transport specific form of a universal transport address. The
structure is expected to be opaque to consumers. In the current
implementation, the structure contains a pointer to a buffer
that holds the actual address.
In rpcbind(8), netbuf structures are copied directly, which would
result in two netbuf structures that reference to one shared
address buffer. When one of the two netbuf structures is freed,
access to the other netbuf structure would result in an undefined
result that may crash the rpcbind(8) daemon.
Fix this by making a copy of the buffer that is going to be freed
instead of doing a shallow copy.
Security: FreeBSD-SA-15:24.rpcbind
Security: CVE-2015-7236
- Use '\0' for a char instead of NULL.
- Explicitly compare against the global `nullstring' to determine if
a non-NULL uaddr is not malloc'd.
- Remove some unnecessary casting of the argument to free().
- In rpcbproc_callit_com(), move the freeing of m_uaddr to the
cleanup code at the end of the function.
- To avoid confusion and possible alignment problems, change
netbufdup() to allocate the netbuf struct and the sockaddr buffer
separately, and change netbuffree() accordingly. This makes it
produce netbufs that are consistent with all other netbufs in
rpcbind.
function has a return type of u_int32_t, into which it was somehow
supposed to encode:
* A valid 32-bit XID (which could be any value including 0).
* 0, meaning a duplicate request.
* -1, meaning a malloc failed (!);
We now ensure that all XIDs are non-zero, and pass the XID out via
a pointer argument.
In forward_find() and free_slot_by_xid(), remove an unnecessary
and confusing test for a negative result from an unsigned modulo
operation, but add an unnecessary cast to highlight why.
Make struct cmessage visible from socket.h (about 4 places were
defining it for themselves which wasn't good)
Make __rpc_get_local_uid() useable and give it prototype that's
visible.
Fix some issues with printing out usernames from rpcbind and keyserv.
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul