Commit Graph

113 Commits

Author SHA1 Message Date
ache
59889a1524 strtok() -> strsep() (no strtok() in libraries allowed)
small cleanup in nearby area:
pointer 0 -> NULL, according to manpages
hardcoded constant -> sizeof(buf)
2000-08-29 21:04:07 +00:00
kris
33c96b009f Calculate the string length of a u_long at compile-time, instead of using a
hardcoded value.
2000-08-04 11:07:57 +00:00
kris
910d78b1f5 Correct string length bounds checking. 2000-08-04 10:53:37 +00:00
kris
3f1752b9dc Don't overflow the internal buffer in clnt_sperror() 2000-08-04 10:34:59 +00:00
shin
1b7dce690e Replace structure copy form ifreq obtained by SIOCGIFADDR
to memcpy(), to avoid unaligned access trap on alpha.

Approved by: jkh
2000-03-03 13:05:00 +00:00
sheldonh
329223e6f2 Remove single-space hard sentence breaks. These degrade the quality
of the typeset output, tend to make diffs harder to read and provide
bad examples for new-comers to mdoc.
2000-03-02 09:14:21 +00:00
chris
3e0ef0bbfc Grammar fix: `Different than'' should really be `different from''. 2000-01-29 01:54:59 +00:00
jasone
8abe2a2d86 Simplify sytem call renaming. Instead of _foo() <-- _libc_foo <-- foo(),
just use _foo() <-- foo().  In the case of a libpthread that doesn't do
call conversion (such as linuxthreads and our upcoming libpthread), this
is adequate.  In the case of libc_r, we still need three names, which are
now _thread_sys_foo() <-- _foo() <-- foo().

Convert all internal libc usage of: aio_suspend(), close(), fsync(), msync(),
nanosleep(), open(), fcntl(), read(), and write() to _foo() instead of foo().

Remove all internal libc usage of: creat(), pause(), sleep(), system(),
tcdrain(), wait(), and waitpid().

Make thread cancellation fully POSIX-compliant.

Suggested by:	deischen
2000-01-27 23:07:25 +00:00
bde
f82c03e087 Fixed wrong includes in synopsis.
Updated date.  1987 was a while ago.

Removed trailing comma in NAME section.

Uncapitalised Bindresvport and Bindresvport_sa in DESCRIPTION section.
Don't use .Nm there either.

Added bindresvport_sa() to the RETURN VALUES and ERROR sections.
2000-01-27 02:55:01 +00:00
shin
eb4463295b bindresvport related changes
-changed bindresvport2 to bindresvport_sa
 -merged the man into bindresvport.3

All discussion between Jean-Luc Richier <Jean-Luc.Richier@imag.fr>,
Theo de Raadt <deraadt@cvs.openbsd.org>, itojun, is reflected to
this code. (Actually Theo de Raadt write the code simultaneously as the
discussion change.)
2000-01-26 09:02:42 +00:00
shin
16085f4294 libc rcmd update for IPv6.
A new function bindresvport2(), AF independent version of bindresvport()
is also added.

Reviewed by: sumikawa
Obtained from: KAME project
2000-01-13 15:09:48 +00:00
jasone
75903038bc Add three-tier symbol naming in support of POSIX thread cancellation
points.  For library functions, the pattern is __sleep() <--
_libc_sleep() <-- sleep().  The arrows represent weak aliases.  For
system calls, the pattern is _read() <-- _libc_read() <-- read().
2000-01-12 09:23:48 +00:00
peter
d53e4c1d80 Change #ifdef KERNEL to #ifdef _KERNEL in the public headers. "KERNEL"
is an application space macro and the applications are supposed to be free
to use it as they please (but cannot).  This is consistant with the other
BSD's who made this change quite some time ago.  More commits to come.
1999-12-29 05:07:58 +00:00
nik
6ef9746e27 Commented out
MAN8+= rstat_svc.8

The file it talks about doesn't exist on FreeBSD, so there's no point in
installing the manual page.  There was already a comment to this effect in
this file, but the entry hadn't been commented out.

rstat.1 and rstat_svc.8 can probably actually be removed.

PR:             docs/13767
Submitted by:   Seth <seth@freebie.dp.ny.frb.org>
1999-12-14 16:56:46 +00:00
jdp
1cd372d24f For the TCP transport, put the listening socket in non-blocking
mode.  This addresses a well-known race condition that can cause
servers to hang in accept().  The relevant case is when somebody
connects to the server and then immediately kills the connection
by sending a TCP reset.  On the server this causes select to report
a ready condition on the socket, after which the accept call blocks
because there is no longer any pending connection to accept.

