Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/usr.sbin/rpcbind merge FreeBSD changes:



details:   https://anonhg.NetBSD.org/src/rev/9058b5ebb4a4
branches:  trunk
changeset: 355819:9058b5ebb4a4
user:      christos <christos%NetBSD.org@localhost>
date:      Wed Aug 16 08:44:40 2017 +0000

description:
merge FreeBSD changes:
- fixes CVE-2015-7236
- adds -h hostip to bind, -6 for only ipv6 access, -a for abort gracefully
- documents -w (warmstart)
XXX: should fix warmstart file to go to /var/run instead of /tmp

diffstat:

 usr.sbin/rpcbind/check_bound.c  |   91 +++---
 usr.sbin/rpcbind/pmap_svc.c     |   72 ++--
 usr.sbin/rpcbind/rpcb_stat.c    |   62 ++--
 usr.sbin/rpcbind/rpcb_svc.c     |   64 ++--
 usr.sbin/rpcbind/rpcb_svc_4.c   |   82 +++---
 usr.sbin/rpcbind/rpcb_svc_com.c |  259 ++++++++++--------
 usr.sbin/rpcbind/rpcbind.8      |   80 +++++-
 usr.sbin/rpcbind/rpcbind.c      |  529 +++++++++++++++++++++++++++++++--------
 usr.sbin/rpcbind/rpcbind.h      |   69 +++--
 usr.sbin/rpcbind/security.c     |   30 +-
 usr.sbin/rpcbind/util.c         |    8 +-
 usr.sbin/rpcbind/warmstart.c    |   71 ++--
 12 files changed, 913 insertions(+), 504 deletions(-)

diffs (truncated from 2418 to 300 lines):

diff -r 0d85e8191219 -r 9058b5ebb4a4 usr.sbin/rpcbind/check_bound.c
--- a/usr.sbin/rpcbind/check_bound.c    Wed Aug 16 08:35:48 2017 +0000
+++ b/usr.sbin/rpcbind/check_bound.c    Wed Aug 16 08:44:40 2017 +0000
@@ -1,32 +1,32 @@
-/*     $NetBSD: check_bound.c,v 1.6 2015/11/08 16:36:28 christos Exp $ */
+/*     $NetBSD: check_bound.c,v 1.7 2017/08/16 08:44:40 christos Exp $ */
+/*     $FreeBSD: head/usr.sbin/rpcbind/check_bound.c 300942 2016-05-29 06:01:18Z ngie $ */
 
-/*
- * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
- * unrestricted use provided that this legend is included on all tape
- * media and as a part of the software program in whole or part.  Users
- * may copy or modify Sun RPC without charge, but are not authorized
- * to license or distribute it to anyone else except as part of a product or
- * program developed by the user.
- * 
- * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
- * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
- * Sun RPC is provided with no support and without any obligation on the
- * part of Sun Microsystems, Inc. to assist in its use, correction,
- * modification or enhancement.
- * 
- * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
- * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
- * OR ANY PART THEREOF.
- * 
- * In no event will Sun Microsystems, Inc. be liable for any lost revenue
- * or profits or other special, indirect and consequential damages, even if
- * Sun has been advised of the possibility of such damages.
- * 
- * Sun Microsystems, Inc.
- * 2550 Garcia Avenue
- * Mountain View, California  94043
+/*-
+ * Copyright (c) 2009, Sun Microsystems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * - Redistributions of source code must retain the above copyright notice,
+ *   this list of conditions and the following disclaimer.
+ * - Redistributions in binary form must reproduce the above copyright notice,
+ *   this list of conditions and the following disclaimer in the documentation
+ *   and/or other materials provided with the distribution.
+ * - Neither the name of Sun Microsystems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
  */
 /*
  * Copyright (c) 1986 - 1991 by Sun Microsystems, Inc.
@@ -43,7 +43,7 @@
 /*
  * check_bound.c
  * Checks to see whether the program is still bound to the
- * claimed address and returns the univeral merged address
+ * claimed address and returns the universal merged address
  *
  */
 
@@ -73,7 +73,7 @@
 
 static struct fdlist *fdhead;  /* Link list of the check fd's */
 static struct fdlist *fdtail;
-static const char emptystring[] = "";
+static char nullstring[] = "";
 
 static bool_t check_bound(struct fdlist *, const char *uaddr);
 
@@ -98,6 +98,7 @@
 
        fd = __rpc_nconf2fd(fdl->nconf);
        if (fd < 0) {
+               free(na->buf);
                free(na);
                return (TRUE);
        }
@@ -109,13 +110,14 @@
 #else
        close(fd);
 #endif
+       free(na->buf);
        free(na);
 
        return (ans == 0 ? FALSE : TRUE);
 }
 
 int
-add_bndlist(struct netconfig *nconf, struct netbuf *baddr)
+add_bndlist(struct netconfig *nconf, struct netbuf *baddr __unused)
 {
        struct fdlist *fdl;
        struct netconfig *newnconf;
@@ -123,7 +125,7 @@
        newnconf = getnetconfigent(nconf->nc_netid);
        if (newnconf == NULL)
                return (-1);
-       fdl = (struct fdlist *)malloc((u_int)sizeof (struct fdlist));
+       fdl = malloc(sizeof(struct fdlist));
        if (fdl == NULL) {
                freenetconfigent(newnconf);
                syslog(LOG_ERR, "no memory!");
@@ -175,23 +177,31 @@
                return (NULL);
        if (check_bound(fdl, uaddr) == FALSE)
                /* that server died */
-               return strdup(emptystring);
+               return nullstring;
        /*
+        * Try to determine the local address on which the client contacted us,
+        * so we can send a reply from the same address.  If it's unknown, then
+        * try to determine which address the client used, and pick a nearby
+        * local address.
+        *
         * If saddr is not NULL, the remote client may have included the
         * address by which it contacted us.  Use that for the "client" uaddr,
         * otherwise use the info from the SVCXPRT.
         */
-       if (saddr != NULL) {
+       if (xprt->xp_rtaddr.buf != NULL) {
+               c_uaddr = taddr2uaddr(fdl->nconf, &xprt->xp_rtaddr);
+               allocated_uaddr = c_uaddr;
+       } else if (saddr != NULL) {
                c_uaddr = saddr;
        } else {
                c_uaddr = taddr2uaddr(fdl->nconf, svc_getrpccaller(xprt));
-               if (c_uaddr == NULL) {
-                       syslog(LOG_ERR, "taddr2uaddr failed for %s",
-                               fdl->nconf->nc_netid);
-                       return (NULL);
-               }
                allocated_uaddr = c_uaddr;
        }
+       if (c_uaddr == NULL) {
+               syslog(LOG_ERR, "taddr2uaddr failed for %s",
+                       fdl->nconf->nc_netid);
+               return (NULL);
+       }
 
 #ifdef RPCBIND_DEBUG
        if (debugging) {
@@ -214,8 +224,7 @@
                fprintf(stderr, "mergeaddr: uaddr = %s, merged uaddr = %s\n",
                                uaddr, m_uaddr);
 #endif
-       if (allocated_uaddr != NULL)
-               free(allocated_uaddr);
+       free(allocated_uaddr);
        return (m_uaddr);
 }
 
diff -r 0d85e8191219 -r 9058b5ebb4a4 usr.sbin/rpcbind/pmap_svc.c
--- a/usr.sbin/rpcbind/pmap_svc.c       Wed Aug 16 08:35:48 2017 +0000
+++ b/usr.sbin/rpcbind/pmap_svc.c       Wed Aug 16 08:44:40 2017 +0000
@@ -1,32 +1,32 @@
-/*     $NetBSD: pmap_svc.c,v 1.8 2015/11/08 16:36:28 christos Exp $    */
+/*     $NetBSD: pmap_svc.c,v 1.9 2017/08/16 08:44:40 christos Exp $    */
+/*     $FreeBSD: head/usr.sbin/rpcbind/pmap_svc.c 258564 2013-11-25 16:44:02Z hrs $ */
 
