Commit Graph

337 Commits

Author SHA1 Message Date
Pedro F. Giffuni
2b1474fdde libc: clean some set-but-not-used errors.
These were found by gcc 5.0 on Dragonfly BSD, however I
made no attempt to silence the false positives.

Obtained from:	DragonFly (cf515c3a6f3a8964ad592e524442bc628f8ed63b)
2015-02-18 03:33:17 +00:00
Pedro F. Giffuni
e742fdff32 rpc: Uninitialized pointer read
Initialize *xprt to avoid exposing a random value
in cleanup_svc_vc_create.

CID:		1018723
Phabric:	D1749
Reviewed by:	alfred
2015-02-02 00:21:34 +00:00
Pedro F. Giffuni
81cb3b156b Resource leak
CID:	1016703
Reviewed by:	alfred
2015-02-01 23:19:06 +00:00
Joel Dahl
4990a1c050 mdoc: improvements to SEE ALSO. 2014-12-27 08:31:52 +00:00
Brooks Davis
e7254647bf Remove an unused variable that would be better spelled __func__.
Sponsored by:	DARPA, AFRL
2014-10-24 23:24:47 +00:00
Christian Brueffer
1a2ac459a9 Properly free resources in case of error.
CID:		1007032
Found with:	Coverity Prevent(tm)
MFC after:	2 weeks
2014-05-02 20:41:09 +00:00
David Chisnall
635d1cf108 Move definitions out of rpc_com so that the linker doesn't complain about
multiple definitions.

Reported by:	sbruno
2014-04-06 17:06:27 +00:00
Marcel Moolenaar
8876613dc5 Replace use of ${.CURDIR} by ${LIBC_SRCTOP} and define ${LIBC_SRCTOP}
if not already defined. This allows building libc from outside of
lib/libc using a reach-over makefile.

A typical use-case is to build a standard ILP32 version and a COMPAT32
version in a single iteration by building the COMPAT32 version using a
reach-over makefile.

Obtained from:	Juniper Networks, Inc.
2014-03-04 02:19:39 +00:00
Hiroki Sato
33888c08dd There is no file under SISSL after license replacement in r258581. 2013-11-25 19:24:15 +00:00
Hiroki Sato
44443e425f Replace Sun Industry Standards Source License for Sun RPC code with a
3-clause BSD license as specified by Oracle America, Inc. in 2010.
This license change was approved by Wim Coekaerts, Senior Vice
President, Linux and Virtualization at Oracle Corporation.
2013-11-25 19:08:38 +00:00
Hiroki Sato
2e322d3796 Replace Sun RPC license in TI-RPC library with a 3-clause BSD license,
with the explicit permission of Sun Microsystems in 2009.
2013-11-25 19:04:36 +00:00
Kevin Lo
5ee7403731 Assign the len field of the netbuf structure to the current length of
a sockaddr.

Obtained from:	NetBSD
2013-03-01 15:45:57 +00:00
Pedro F. Giffuni
0d1040e5e1 rpc: convert all uid and gid variables to u_int.
After further discussion, instead of pretending to use
uid_t and gid_t as upstream Solaris and linux try to, we
are better using u_int, which is in fact what the code
can handle and best approaches the range of values used
by uid and gid.

Discussed with:	bde
Reviewed by:	bde
2012-10-04 04:15:18 +00:00
Pedro F. Giffuni
ff12c59d9c rpc: convert all uid and gid variables of the type uid_t and gid_t.
The previous change (based on Solaris) doesn't work properly either
as the casting only has the effect of quieting the compiler.

Move back to the previous solution but adjust the sizeof()
type in xdr_array(). This should mostly work (by accident).

Reported by:	bde
2012-10-03 20:39:11 +00:00
Pedro F. Giffuni
e9f7ad1fa4 rpc: convert all uid and gid variables of the type uid_t and gid_t.
As part of the previous commit, uses of xdr_int() were replaced
with xdr_u_int(). This has undesired effects as the second
argument doesn't match exactly uid_t or gid_t. It also breaks
assumptions in the size of the provided types.

