Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src PR/47617: Thorsten Brehm: Memory and socket leak in librpc
details: https://anonhg.NetBSD.org/src/rev/d7ef11056fcf
branches: trunk
changeset: 785218:d7ef11056fcf
user: christos <christos%NetBSD.org@localhost>
date: Mon Mar 04 17:29:03 2013 +0000
description:
PR/47617: Thorsten Brehm: Memory and socket leak in librpc
diffstat:
include/rpc/svc.h | 4 ++--
lib/libc/rpc/rpc_soc.3 | 4 ++--
lib/libc/rpc/rpc_svc_reg.3 | 4 ++--
lib/libc/rpc/svc.c | 23 +++++++++++++++--------
lib/libc/rpc/svc_dg.c | 19 +++++++++++--------
lib/libc/rpc/svc_raw.c | 7 ++++---
lib/libc/rpc/svc_vc.c | 20 ++++++++++++--------
7 files changed, 48 insertions(+), 33 deletions(-)
diffs (265 lines):
diff -r e949a813c40e -r d7ef11056fcf include/rpc/svc.h
--- a/include/rpc/svc.h Mon Mar 04 17:17:56 2013 +0000
+++ b/include/rpc/svc.h Mon Mar 04 17:29:03 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: svc.h,v 1.24 2011/08/30 17:06:20 plunky Exp $ */
+/* $NetBSD: svc.h,v 1.25 2013/03/04 17:29:03 christos Exp $ */
/*
* Sun RPC is a product of Sun Microsystems, Inc. and is provided for
@@ -221,7 +221,7 @@
* SVCXPRT *xprt;
*/
__BEGIN_DECLS
-extern void xprt_register (SVCXPRT *);
+extern bool_t xprt_register (SVCXPRT *);
__END_DECLS
/*
diff -r e949a813c40e -r d7ef11056fcf lib/libc/rpc/rpc_soc.3
--- a/lib/libc/rpc/rpc_soc.3 Mon Mar 04 17:17:56 2013 +0000
+++ b/lib/libc/rpc/rpc_soc.3 Mon Mar 04 17:29:03 2013 +0000
@@ -1,5 +1,5 @@
.\" @(#)rpc.3n 2.4 88/08/08 4.0 RPCSRC; from 1.19 88/06/24 SMI
-.\" $NetBSD: rpc_soc.3,v 1.13 2009/01/11 02:46:29 christos Exp $
+.\" $NetBSD: rpc_soc.3,v 1.14 2013/03/04 17:29:03 christos Exp $
.\" Converted to mdoc by Thomas Klausner <wiz%NetBSD.org@localhost>
.\"
.Dd December 12, 2008
@@ -221,7 +221,7 @@
.Fn xdr_rejected_reply "XDR *xdrs" "struct rejected_reply *rr"
.Ft int
.Fn xdr_replymsg "XDR *xdrs" "struct rpc_msg *rmsg"
-.Ft void
+.Ft bool_t
.Fn xprt_register "SVCXPRT *xprt"
.Ft void
.Fn xprt_unregister "SVCXPRT *xprt"
diff -r e949a813c40e -r d7ef11056fcf lib/libc/rpc/rpc_svc_reg.3
--- a/lib/libc/rpc/rpc_svc_reg.3 Mon Mar 04 17:17:56 2013 +0000
+++ b/lib/libc/rpc/rpc_svc_reg.3 Mon Mar 04 17:29:03 2013 +0000
@@ -2,7 +2,7 @@
.\" Copyright 1989 AT&T
.\" @(#)rpc_svc_call 1.6 89/07/20 SMI;
.\" Copyright (c) 1988 Sun Microsystems, Inc. - All Rights Reserved.