In -current there is already a work-around for this in the kernel.
It was merged into -stable some time ago, but then David Greenman
reverted it because it seemed to be causing a socket leak in some
cases.  (See uipc_socket.c revision 1.51.2.3.)  Hence this userland
fix is needed in -stable, and I plan to merge it into that branch
soon because it fixes a potential DoS attack.  It may also be needed
in -current if the suspected socket leak turns out to be real.  In
any case, after thinking it over I believe the fix belongs in
userland.  An application shouldn't assume that a ready return from
select guarantees that the subsequent I/O operation cannot block.
A lot can happen between the select and the accept.

A similar fix should most likely be applied to the Unix domain
socket transport too.

Submitted by:	peter
Reviewed by:	jdp
1999-11-18 03:01:06 +00:00
jdp
3776d08208 Fix a bug in the hack that protects against FTP bounce attacks.
It used to loop back up to the accept() call and block there,
shutting out all other transports until a new connection came in.
Now it returns instead after dropping the connection.  That will
take it back to the select() loop where all transports can be
serviced.  I intend to MFC this within a day or two since it
fixes a DoS vulnerability.
1999-11-17 01:54:17 +00:00
peter
76f0c923fe $Id$ -> $FreeBSD$ 1999-08-28 00:22:10 +00:00
nik
f7a8bc4c04 Add $Id$, to make it simpler for members of the translation teams to
track.

The $Id$ line is normally at the bottom of the main comment block in the
man page, separated from the rest of the manpage by an empty comment,
like so;

     .\"    $Id$
     .\"

If the immediately preceding comment is a @(#) format ID marker than the
the $Id$ will line up underneath it with no intervening blank lines.
Otherwise, an additional blank line is inserted.

Approved by:            bde
1999-07-12 20:50:10 +00:00
alex
df82621cf2 Document type for 'req' argument to clnt_control. 1999-01-31 16:13:25 +00:00
phk
35ddf969aa s/yellow pages/NIS/
PR:		7949
Reviewed by:	phk
Submitted by:	Norihiro Kumagai <kuma@jp.freebsd.org>
1998-09-17 08:29:16 +00:00
bde
53e5892174 Fixed printf format errors. 1998-06-30 17:30:22 +00:00
bde
e9a4005006 Fixed scanf format errors. The error handling is not quite bug for bug
compatible.  I think small negative uids are handled compatibly but
other out of bounds ones are truncated differently for certain sizes of
uid_t.
1998-06-30 17:21:48 +00:00
wpaul
9ac915bc7d Fix potential resource leak: when call to des_crypt_1() fails, remember
to destroy the RPC CLIENT handle before returning.
1998-06-09 17:38:33 +00:00
wpaul
cae7803b33 The incorrect select() timeout calculation that I fixed in svc_tcp.c
also exists here (the timeout can expire much sooner than it's supposed
to).
1998-05-21 15:22:39 +00:00
wpaul
bf09c95533 Replace the getpublickey() stub with the real thing. 1998-05-18 21:59:15 +00:00
wpaul
e50ecde61b Improve DoS avoidance in RPC stream oriented transports. The TCP transport
uses readtcp() to gather data from the network; readtcp() uses select(),
with a timeout of 35 seconds. The problem with this is that if you
connect to a TCP server, send two bytes of data, then just pause, the
server will remain blocked in readtcp() for up to 35 seconds, which is
sort of a long time. If you keep doing this every 35 seconds, you can
keep the server occupied indefinitely.

To fix this, I modified readtcp() (and its cousin, readunix() in svc_unix.c)
to monitor all service transport handles instead of just the current socket.
This allows the server to keep handling new connections that arrive while
readtcp() is running. This prevents one client from potentially monopolizing
a server.

Also, while I was here, I fixed a bug in the timeout calculations. Someone
attempted to adjust the timeout so that if select() returned EINTR and the
loop was restarted, the timeout would be reduced so that rather than waiting
for another 35 seconds, you could never wait for more than 35 seconds total.
Unfortunately, the calculation was wrong, and the timeout could expire much
sooner than 35 seconds.
1998-05-18 16:12:13 +00:00
wpaul
22b36bc76e Patch RPC library to avoid possible denial of service attacks as described
recently in BUGTRAQ. If a stream oriented transport fails to properly decode
an RPC message header structure where there should be one, it should mark
the stream as dead so that the connection will be dropped.
1998-05-15 22:53:47 +00:00
bde
5fd26ab88a Fixed the usual missing dependencies on headers generated by rpcgen. 1998-05-10 15:54:22 +00:00
bde
5fe4e36282 Fixed wrong prototypes. Most of the prototypes had missing return types,
or missing const's or `short *' instead of `[ug]id_t *' in argument types.
1998-01-16 13:33:09 +00:00
charnier
00c06ed364 Convert to mdoc format. 1998-01-05 07:12:16 +00:00
wpaul
82b1cd0f1b In clntudp_call(), it is possible that xdr_replymsg() might fail
partway through its attempt to decode the result structure sent by
the server. If this happens, it can leave the result partially
populated with dynamically allocated memory. In this event, the
xdr_replymsg() failure is detected and RPC_CANTDECODERES is returned,
but the memory in the partially populated result struct is not
free()d.

