Re: bin/59750: yppush aborts _svc_run: select failed: Bad file descriptor

["Michael van Elst via gnats" <gnats-admin%NetBSD.org@localhost>]

The following reply was made to PR bin/59750; it has been noted by GNATS.

From: mlelstv%serpens.de@localhost (Michael van Elst)
To: gnats-bugs%netbsd.org@localhost
Cc: 
Subject: Re: bin/59750: yppush aborts _svc_run: select failed: Bad file descriptor
Date: Fri, 7 Nov 2025 10:52:30 -0000 (UTC)

 nervoso%k1.com.br@localhost writes:
 
 >setup of a nis (yp) master => slave ... when updated some server db the system tries to yppush to slace, it aborts with:
 >yppush -h sip -v passwd.byname
 >pushing passwd.byname [order=1762482473] in domain lenzicasa
 >pushing map passwd.byname in lenzicasa: order=1762482473, owner=fserver.lenzicasa
 >pushing to sip
 >asking host sip to transfer map (xid=4441)
 >yppush: _svc_run: select failed: Bad file descriptor
 
 
 Thanks for reporting the bug.
 
 
 
 >I have made a patch for yppush with the help of chat-gpt... seems to work...
 
 
 That however is mostly nonsense. The file descriptor handling is
 done in libc and possible errors are already correctly handled.
 
 Your patch seems to work because of this part:
 
 >-	nfds = sysconf(_SC_OPEN_MAX);
 >+	nfds = (yppush_cbfd >= 0) ? (yppush_cbfd + 1) : sysconf(_SC_OPEN_MAX);
 
 Checking yppush_cbfd here serves no purpose, the program only
 reaches that point when the descriptor is valid.
 
 Assuming yppush_cbfd were captured, your change could be
 stripped to:
 
 >-	nfds = sysconf(_SC_OPEN_MAX);
 >+	nfds = yppush_cbfd + 1;
 
 Or, without peeking the descriptor (svc_maxfd is a value maintained
 by the library, just like svc_fdset).
 
 -	nfds = sysconf(_SC_OPEN_MAX);
 +	nfds = svc_maxfd + 1;
 
 
 The bug is to call select() with the maximum number of open
 file descriptors. The fd_set data structure however is limited
 to only FD_SETSIZE entries.
 
 FD_SETSIZE is special in that you can #define it yourself
 before including <sys/select.h> to extend the data structure.
 The kernel just accepts a larger nfds parameter to select()
 and treats the fd_set pointer then like such an extended
 structure.
 
 Since FD_SETSIZE is not #defined in yppush.c, the kernel reads
 beyond the end of the (regular sized) fd_set and if any of the
 following bits in memory is a '1' it is references an invalid file
 descriptor and select() fails correctly with EBADF.
 
 If your nfds value is even larger than sysconf(_SC_OPEN_MAX)+FD_SETSIZE,
 the kernel would have returned EINVAL instead. That's a safety
 measure against arbitrarily large values, where a huge fd_set
 would need to be copied into the kernel and checked.
 
 
 The bug only became visible, when NetBSD changed the default
 resource limit for open file descriptors from 128 to 1024
 for some architectures.