-.\" $NetBSD: rpc_svc_reg.3,v 1.9 2009/03/11 13:36:01 joerg Exp $
+.\" $NetBSD: rpc_svc_reg.3,v 1.10 2013/03/04 17:29:03 christos Exp $
.Dd May 3, 1993
.Dt RPC_SVC_REG 3
.Os
@@ -27,7 +27,7 @@
.Fn svc_unreg "const rpcprog_t prognum" "const rpcvers_t versnum"
.Ft int
.Fn svc_auth_reg "const int cred_flavor" "const enum auth_stat (*handler(struct svc_req *, struct rpc_msg *))"
-.Ft void
+.Ft bool_t
.Fn xprt_register "const SVCXPRT *xprt"
.Ft void
.Fn xprt_unregister "const SVCXPRT *xprt"
diff -r e949a813c40e -r d7ef11056fcf lib/libc/rpc/svc.c
--- a/lib/libc/rpc/svc.c Mon Mar 04 17:17:56 2013 +0000
+++ b/lib/libc/rpc/svc.c Mon Mar 04 17:29:03 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: svc.c,v 1.31 2012/03/20 17:14:50 matt Exp $ */
+/* $NetBSD: svc.c,v 1.32 2013/03/04 17:29:03 christos Exp $ */
/*
* Sun RPC is a product of Sun Microsystems, Inc. and is provided for
@@ -35,7 +35,7 @@
static char *sccsid = "@(#)svc.c 1.44 88/02/08 Copyr 1984 Sun Micro";
static char *sccsid = "@(#)svc.c 2.4 88/08/11 4.0 RPCSRC";
#else
-__RCSID("$NetBSD: svc.c,v 1.31 2012/03/20 17:14:50 matt Exp $");
+__RCSID("$NetBSD: svc.c,v 1.32 2013/03/04 17:29:03 christos Exp $");
#endif
#endif
@@ -125,7 +125,7 @@
/*
* Activate a transport handle.
*/
-void
+bool_t
xprt_register(SVCXPRT *xprt)
{
int sock;
@@ -138,18 +138,25 @@
if (__svc_xports == NULL) {
__svc_xports = mem_alloc(FD_SETSIZE * sizeof(SVCXPRT *));
if (__svc_xports == NULL) {
- warn("xprt_register");
+ warn("%s: out of memory", __func__);
goto out;
}
memset(__svc_xports, '\0', FD_SETSIZE * sizeof(SVCXPRT *));
}
- if (sock < FD_SETSIZE) {
- __svc_xports[sock] = xprt;
- FD_SET(sock, &svc_fdset);
- svc_maxfd = max(svc_maxfd, sock);
+ if (sock >= FD_SETSIZE) {
+ warnx("%s: socket descriptor %d too large for setsize %u",
+ __func__, sock, (unsigned)FD_SETSIZE);
+ goto out;
}
+ __svc_xports[sock] = xprt;
+ FD_SET(sock, &svc_fdset);
+ svc_maxfd = max(svc_maxfd, sock);
+ rwlock_unlock(&svc_fd_lock);
+ return (TRUE);
+
out:
rwlock_unlock(&svc_fd_lock);
+ return (FALSE);
}
void
diff -r e949a813c40e -r d7ef11056fcf lib/libc/rpc/svc_dg.c
--- a/lib/libc/rpc/svc_dg.c Mon Mar 04 17:17:56 2013 +0000
+++ b/lib/libc/rpc/svc_dg.c Mon Mar 04 17:29:03 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: svc_dg.c,v 1.14 2012/03/20 17:14:50 matt Exp $ */
+/* $NetBSD: svc_dg.c,v 1.15 2013/03/04 17:29:03 christos Exp $ */
/*
* Sun RPC is a product of Sun Microsystems, Inc. and is provided for
@@ -44,7 +44,7 @@
#include <sys/cdefs.h>
#if defined(LIBC_SCCS) && !defined(lint)
-__RCSID("$NetBSD: svc_dg.c,v 1.14 2012/03/20 17:14:50 matt Exp $");
+__RCSID("$NetBSD: svc_dg.c,v 1.15 2013/03/04 17:29:03 christos Exp $");
#endif
#include "namespace.h"
@@ -128,15 +128,15 @@
xprt = mem_alloc(sizeof (SVCXPRT));
if (xprt == NULL)
- goto freedata;
+ goto outofmem;
memset(xprt, 0, sizeof (SVCXPRT));
su = mem_alloc(sizeof (*su));
if (su == NULL)
- goto freedata;
+ goto outofmem;
su->su_iosz = ((MAX(sendsize, recvsize) + 3) / 4) * 4;
if ((rpc_buffer(xprt) = malloc(su->su_iosz)) == NULL)
- goto freedata;
+ goto outofmem;
_DIAGASSERT(__type_fit(u_int, su->su_iosz));
xdrmem_create(&(su->su_xdrs), rpc_buffer(xprt), (u_int)su->su_iosz,
XDR_DECODE);
@@ -149,16 +149,19 @@
slen = sizeof ss;