The end result is that memory is leaked when an RPC_CANTDECODERES
error occurs. (This condition can occur if a CLIENT * handle is created
using clntudp_bufcreate() with a receive buffer size that is too small
to handle the result sent by the server.)

Fixed by setting reply_xdrs.x_op to XDR_FREE and calling
xdr_replymsg() again to free the memory if an RPC_CANTDECODERES error
is detected.

I suspect that the clnt_tcp.c, clnt_unix.c and clnt_raw.c modules
may ha a similar problem, but I haven't duplicated the condition with
those yet.

Found by: dbmalloc
1997-10-26 18:47:31 +00:00
bde
ea35ce8d73 Sorted lists. 1997-10-21 08:41:15 +00:00
jdp
7484bbe28e Fix two bugs which caused various RPC programs (mountd, nfsd, ...)
to fail under certain circumstances.

1. In one spot, the ifr_flags member was being examined in the
wrong structure, thus it contained garbage.  On a machine in which
only the loopback interface was up, this caused everything that
wanted to talk to the portmapper to fail -- a particular problem
with laptops, where the pccard ethernet interface is likely to come
up long after the attempt to start mountd, nfsd, amd, etc.

2. Compounding the above problem, get_myaddress() returned a
successful status even though it failed to find an address that it
considered good enough.
1997-10-17 04:59:56 +00:00
bde
ef5c98dd45 Removed the subdirectory paths from the definitions of MAN[1-9]. They
were a workaround for limitations in bsd.man.mk that were fixed about
2 years ago.
1997-10-15 16:16:41 +00:00
wpaul
3df0466f6e Correct a bug in the 'allow arbitrary number of socket descriptors' changes
made to the RPC code some months ago. The value of __svc_fdsetsize is being
calculated incorrectly.

Logically, one would assume that __svc_fdsetsize is being used as a
substitute for FD_SETSIZE, with the difference being that __svc_fdsetsize
can be expanded on the fly to accomodate more descriptors if need be.
There are two problems: first, __svc_fdsetsize is not initialized to 0.
Second, __svc_fdsetsize is being calculated in svc.c:xprt_registere() as:

                __svc_fdsetsize = howmany(sock+1, NFDBITS);

This is wrong. If we are adding a socket with index value 4 to the
descriptor set, then __svc_fdsetsize will be 1 (since fds_bits is
an unsigned long, it can support any descriptor from 0 to 31, so we
only need one of them). In order for this to make sense with the
rest of the code though, it should be:

                __svc_fdsetsize = howmany(sock+1, NFDBITS) * NFDBITS;

Now if sock == 4, __svc_fdsetsize will be 32.

This bug causes 2 errors to occur. First, in xprt_register(), it
causes the __svc_fdset descriptor array to be freed and reallocated
unnecessarily. The code checks if it needs to expand the array using
the test: if (sock + 1 > __svc_fdsetsize). The very first time through,
__svc_fdsetsize is 0, which is fine: an array has to be allocated the
first time out. However __svc_fdsetsize is incorrectly set to 1, so
on the second time through, the test (sock + 1 > __svc_fdsetsize)
will still succeed, and the __svc_fdset array will be destroyed and
reallocated for no reason.

Second, the code in svc_run.c:svc_run() can become hopelessly confused.
The svc_run() routine malloc()s its own fd_set array using the value
of __svc_fdsetsize to decide how much memory to allocate. Once the
xprt_register() function expands the __svc_fdset array the first time,
the value for __svc_fdsetsize becomes 2, which is too small: the resulting
calculation causes the code to allocate an array that's only 32 bits wide
when it actually needs 64 bits. It also uses the valuse of __svc_fdsetsize
when copying the contents of the __svc_fdset array into the new array.
The end result is that all but the first 32 file descriptors get lost.

Note: from what I can tell, this bug originated in OpenBSD and was
brought over to us when the code was merged. The bug is still there
in the OpenBSD source.