To work around those issues we revert back to the use of xdr_int()
but provide proper casting so the behaviour doesn't change.

While here fix a style issue in the affected lines.

Reported by:	bde
2012-10-03 03:44:23 +00:00
Pedro F. Giffuni
0c2222baf4 libtirpc: be sure to free cl_netid and cl_tp
When creating a client with clnt_tli_create, it uses strdup to copy
strings for these fields if nconf is passed in. clnt_dg_destroy frees
these strings already. Make sure clnt_vc_destroy frees them in the same
way.

This change matches the reference (OpenSolaris) implementation.

Tested by:	David Wolfskill
Obtained from:	Bull GNU/Linux NFSv4 Project (libtirpc)
MFC after:	2 weeks
2012-10-02 19:10:19 +00:00
Pedro F. Giffuni
b4e7a879ab Fix __rpc_getconfip
__rpc_getconfip is supposed to return the first netconf
entry supporting tcp or udp, respectively. The code will
currently return the *last* entry, plus it will leak
memory when there is more than one such entry.

This change matches the reference (OpenSolaris)
implementation.

Tested by:	David Wolfskill
Obtained from:	Bull GNU/linux NFSv4 Project (libtirpc)
MFC after:	1 week
2012-10-02 19:03:21 +00:00
Pedro F. Giffuni
f3c3ef7b2a RPC: Convert all uid and gid variables of the type uid_t and gid_t.
This matches what upstream (OpenSolaris) does.

Tested by:	David Wolfskill
Obtained from:	Bull GNU/Linux NFSv4 project (libtirpc)
MFC after:	3 days
2012-10-02 19:00:56 +00:00
Pedro F. Giffuni
06f13fb3f4 Complete revert of r239963:
The attempt to merge changes from the linux libtirpc caused
rpc.lockd to exit after startup under unclear conditions.

After many hours of selective experiments and inconsistent results
the conclusion is that it's better to just revert everything and
restart in a future time with a much smaller subset of the
changes.
____

MFC after:	3 days
Reported by:	David Wolfskill
Tested by:	David Wolfskill
2012-09-27 19:10:25 +00:00
Pedro F. Giffuni
c148237d44 Partial revert of r239963:
The following change caused rpc.lockd to exit after startup:
____

libtirpc: be sure to free cl_netid and cl_tp

When creating a client with clnt_tli_create, it uses strdup to copy
strings for these fields if nconf is passed in. clnt_dg_destroy frees
these strings already. Make sure clnt_vc_destroy frees them in the
same way.
____

MFC after:	3 days
Reported by:	David Wolfskill
Tested by:	David Wolfskill
2012-09-24 03:14:17 +00:00
Ed Schouten
902d9eafbf Rework all non-contributed files that use `struct timezone'.
This structure is not part of POSIX. According to POSIX, gettimeofday()
has the following prototype:

	int gettimeofday(struct timeval *restrict tp, void *restrict tzp);

Also, POSIX states that gettimeofday() shall return 0 (as long as tzp is
not used). Remove dead error handling code. Also use NULL for a
nul-pointer instead of integer 0.

While there, change all pieces of code that only use tv_sec to use
time(3), as this provides less overhead.
2012-09-01 14:45:15 +00:00
Pedro F. Giffuni
43981b6c53 Bring some changes from Bull's NFSv4 libtirpc implementation.
We especifically ignored the glibc compatibility changes
but this should help interaction with Solaris and Linux.
____

Fixed infinite loop in svc_run()
author	Steve Dickson
Tue, 10 Jun 2008 12:35:52 -0500 (13:35 -0400)
Fixed infinite loop in svc_run()
____