if (getsockname(fd, (struct sockaddr *)(void *)&ss, &slen) < 0)
- goto freedata;
+ goto outofmem;
xprt->xp_ltaddr.buf = mem_alloc(sizeof (struct sockaddr_storage));
xprt->xp_ltaddr.maxlen = sizeof (struct sockaddr_storage);
xprt->xp_ltaddr.len = slen;
memcpy(xprt->xp_ltaddr.buf, &ss, slen);
- xprt_register(xprt);
+ if (!xprt_register(xprt))
+ goto freedata;
return (xprt);
+
+outofmem:
+ (void) warnx(svc_dg_str, __no_mem_str);
freedata:
- (void) warnx(svc_dg_str, __no_mem_str);
if (xprt) {
if (su)
(void) mem_free(su, sizeof (*su));
diff -r e949a813c40e -r d7ef11056fcf lib/libc/rpc/svc_raw.c
--- a/lib/libc/rpc/svc_raw.c Mon Mar 04 17:17:56 2013 +0000
+++ b/lib/libc/rpc/svc_raw.c Mon Mar 04 17:29:03 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: svc_raw.c,v 1.22 2012/03/20 17:14:50 matt Exp $ */
+/* $NetBSD: svc_raw.c,v 1.23 2013/03/04 17:29:03 christos Exp $ */
/*
* Sun RPC is a product of Sun Microsystems, Inc. and is provided for
@@ -39,7 +39,7 @@
#if 0
static char sccsid[] = "@(#)svc_raw.c 1.25 89/01/31 Copyr 1984 Sun Micro";
#else
-__RCSID("$NetBSD: svc_raw.c,v 1.22 2012/03/20 17:14:50 matt Exp $");
+__RCSID("$NetBSD: svc_raw.c,v 1.23 2013/03/04 17:29:03 christos Exp $");
#endif
#endif
@@ -117,7 +117,8 @@
svc_raw_ops(&srp->server);
srp->server.xp_verf.oa_base = srp->verf_body;
xdrmem_create(&srp->xdr_stream, srp->raw_buf, UDPMSGSIZE, XDR_DECODE);
- xprt_register(&srp->server);
+ if (!xprt_register(&srp->server))
+ goto out;
mutex_unlock(&svcraw_lock);
return (&srp->server);
out:
diff -r e949a813c40e -r d7ef11056fcf lib/libc/rpc/svc_vc.c
--- a/lib/libc/rpc/svc_vc.c Mon Mar 04 17:17:56 2013 +0000
+++ b/lib/libc/rpc/svc_vc.c Mon Mar 04 17:29:03 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: svc_vc.c,v 1.27 2013/03/04 17:17:56 christos Exp $ */
+/* $NetBSD: svc_vc.c,v 1.28 2013/03/04 17:29:03 christos Exp $ */
/*
* Sun RPC is a product of Sun Microsystems, Inc. and is provided for
@@ -35,7 +35,7 @@
static char *sccsid = "@(#)svc_tcp.c 1.21 87/08/11 Copyr 1984 Sun Micro";
static char *sccsid = "@(#)svc_tcp.c 2.2 88/08/01 4.0 RPCSRC";
#else
-__RCSID("$NetBSD: svc_vc.c,v 1.27 2013/03/04 17:17:56 christos Exp $");
+__RCSID("$NetBSD: svc_vc.c,v 1.28 2013/03/04 17:29:03 christos Exp $");
#endif
#endif
@@ -188,7 +188,8 @@
memcpy(xprt->xp_ltaddr.buf, &sslocal, (size_t)sslocal.ss_len);
xprt->xp_rtaddr.maxlen = sizeof (struct sockaddr_storage);
- xprt_register(xprt);
+ if (!xprt_register(xprt))
+ goto cleanup_svc_vc_create;
return xprt;
cleanup_svc_vc_create:
if (xprt)
@@ -268,11 +269,11 @@
xprt = mem_alloc(sizeof(SVCXPRT));
if (xprt == NULL)
- goto out;
+ goto outofmem;
memset(xprt, 0, sizeof *xprt);
cd = mem_alloc(sizeof(struct cf_conn));
if (cd == NULL)
- goto out;
+ goto outofmem;
cd->strm_stat = XPRT_IDLE;
xdrrec_create(&(cd->xdrs), sendsize, recvsize,
(caddr_t)(void *)xprt, read_vc, write_vc);
@@ -283,12 +284,15 @@
xprt->xp_fd = fd;
if (__rpc_fd2sockinfo(fd, &si) && __rpc_sockinfo2netid(&si, &netid))
if ((xprt->xp_netid = strdup(netid)) == NULL)
- goto out;
+ goto outofmem;
- xprt_register(xprt);
+ if (!xprt_register(xprt))
+ goto out;
return xprt;
+
+outofmem:
+ warn("svc_tcp: makefd_xprt");
out:
- warn("svc_tcp: makefd_xprt");
if (xprt)
mem_free(xprt, sizeof(SVCXPRT));
return NULL;
Home |
Main Index |
Thread Index |
Old Index