-/*
- * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
- * unrestricted use provided that this legend is included on all tape
- * media and as a part of the software program in whole or part.  Users
- * may copy or modify Sun RPC without charge, but are not authorized
- * to license or distribute it to anyone else except as part of a product or
- * program developed by the user.
- * 
- * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
- * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
- * Sun RPC is provided with no support and without any obligation on the
- * part of Sun Microsystems, Inc. to assist in its use, correction,
- * modification or enhancement.
- * 
- * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
- * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
- * OR ANY PART THEREOF.
- * 
- * In no event will Sun Microsystems, Inc. be liable for any lost revenue
- * or profits or other special, indirect and consequential damages, even if
- * Sun has been advised of the possibility of such damages.
- * 
- * Sun Microsystems, Inc.
- * 2550 Garcia Avenue
- * Mountain View, California  94043
+/*-
+ * Copyright (c) 2009, Sun Microsystems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * - Redistributions of source code must retain the above copyright notice,
+ *   this list of conditions and the following disclaimer.
+ * - Redistributions in binary form must reproduce the above copyright notice,
+ *   this list of conditions and the following disclaimer in the documentation
+ *   and/or other materials provided with the distribution.
+ * - Neither the name of Sun Microsystems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
  */
 /*
  * Copyright (c) 1984 - 1991 by Sun Microsystems, Inc.
@@ -165,7 +165,7 @@
 }
 
 static bool_t
-pmapproc_change(struct svc_req *rqstp, SVCXPRT *xprt, unsigned long op)
+pmapproc_change(struct svc_req *rqstp __unused, SVCXPRT *xprt, unsigned long op)
 {
        struct pmap reg;
        RPCB rpcbreg;
@@ -173,11 +173,6 @@
        struct sockcred *sc;
        char uidbuf[32];
 
-       if (!svc_getargs(xprt, (xdrproc_t) xdr_pmap, (char *)&reg)) {
-               svcerr_decode(xprt);
-               return (FALSE);
-       }
-
 #ifdef RPCBIND_DEBUG
        if (debugging)
                fprintf(stderr, "%s request for (%lu, %lu) : ",
@@ -185,6 +180,11 @@
                    reg.pm_prog, reg.pm_vers);
 #endif
 
+       if (!svc_getargs(xprt, (xdrproc_t) xdr_pmap, (char *)&reg)) {
+               svcerr_decode(xprt);
+               return (FALSE);
+       }
+
        if (!check_access(xprt, op, &reg, PMAPVERS)) {
                svcerr_weakauth(xprt);
                return FALSE;
@@ -259,7 +259,7 @@
 
 /* ARGSUSED */
 static bool_t
-pmapproc_getport(struct svc_req *rqstp, SVCXPRT *xprt)
+pmapproc_getport(struct svc_req *rqstp __unused, SVCXPRT *xprt)
 {
        struct pmap reg;
        long lport;
@@ -340,7 +340,7 @@
 
 /* ARGSUSED */
 static bool_t
-pmapproc_dump(struct svc_req *rqstp, SVCXPRT *xprt)
+pmapproc_dump(struct svc_req *rqstp __unused, SVCXPRT *xprt)
 {
        if (!svc_getargs(xprt, (xdrproc_t)xdr_void, NULL)) {
                svcerr_decode(xprt);
diff -r 0d85e8191219 -r 9058b5ebb4a4 usr.sbin/rpcbind/rpcb_stat.c
--- a/usr.sbin/rpcbind/rpcb_stat.c      Wed Aug 16 08:35:48 2017 +0000
+++ b/usr.sbin/rpcbind/rpcb_stat.c      Wed Aug 16 08:44:40 2017 +0000
@@ -1,32 +1,32 @@
-/*     $NetBSD: rpcb_stat.c,v 1.5 2007/05/13 20:03:47 christos Exp $   */
+/*     $NetBSD: rpcb_stat.c,v 1.6 2017/08/16 08:44:40 christos Exp $   */
+/* $FreeBSD: head/usr.sbin/rpcbind/rpcb_stat.c 301605 2016-06-08 12:45:22Z ngie $ */
 
-/*
- * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
- * unrestricted use provided that this legend is included on all tape
- * media and as a part of the software program in whole or part.  Users
- * may copy or modify Sun RPC without charge, but are not authorized
- * to license or distribute it to anyone else except as part of a product or
- * program developed by the user.
- * 
- * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
- * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
- * Sun RPC is provided with no support and without any obligation on the



Home | Main Index | Thread Index | Old Index