__rpc_taddr2uaddr_af() assumes the netbuf to always have a
non-zero data. This is a bad assumption and can lead to a
seg-fault. This patch adds a check for zero length and returns
NULL when found.
author	Steve Dickson
Mon, 27 Oct 2008 11:46:54 -0500 (12:46 -0400)
____

Changed clnt_spcreateerror() to return clearer
and more concise error messages.
author	Steve Dickson
Thu, 20 Nov 2008 08:55:31 -0500 (08:55 -0500)
____

Converted all uid and gid variables of the type uid_t and gid_t.
author	Steve Dickson
Wed, 28 Jan 2009 12:44:46 -0500 (12:44 -0500)
____

libtirpc: set r_netid and r_owner in __rpcb_findaddr_timed

These fields in the rpcbind GETADDR call are being passed uninitialized
to CLNT_CALL. In the case of x86_64 at least, this usually leads to a
segfault. On x86, it sometimes causes segfaults and other times causes
garbage to be sent on the wire.

rpcbind generally ignores the r_owner field for calls that come in over
the wire, so it really doesn't matter what we send in that slot. We just
need to send something. The reference implementation from Sun seems to
send a blank string. Have ours follow suit.
author	Jeff Layton
Fri, 13 Mar 2009 11:44:16 -0500 (12:44 -0400)
____

libtirpc: be sure to free cl_netid and cl_tp

When creating a client with clnt_tli_create, it uses strdup to copy
strings for these fields if nconf is passed in. clnt_dg_destroy frees
these strings already. Make sure clnt_vc_destroy frees them in the same
way.

author	Jeff Layton
Fri, 13 Mar 2009 11:47:36 -0500 (12:47 -0400)

Obtained from:	Bull GNU/Linux NFSv4 Project
MFC after:	3 weeks
2012-09-01 02:56:17 +00:00
Christian Brueffer
42c9e355b6 Jump to the failed label instead of doing cleanup ourselves.
Obtained from:	DragonFly BSD
MFC after:	2 weeks
2012-07-15 11:52:24 +00:00
Glen Barber
a3fb6da9ba General mdoc(7) and typo fixes.
PR:		167734
Submitted by:	Nobuyuki Koganemaru (kogane!jp.freebsd.org)
MFC after:	3 days
2012-05-11 20:06:46 +00:00
Konstantin Belousov
9a36eaa36e Plug a leak.
Submitted by:	Greg Bednarek <gbednarek averesystems com>
MFC after:	1 week
2012-05-08 19:47:52 +00:00
Konstantin Belousov
ed8ddc6ea0 Fix several memory and lock leaks on the out of memory condition.
Reported by:	Matt Miller <matt matthewjmiller net>
MFC after:	1 week
2012-04-28 18:57:27 +00:00
Joel Dahl
10b4d262da Remove unnecessary Xo/Xc.
Reviewed by:	brueffer
2012-03-29 20:23:35 +00:00
Joel Dahl
c1f71e84f1 Minor mdoc nit. 2012-03-27 15:22:10 +00:00
Ed Schouten
6b99842ada Globally replace u_int*_t from (non-contributed) man pages.
The reasoning behind this, is that if we are consistent in our
documentation about the uint*_t stuff, people will be less tempted to
write new code that uses the non-standard types.

I am not going to bump the man page dates, as these changes can be
considered style nits. The meaning of the man pages is unaffected.

MFC after:	1 month
2012-02-12 18:29:56 +00:00
Dimitry Andric
5e0a19bdee Consistently set RPCGEN_CPP when running rpcgen, so the C preprocessor
set via ${CPP} is used, instead of always using hardcoded /usr/bin/cpp.

MFC after:	1 week
2012-02-07 09:27:07 +00:00
Dimitry Andric
51907e6434 In lib/libc/rpc/crypt_client.c, fix a clang warning about an implicit
conversion between enum desdir/desmode from include/rpc/des.h, and enum
desdir/desmode from include/rpcsvc/crypt.x.  These are actually
different enums, with different value names, but by accident the integer
representation of the enum values happened to be the same.

MFC after:	1 week
2011-12-15 20:27:36 +00:00
Rick Macklem
e2c83f74f4 Fix a bug in the userland rpc library, where it would use a
negative return value from write to update its position in
a buffer. The patch, courtesy of Andrey Simonenko, also simplifies
a conditional by removing the "i != cnt" clause, since it is
always true at this point in the code. The bug caused problems
for mountd, when it generated a large reply to an exports RPC
request.

Submitted by:	simon at comsys.ntu-kpi.kiev.ua
MFC after:	2 weeks
2011-04-10 14:11:07 +00:00
Ulrich Spörlein
20a95cd6fc Revert most of r210764, now that mdocml does the right
thing with empty quotation macros.

Requested by:	Alex Kozlov
2010-12-28 10:08:50 +00:00
Ulrich Spörlein
cded07a878 Move most of the remaining USD/PSD/SMM papers into share/doc 2010-12-04 10:11:20 +00:00
Ulrich Spörlein
c0da74038d mdoc: make sure to pass at least one argument to quotation macros 2010-08-02 13:11:35 +00:00
John Baldwin
f458b72661 Fix a bug in the previous change: remove function-local definition of
tcp_key and udp_key that shadows the global definition.

PR:		threads/144558
Submitted by:	Sam Robb
2010-03-11 16:58:15 +00:00
John Baldwin
6f88d2a870 Use thr_once() with once_t controls to initialize various thread_key_t
objects used to provide per-thread storage in the RPC code.  Almost all
of these used double-checking with a dedicated mutex (tsd_lock) to do this
before.  However, that is not always safe with more relaxed memory orders.
There were also other bugs, such as one in __rpc_createrr() that caused a
new key to be allocated each time __rpc_createrr() was invoked.

PR:		threads/144558
Reported by:	Sam Robb  samrobb of averesystems com (key leak)
MFC after:	1 week
2010-03-10 13:23:25 +00:00
Brooks Davis
9d8e1a8300 Use the correct types to store uids and gids in the credential cache. 2010-01-09 23:36:51 +00:00
Christian Brueffer
7b331f63c5 Fix a double free().
PR:		142339
Submitted by:	Henning Petersen <henning.petersen@t-online.de>
MFC after:	2 weeks
2010-01-05 20:18:41 +00:00
John Baldwin
55fdae4cae The fd_mask type is an unsigned long, not an int, so treat the mask as a
long instead of an int when examining the results of select() to look for
RPC requests.  Previously this routine would ignore RPC requests to sockets
whose file descriptor mod 64 was greater than 31 on a 64-bit platform.

PR:		amd64/141130
Submitted by:	liujb of array networks
MFC after:	3 days
2009-12-03 15:14:30 +00:00
Garrett Wollman
87541d3110 Style: use structure assignment rather than memcpy() to copy a
structure.
2009-11-25 04:53:38 +00:00
Garrett Wollman
bedffadccc In clnt_raw_create(), avoid minor race condition initializing the
file-scope variable clntraw_private.

Found by:	Clang static analyzer
MFC after:	7 days
2009-11-25 04:52:12 +00:00
Garrett Wollman
fcbfc882d6 In svc_raw_reply(), don't leave stat uninitialized if the MSG_ACCEPTED
&& SUCCESS case succeeds.  The stack garbage might be zero.

Found by:	Clang static analyzer
MFC after:	7 days
2009-11-25 04:49:41 +00:00
Garrett Wollman
0c0349bfa4 Eliminate more dead stores.
Found by:	Clang static analyzer
MFC after:	7 days
2009-11-25 04:45:45 +00:00
Xin LI
5f4faf74cb Lock around access to nc_file and netconfig_info ("ni"). The RPC
part of libc is still not thread safe but this would at least
reduce the problems we have.

