socket to be closed if a client sends the RPC request in
more than one write.
This is becuase ->read_vc() returns 0 for a real EOF and for
the error cases of EAGAIN or EWOULDBLOCK when there could be
more data to come. The caller of ->read_vc() also fails to
handle this case correctly returning XPRT_DIED in both cases.
Also the stream context setting that indicates the request
header has been reveived is not set after receiving the
header which causes incorrect interpretation of the input
for the case of a multiple read receive.
Signed-off-by: Ian Kent <raven@themaw.net>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
In function ‘__getpublickey_real.part.0’,
inlined from ‘__getpublickey_real’:
getpublickey.c:77:9: warning: ‘strncpy’ output may be truncated copying 47 bytes from a string of length 143 [-Wstringop-truncation]
(void) strncpy(publickey, lookup, HEXKEYBYTES-1);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
Commit 55d146058 introduced the freeing of private data
of client connections due to a false positive from
a covscan.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
| |
Variable "xdrbuf" going out of scope leaks the storage it points to.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
| |
Variable "handle" going out of scope leaks the storage it points to.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
| |
Handle variable "s" going out of scope leaks the handle.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
| |
Variable "nc_handle" going out of scope leaks the storage it points to.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
Calling strncpy with a maximum size argument of 108 bytes on
destination array "sun.sun_path" of size 108 bytes might
leave the destination string unterminated.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
| |
Variable "localhandle" going out of scope leaks the storage it points to.
Returning without closing handle "sock" leaks it.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
| |
Variable "handle" going out of scope leaks the storage it points to.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
| |
Variable "np_sessionp" going out of scope leaks the storage it points to.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
| |
Memory leak: p
Memory leak: tmp
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
| |
Variable "ct" going out of scope leaks the storage it points to.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
| |
Variable "sys_auth" going out of scope leaks the storage it points to.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
Calling strncpy with a maximum size argument of 128 bytes on
destination array "options_ret->actual_mechanism" of size 128
bytes might leave the destination string unterminated
Signed-off-by: Steve Dickson <steved@redhat.com>
|