lib/46454: getnameinfo(3) is not thread-safe

To: lib-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: lib/46454: getnameinfo(3) is not thread-safe
From: naruse%airemix.jp@localhost
Date: Tue, 15 May 2012 07:10:01 +0000 (UTC)

>Number:         46454
>Category:       lib
>Synopsis:       getnameinfo(3) is not thread-safe
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue May 15 07:10:00 +0000 2012
>Originator:     Yui NARUSE
>Release:        6.99.4
>Organization:
>Environment:
NetBSD nbsd.rubyci.org 6.99.4 NetBSD 6.99.4 (GENERIC) #0: Fri Apr 13 00:47:23 
JST 2012  
naruse%nbsd.rubyci.org@localhost:/usr/obj/sys/arch/i386/compile/GENERIC i386
>Description:
SuS says getnameinfo(3) shall be thread-safe.
But NetBSD's getnameinfo(3) uses gethostbyaddr(3), which is not thread-safe.
http://pubs.opengroup.org/onlinepubs/9699919799/functions/getnameinfo.html
http://pubs.opengroup.org/onlinepubs/009695399/functions/gethostbyname.html
(gethostbyname is removed in SuSv7)

getnameinfo() calls getpeername(),
getpeername() calls nsdispatch(),
nsdispatch() calls _gethtbyaddr() with rdlock,
_gethtbyaddr() calls _gethtent().
_gethtent() uses static variable hostf.
If someone calls _endhtent() during one runs _gethtent(),
_endhtent() sets NULL to hostf, and _gethtent() will cause SEGV.


The original issue is derived from Ruby's test case 
https://gist.github.com/2695368
and this report is helped by enami.
>How-To-Repeat:

>Fix:

Prev by Date: Re: port-amd64/45391: pow(3) wrong result for x = 0.0 and y < 0
Next by Date: bin/46455: /bin/sh: set -C breaks 2>/dev/null redirection
Previous by Thread: kern/46451: eso(4) kernel panic while booting NetBSD 6.0_BETA
Next by Thread: bin/46455: /bin/sh: set -C breaks 2>/dev/null redirection
Indexes:

Home | Main Index | Thread Index | Old Index