Total nervous breakdown averted by: Electric Fence 2.0.5
1997-10-14 21:50:17 +00:00
wpaul
079c1fbcfa Make selection logic more strict. Only select AF_INET loopback interfaces
that are up on second (loopback only) pass, and only select non-loopback
AF_INET interfaces that are up on first pass.
1997-09-21 23:04:51 +00:00
jdp
1bb1b82690 Add a stub version of getpublickey(), in order to eliminate an
undefined symbol referenced from libc.  Without the stub, it is
impossible to execute any program using the shared library if
LD_BIND_NOW=1 is in the environment.  The stub always returns
failure, but it can be overridden outside the library when necessary.

I don't know whether this is the "correct" fix, but it is intolerable
to have any undefined symbols referenced from libc.
1997-08-28 21:50:33 +00:00
bde
0ebd3c64ae Add to CLEANFILES instead of setting it absolutely. Cleaning of *.S and
tags was broken.
1997-07-21 16:02:09 +00:00
steve
7a5541cde7 Show the real revision date and not the date that this
manpage is being viewed.
1997-06-23 04:03:49 +00:00
wpaul
2496849454 Hm... wonder how long this has been here.
The logic in get_myaddress() is broken: it always returns the loopback
address due to the following rule:

                if ((ifreq.ifr_flags & IFF_UP) &&
                    ifr->ifr_addr.sa_family == AF_INET &&
                    (loopback == 1 && (ifreq.ifr_flags & IFF_LOOPBACK))) {

The idea is that we want to select the interface address only if it's
up and it's in the AF_INET family. If it turns uout we don't have
such an interface available, we make a second pass through the loop,
this time settling for the loopback interface. But the logic inadvertently
locks out all cases when loopback == 0, so nothing is ever selected until
the second pass (when loopback == 1).

This is changed to:

                if (((ifreq.ifr_flags & IFF_UP) &&
                    ifr->ifr_addr.sa_family == AF_INET) ||
                    (loopback == 1 && (ifreq.ifr_flags & IFF_LOOPBACK))) {

which I think does the right thing.

This is yet another bogon I discovered during NIS+ testing; I need
get_myaddress() to work correctly so that the callback code in the
client library will work.
1997-06-20 17:54:11 +00:00
wpaul
3c54eb0587 Remember to zero sockaddr_in struct before calling uaddr_to_sockaddr() to
populate it. Not doing this can result in a garbage sockaddr_in, which
will cause connect() to block inside clnttcp_create().
1997-06-15 21:03:32 +00:00
wpaul
6f8dcc8271 getnetid() crashes if no /etc/netid file is present (it tries to fclose()
a FILE * handle that wasn't really open).
1997-06-12 18:42:43 +00:00
wpaul
bf79e8222c Fix other small things that got lost in the merge:
- bde's change to includes section in getrpcent.3
- Lost comment in svc_run.c (the code here was actually the same since
  I had fixed the 'fds + 1' bug in my stuff at home before mailing
  Peter about it, but I didn't notce that he'd made a change to the
  comment right above the changed line).

Also pointed out by the ever vigilant: bde
1997-05-28 16:38:35 +00:00
wpaul
9e8ab1e622 Resolve conflicts.
This concludes tonight's entertainment. Once I'm sure I haven't destroyed
the world with all these changes, I'll import the utilities. Everything
should continue to work as before. If it doesn't let me know.

Special thanks to Mark Murray for running a test 'make world' for me to
shake out the bugs, which, hopefully, I have fixed.

(And there was much rejoicing.)
1997-05-28 05:05:31 +00:00
wpaul
acb47603ed This commit was generated by cvs2svn to compensate for changes in r26219,
which included commits to RCS files with non-trunk default branches.
1997-05-28 05:00:11 +00:00
jb
a1337bb0ae Changed all paths to be relative to src/lib instead of src/lib/libc
so that all these makefiles can be used to build libc_r too.

Added .if ${LIB} == "c" tests to restrict man page builds to libc
to avoid needlessly building them with libc_r too.

Split libc Makefile into Makefile and Makefile.inc to allow the
libc_r Makefile to include Makefile.inc too.
1997-05-03 03:50:06 +00:00
bde
d4bdcb159b Fixed wrong #include in synopsis. 1997-04-13 13:29:06 +00:00
peter
6b08958c64 Revert $FreeBSD$ to $Id$ 1997-02-22 15:12:41 +00:00
jkh
808a36ef65 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
peter
669906681b Correct logic braino when attempting to exclude loopback addresses on
the first pass.

Submitted by: Greg Lehey <grog@lemis.de>
1997-01-09 16:38:05 +00:00