PR:		threads/118544
Submitted by:	Changming Sun <snnn119 gmail com>
MFC after:	2 weeks
2009-06-24 23:17:16 +00:00
Brooks Davis
838d985825 Rework the credential code to support larger values of NGROUPS and
NGROUPS_MAX, eliminate ABI dependencies on them, and raise the to 1024
and 1023 respectively.  (Previously they were equal, but under a close
reading of POSIX, NGROUPS_MAX was defined to be too large by 1 since it
is the number of supplemental groups, not total number of groups.)

The bulk of the change consists of converting the struct ucred member
cr_groups from a static array to a pointer.  Do the equivalent in
kinfo_proc.

Introduce new interfaces crcopysafe() and crsetgroups() for duplicating
a process credential before modifying it and for setting group lists
respectively.  Both interfaces take care for the details of allocating
groups array. crsetgroups() takes care of truncating the group list
to the current maximum (NGROUPS) if necessary.  In the future,
crsetgroups() may be responsible for insuring invariants such as sorting
the supplemental groups to allow groupmember() to be implemented as a
binary search.

Because we can not change struct xucred without breaking application
ABIs, we leave it alone and introduce a new XU_NGROUPS value which is
always 16 and is to be used or NGRPS as appropriate for things such as
NFS which need to use no more than 16 groups.  When feasible, truncate
the group list rather than generating an error.

Minor changes:
  - Reduce the number of hand rolled versions of groupmember().
  - Do not assign to both cr_gid and cr_groups[0].
  - Modify ipfw to cache ucreds instead of part of their contents since
    they are immutable once referenced by more than one entity.

Submitted by:	Isilon Systems (initial implementation)
X-MFC after:	never
PR:		bin/113398 kern/133867
2009-06-19 17:10:35 +00:00
Brooks Davis
54404cfb13 In preparation for raising NGROUPS and NGROUPS_MAX, change base
system callers of getgroups(), getgrouplist(), and setgroups() to
allocate buffers dynamically.  Specifically, allocate a buffer of size
sysconf(_SC_NGROUPS_MAX)+1 (+2 in a few cases to allow for overflow).

This (or similar gymnastics) is required for the code to actually follow
the POSIX.1-2008 specification where {NGROUPS_MAX} may differ at runtime
and where getgroups may return {NGROUPS_MAX}+1 results on systems like
FreeBSD which include the primary group.

In id(1), don't pointlessly add the primary group to the list of all
groups, it is always the first result from getgroups().  In principle
the old code was more portable, but this was only done in one of the two
places where getgroups() was called to the overall effect was pointless.

Document the actual POSIX requirements in the getgroups(2) and
setgroups(2) manpages.  We do not yet support a dynamic NGROUPS, but we
may in the future.

MFC after:	2 weeks
2009-06-19 15:58:24 +00:00
Alexander Kabaev
e7733ffa39 Re-do r192913 in less intrusive way. Only do IP_RECVDSTADDR/IP_SENDSRCADDR
dace for UPDv4 sockets bound to INADDR_ANY. Move the code to set
IP_RECVDSTADDR/IP_SENDSRCADDR into svc_dg.c, so that both TLI and non-TLI
users will be using it.

Back out my previous commit to mountd. Turns out the problem was affecting
more than one binary so it needs to me addressed in generic rpc code in
libc in order to fix them all.

Reported by:	lstewart
Tested by:	lstewart
2009-06-18 17:10:43 +00:00
Alexander Kabaev
8a784b73d3 Do not attempt to set source address on outgoing messages
on UDP socket if we do not have a valid IP address.
2009-06-08 03:39:15 +00:00
Zachary Loafman
fcd3177f90 Match type for socket option (in practice, unnecessary, but stylistically it's a little nicer).
Suggested by:       jilles
Approved by:        dfr (mentor)
2009-05-28 15:02:44 +00:00