Commit Graph

18 Commits

Author SHA1 Message Date
Hiroki Sato
c1d0909a53 Reallocate a maxlen-long buffer only when the current maxlen is
shorter than the required length.  Note that it rarely happens
because maxlen is almost always 128 which covers struct sockaddr_storage.
2015-10-06 08:43:48 +00:00
Xin LI
0ed633d0f8 Fix a regression with SA-15:24 patch that prevented NIS from
working.
2015-10-02 16:35:41 +00:00
Xin LI
066c492a77 The Sun RPC framework uses a netbuf structure to represent the
transport specific form of a universal transport address.  The
structure is expected to be opaque to consumers.  In the current
implementation, the structure contains a pointer to a buffer
that holds the actual address.

In rpcbind(8), netbuf structures are copied directly, which would
result in two netbuf structures that reference to one shared
address buffer.  When one of the two netbuf structures is freed,
access to the other netbuf structure would result in an undefined
result that may crash the rpcbind(8) daemon.

Fix this by making a copy of the buffer that is going to be freed
instead of doing a shallow copy.

Security:	FreeBSD-SA-15:24.rpcbind
Security:	CVE-2015-7236
2015-09-29 18:05:54 +00:00
Hiroki Sato
a7c51fa1a0 Replace Sun RPC license with a 3-clause BSD license, with the explicit
permission of Sun Microsystems in 2009.
2013-11-25 16:44:02 +00:00
Xin LI
07de1c52db Use prototype. While I'm there, add a pair of parenthesis to mark an if
statment's border.

MFC after:	1 month
2011-07-14 07:28:49 +00:00
Warner Losh
200ad46cd3 Initialize fromlen before calling recvfrom to avoid passing in random
stack garbage.

Obtained from:	NetBSD 1.13
2010-02-07 07:50:41 +00:00
Kevin Lo
784bddbc5b Cleanup of userland __P use 2007-11-07 10:53:41 +00:00
Martin Blapp
545fbf37df Don't compare a char to NULL.
Obtained from:  NetBSD
2003-10-29 09:30:37 +00:00
Martin Blapp
bcb53b1606 Implement nonblocking tpc-connections. rpcgen -m does still
produce backcompatible code.

Reviewed by:	rwatson
Obtained from:	NetBSD
MFC after:	1 day
2003-01-16 07:27:30 +00:00
Jens Schweikhardt
9d5abbddbf Correct typos, mostly s/ a / an / where appropriate. Some whitespace cleanup,
especially in troff files.
2003-01-01 18:49:04 +00:00
Jens Schweikhardt
d64ada501a Fix typos, mostly s/ an / a / where appropriate and a few s/an/and/
Add FreeBSD Id tag where missing.
2002-12-30 21:18:15 +00:00
Alfred Perlstein
4180788ff0 WARNS=3 safety (mostly), use __unused for unused params and unsigned where
needed to avoid warnings about comparing signed and unsigned values.
2002-10-07 02:56:59 +00:00
Juli Mallett
2244ec0163 Stop this program's abuse of malloc(3). Its return value doesn't need these
ugly explicit casts, and its argument doesn't need explicitly cast to u_int,
especially if sizeof() is being used.
2002-05-17 05:27:52 +00:00
Brian Somers
abca534c5b Free things in the right order 2001-07-16 22:12:06 +00:00
Ian Dowse
09d4f7789e This is a selection of essentially cosmetic changes:
- Use '\0' for a char instead of NULL.
- Explicitly compare against the global `nullstring' to determine if
  a non-NULL uaddr is not malloc'd.
- Remove some unnecessary casting of the argument to free().
- In rpcbproc_callit_com(), move the freeing of m_uaddr to the
  cleanup code at the end of the function.
- To avoid confusion and  possible alignment problems, change
  netbufdup() to allocate the netbuf struct and the sockaddr buffer
  separately, and change netbuffree() accordingly. This makes it
  produce netbufs that are consistent with all other netbufs in
  rpcbind.
2001-07-14 17:46:52 +00:00
Ian Dowse
98f36a359d Fix some return-value brain-damage in forward_register(). This
function has a return type of u_int32_t, into which it was somehow
supposed to encode:
 *  A valid 32-bit XID (which could be any value including 0).
 *  0, meaning a duplicate request.
 *  -1, meaning a malloc failed (!);
We now ensure that all XIDs are non-zero, and pass the XID out via
a pointer argument.

In forward_find() and free_slot_by_xid(), remove an unnecessary
and confusing test for a negative result from an unsigned modulo
operation, but add an unnecessary cast to highlight why.
2001-06-23 21:54:47 +00:00
Alfred Perlstein
4ed6d63483 Hopefully fix some of the bugs in passing credentials over UNIX domain sockets.
Make struct cmessage visible from socket.h (about 4 places were
defining it for themselves which wasn't good)

Make __rpc_get_local_uid() useable and give it prototype that's
visible.

Fix some issues with printing out usernames from rpcbind and keyserv.
2001-03-22 04:31:30 +00:00
Alfred Perlstein
8360efbd6c Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.

  Bring in required TLI library routines to support this.

  Since we don't support TLI we've essentially copied what NetBSD
  has done, adding a thin layer to emulate direct the TLI calls
  into BSD socket calls.

  This is mostly from Sun's tirpc release that was made in 1994,
  however some fixes were backported from the 1999 release (supposedly
  only made available after this porting effort was underway).

  The submitter has agreed to continue on and bring us up to the
  1999 release.

  Several key features are introduced with this update:
    Client calls are thread safe. (1999 code has server side thread
    safe)
    Updated, a more modern interface.

  Many userland updates were done to bring the code up to par with
  the recent RPC API.

  There is an update to the pthreads library, a function
  pthread_main_np() was added to emulate a function of Sun's threads
  library.

  While we're at it, bring in NetBSD's lockd, it's been far too
  long of a wait.

  New rpcbind(8) replaces portmap(8) (supporting communication over
  an authenticated Unix-domain socket, and by default only allowing
  set and unset requests over that channel). It's much more secure
  than the old portmapper.

  Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
  to support TI-RPC and to support IPV6.

  Umount(8) is also fixed to unmount pathnames longer than 80 chars,
  which are currently truncated by the Kernel statfs structure.

Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00