Commit Graph

21 Commits

Author SHA1 Message Date
Bill Paul
1ce4aec2b4 Change the sanity test here. It's not correct to assume that the record
size we receive here should fit into the receive buffer. Unfortunately,
there's no 100% foolproof way to distinguish a ridiculously large record
size that a client actually meant to send us from a ridiculously large
record size that was sent as a spoof attempt.

The one value that we can positively identify as bogus is zero. A
zero-sized record makes absolutely no sense, and sending an endless
supply of zeroes will cause the server to loop forever trying to
fill its receive buffer.

Note that the changes made to readtcp() make it okay to revert this
sanity test since the deadlock case where a client can keep the server
occupied forever in the readtcp() select() loop can't happen anymore.
This solution is not ideal, but is relatively easy to implement. The
ideal solution would be to re-arrange the way dispatching is handled
so that the select() loop in readtcp() can be eliminated, but this is
difficult to implement. I do plan to implement the complete solution
eventually but in the meantime I don't want to leave the RPC library
totally vulnerable.

That you very much Sun, may I have another.
1998-05-20 15:56:11 +00:00
Bill Paul
a9352e90f0 Patch RPC library to avoid possible denial of service attacks as described
recently in BUGTRAQ. The set_input_fragment() routine in the XDR record
marking code blindly trusts that the first two bytes it sees will in fact
be an actual record header and that the specified size will be sane. In
fact, if you just telnet to a listening port of an RPC service and send a
few carriage returns, set_input_fragment() will obtain a ridiculously large
record size and sit there for a long time trying to read from the network.

A sanity test is required: if the record size is larger than the receive
buffer, punt.
1998-05-15 22:57:31 +00:00
John Birrell
9a6a1cbee4 Cast a pointer to a long, not an int and make the arg passed to the function
a long too (it does have a proper prototype).
1998-05-11 09:10:38 +00:00
Bruce Evans
2bc3b4d735 Removed the subdirectory paths from the definitions of MAN[1-9]. They
were a workaround for limitations in bsd.man.mk that were fixed about
2 years ago.
1997-10-15 16:16:41 +00:00
Bill Paul
68eccc934b Restore Id.
Pointed out by: bde
1997-05-28 16:29:12 +00:00
Bill Paul
58041b5396 Resolve conflicts. 1997-05-28 04:57:39 +00:00
Bill Paul
b70dbc82a1 This commit was generated by cvs2svn to compensate for changes in r26216,
which included commits to RCS files with non-trunk default branches.
1997-05-28 04:55:37 +00:00
Bill Paul
7d0a5a3919 Now update the XDR library.
Reviewed by: Mark Murray
1997-05-28 04:55:37 +00:00
John Birrell
870039320f Changed all paths to be relative to src/lib instead of src/lib/libc
so that all these makefiles can be used to build libc_r too.

Added .if ${LIB} == "c" tests to restrict man page builds to libc
to avoid needlessly building them with libc_r too.

Split libc Makefile into Makefile and Makefile.inc to allow the
libc_r Makefile to include Makefile.inc too.
1997-05-03 03:50:06 +00:00
Peter Wemm
7e546392b5 Revert $FreeBSD$ to $Id$ 1997-02-22 15:12:41 +00:00
Jordan K. Hubbard
1130b656e5 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
Peter Wemm
1ad08a09e9 - Missing prototypes, including pointers to functions
- 64 bit long type safe (wire protocols specified in explicit sized types)
- Support systems that don't do unaligned accesses
- Support for explicit int16 and int32 sizes in xdr

Obtained from: a diff of FreeBSD vs. OpenBSD/NetBSD rpc code.
1996-12-30 14:07:11 +00:00
Peter Wemm
889f6ffb91 xdr manpage links
Obtained from: a diff of FreeBSD vs. OpenBSD/NetBSD rpc code.
1996-12-30 14:02:42 +00:00
Wolfram Schneider
e83201b43a delete doubled words, e.g.: "the the" -> "the" 1996-10-05 22:27:30 +00:00
Mike Pritchard
5a489ac2b8 Minor cleanup of the rpc man pages to silence manck. 1996-02-12 00:02:42 +00:00
cvs2svn
0cc3916673 This commit was manufactured by cvs2svn to create branch 'WPAUL'. 1996-01-12 07:03:35 +00:00
Poul-Henning Kamp
29285d6cc5 minor cleanup, #includes. 1995-10-22 14:53:58 +00:00
Bruce Evans
8e3d84bb83 Confirmed to work by: rcarter@geli.com (Russell Carter)
Enable xdr_float.c.  I believe it works on i386's although it isn't
portable enough to be in a machine-independent directory.
1995-07-22 23:32:13 +00:00
Rodney W. Grimes
6c06b4e2aa Remove trailing whitespace. 1995-05-30 05:51:47 +00:00
Garrett Wollman
46cc41a1d8 More directory cleanup after YP merge. 1994-08-07 22:21:14 +00:00
Garrett Wollman
eae561b30e Moving RPC stuff into libc, part 2. 1994-08-07 18:39:35 +00:00