>Number:         14454
>Category:       lib
>Synopsis:       inetd keeps AF_LOCAL sockets open when configured for RPC services
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Nov 04 06:15:00 PST 2001
>Closed-Date:
>Last-Modified:
>Originator:     Michael van Elst
>Release:        NetBSD 1.5.1
>Organization:
	
>Environment:
	
System: NetBSD pepew 1.5.2_ALPHA NetBSD 1.5.2_ALPHA (PEPEW) #7: Sun Aug 26 21:58:01 MEST 2001 src@pepew:/amd/fud/d/0/src/sys/arch/i386/compile/PEPEW i386


>Description:
When you configure inetd to run RPC services like rusersd it keeps
unix-domain sockets open. As a result it may run out of filedescriptors
and the lost filedescriptors are passed to daemons started by inetd
as they are not closed on exec.
>How-To-Repeat:
In /etc/inetd.conf uncomment:

rusersd/2-3     dgram   rpc/udp wait:100 nobody /usr/libexec/rpc.rusersd rpc.rusersd

Restart inetd. Do a: fstat -p <pid_of_inetd>. You see that unix-domain
sockets are kept open (usually a handful of them):

root     inetd      27201    5* unix stream c0b50100 <-> c0bdd9c0

>Fix:

I have identified three places where a socket is not closed
correctly. The missing CLNT_CONTROL is the culprit in this case,
the others fail to close the socket on certain error paths.

Index: rpcb_clnt.c
===================================================================
RCS file: /cvsroot/basesrc/lib/libc/rpc/rpcb_clnt.c,v
retrieving revision 1.3.2.1
diff -r1.3.2.1 rpcb_clnt.c
447c447,449
<       if (client != NULL)
---
>       if (client != NULL) {
>               /* XXX - mark the socket to be closed in destructor */
>               (void) CLNT_CONTROL(client, CLSET_FD_CLOSE, NULL);
448a451,454
>       }
> 
>       /* XXX - nobody needs this socket anymore, free the descriptor */
>       close(sock);
538a545
>               CLNT_DESTROY(client);


>Release-Note:
>Audit-Trail:
>Unformatted: