libtirpc: upgrade to 1.0.2
1.0.1 -> 1.0.2 Remove these Backported and upstreamed patches: 1. 0001-Fix-for-CVE-2017-8779.patch 2. libtirpc-0.2.1-fortify.patch 3. libtirpc-1.0.2-rc3.patc (From OE-Core rev: 4586a66aa3f9992f54839c2920c3d51e95040a1b) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
parent
3a1b3aada3
commit
4fe719b6e0
|
@ -1,276 +0,0 @@
|
|||
From dd9c7cf4f8f375c6d641b760d124650c418c2ce3 Mon Sep 17 00:00:00 2001
|
||||
From: Guido Vranken <guidovranken@gmail.com>
|
||||
Date: Mon, 15 May 2017 11:12:21 -0400
|
||||
Subject: [PATCH] Fix for CVE-2017-8779
|
||||
|
||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||||
---
|
||||
src/rpc_generic.c | 8 ++++++++
|
||||
src/rpcb_prot.c | 22 ++++++++++++++--------
|
||||
src/rpcb_st_xdr.c | 9 +++++----
|
||||
src/xdr.c | 30 +++++++++++++++++++++++++-----
|
||||
4 files changed, 52 insertions(+), 17 deletions(-)
|
||||
|
||||
CVE: CVE-2017-8779
|
||||
Upstream-Status: Backport
|
||||
|
||||
Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
|
||||
|
||||
diff --git a/src/rpc_generic.c b/src/rpc_generic.c
|
||||
index 2f09a8f..589cbd5 100644
|
||||
--- a/src/rpc_generic.c
|
||||
+++ b/src/rpc_generic.c
|
||||
@@ -615,6 +615,9 @@ __rpc_taddr2uaddr_af(int af, const struct netbuf *nbuf)
|
||||
|
||||
switch (af) {
|
||||
case AF_INET:
|
||||
+ if (nbuf->len < sizeof(*sin)) {
|
||||
+ return NULL;
|
||||
+ }
|
||||
sin = nbuf->buf;
|
||||
if (inet_ntop(af, &sin->sin_addr, namebuf, sizeof namebuf)
|
||||
== NULL)
|
||||
@@ -626,6 +629,9 @@ __rpc_taddr2uaddr_af(int af, const struct netbuf *nbuf)
|
||||
break;
|
||||
#ifdef INET6
|
||||
case AF_INET6:
|
||||
+ if (nbuf->len < sizeof(*sin6)) {
|
||||
+ return NULL;
|
||||
+ }
|
||||
sin6 = nbuf->buf;
|
||||
if (inet_ntop(af, &sin6->sin6_addr, namebuf6, sizeof namebuf6)
|
||||
== NULL)
|
||||
@@ -667,6 +673,8 @@ __rpc_uaddr2taddr_af(int af, const char *uaddr)
|
||||
|
||||
port = 0;
|
||||
sin = NULL;
|
||||
+ if (uaddr == NULL)
|
||||
+ return NULL;
|
||||
addrstr = strdup(uaddr);
|
||||
if (addrstr == NULL)
|
||||
return NULL;
|
||||
diff --git a/src/rpcb_prot.c b/src/rpcb_prot.c
|
||||
index 43fd385..a923c8e 100644
|
||||
--- a/src/rpcb_prot.c
|
||||
+++ b/src/rpcb_prot.c
|
||||
@@ -41,6 +41,7 @@
|
||||
#include <rpc/types.h>
|
||||
#include <rpc/xdr.h>
|
||||
#include <rpc/rpcb_prot.h>
|
||||
+#include "rpc_com.h"
|
||||
|
||||
bool_t
|
||||
xdr_rpcb(xdrs, objp)
|
||||
@@ -53,13 +54,13 @@ xdr_rpcb(xdrs, objp)
|
||||
if (!xdr_u_int32_t(xdrs, &objp->r_vers)) {
|
||||
return (FALSE);
|
||||
}
|
||||
- if (!xdr_string(xdrs, &objp->r_netid, (u_int)~0)) {
|
||||
+ if (!xdr_string(xdrs, &objp->r_netid, RPC_MAXDATASIZE)) {
|
||||
return (FALSE);
|
||||
}
|
||||
- if (!xdr_string(xdrs, &objp->r_addr, (u_int)~0)) {
|
||||
+ if (!xdr_string(xdrs, &objp->r_addr, RPC_MAXDATASIZE)) {
|
||||
return (FALSE);
|
||||
}
|
||||
- if (!xdr_string(xdrs, &objp->r_owner, (u_int)~0)) {
|
||||
+ if (!xdr_string(xdrs, &objp->r_owner, RPC_MAXDATASIZE)) {
|
||||
return (FALSE);
|
||||
}
|
||||
return (TRUE);
|
||||
@@ -159,19 +160,19 @@ xdr_rpcb_entry(xdrs, objp)
|
||||
XDR *xdrs;
|
||||
rpcb_entry *objp;
|
||||
{
|
||||
- if (!xdr_string(xdrs, &objp->r_maddr, (u_int)~0)) {
|
||||
+ if (!xdr_string(xdrs, &objp->r_maddr, RPC_MAXDATASIZE)) {
|
||||
return (FALSE);
|
||||
}
|
||||
- if (!xdr_string(xdrs, &objp->r_nc_netid, (u_int)~0)) {
|
||||
+ if (!xdr_string(xdrs, &objp->r_nc_netid, RPC_MAXDATASIZE)) {
|
||||
return (FALSE);
|
||||
}
|
||||
if (!xdr_u_int32_t(xdrs, &objp->r_nc_semantics)) {
|
||||
return (FALSE);
|
||||
}
|
||||
- if (!xdr_string(xdrs, &objp->r_nc_protofmly, (u_int)~0)) {
|
||||
+ if (!xdr_string(xdrs, &objp->r_nc_protofmly, RPC_MAXDATASIZE)) {
|
||||
return (FALSE);
|
||||
}
|
||||
- if (!xdr_string(xdrs, &objp->r_nc_proto, (u_int)~0)) {
|
||||
+ if (!xdr_string(xdrs, &objp->r_nc_proto, RPC_MAXDATASIZE)) {
|
||||
return (FALSE);
|
||||
}
|
||||
return (TRUE);
|
||||
@@ -292,7 +293,7 @@ xdr_rpcb_rmtcallres(xdrs, p)
|
||||
bool_t dummy;
|
||||
struct r_rpcb_rmtcallres *objp = (struct r_rpcb_rmtcallres *)(void *)p;
|
||||
|
||||
- if (!xdr_string(xdrs, &objp->addr, (u_int)~0)) {
|
||||
+ if (!xdr_string(xdrs, &objp->addr, RPC_MAXDATASIZE)) {
|
||||
return (FALSE);
|
||||
}
|
||||
if (!xdr_u_int(xdrs, &objp->results.results_len)) {
|
||||
@@ -312,6 +313,11 @@ xdr_netbuf(xdrs, objp)
|
||||
if (!xdr_u_int32_t(xdrs, (u_int32_t *) &objp->maxlen)) {
|
||||
return (FALSE);
|
||||
}
|
||||
+
|
||||
+ if (objp->maxlen > RPC_MAXDATASIZE) {
|
||||
+ return (FALSE);
|
||||
+ }
|
||||
+
|
||||
dummy = xdr_bytes(xdrs, (char **)&(objp->buf),
|
||||
(u_int *)&(objp->len), objp->maxlen);
|
||||
return (dummy);
|
||||
diff --git a/src/rpcb_st_xdr.c b/src/rpcb_st_xdr.c
|
||||
index 08db745..28e6a48 100644
|
||||
--- a/src/rpcb_st_xdr.c
|
||||
+++ b/src/rpcb_st_xdr.c
|
||||
@@ -37,6 +37,7 @@
|
||||
|
||||
|
||||
#include <rpc/rpc.h>
|
||||
+#include "rpc_com.h"
|
||||
|
||||
/* Link list of all the stats about getport and getaddr */
|
||||
|
||||
@@ -58,7 +59,7 @@ xdr_rpcbs_addrlist(xdrs, objp)
|
||||
if (!xdr_int(xdrs, &objp->failure)) {
|
||||
return (FALSE);
|
||||
}
|
||||
- if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) {
|
||||
+ if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) {
|
||||
return (FALSE);
|
||||
}
|
||||
|
||||
@@ -109,7 +110,7 @@ xdr_rpcbs_rmtcalllist(xdrs, objp)
|
||||
IXDR_PUT_INT32(buf, objp->failure);
|
||||
IXDR_PUT_INT32(buf, objp->indirect);
|
||||
}
|
||||
- if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) {
|
||||
+ if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) {
|
||||
return (FALSE);
|
||||
}
|
||||
if (!xdr_pointer(xdrs, (char **)&objp->next,
|
||||
@@ -147,7 +148,7 @@ xdr_rpcbs_rmtcalllist(xdrs, objp)
|
||||
objp->failure = (int)IXDR_GET_INT32(buf);
|
||||
objp->indirect = (int)IXDR_GET_INT32(buf);
|
||||
}
|
||||
- if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) {
|
||||
+ if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) {
|
||||
return (FALSE);
|
||||
}
|
||||
if (!xdr_pointer(xdrs, (char **)&objp->next,
|
||||
@@ -175,7 +176,7 @@ xdr_rpcbs_rmtcalllist(xdrs, objp)
|
||||
if (!xdr_int(xdrs, &objp->indirect)) {
|
||||
return (FALSE);
|
||||
}
|
||||
- if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) {
|
||||
+ if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) {
|
||||
return (FALSE);
|
||||
}
|
||||
if (!xdr_pointer(xdrs, (char **)&objp->next,
|
||||
diff --git a/src/xdr.c b/src/xdr.c
|
||||
index f3fb9ad..b9a1558 100644
|
||||
--- a/src/xdr.c
|
||||
+++ b/src/xdr.c
|
||||
@@ -42,8 +42,10 @@
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
+#include <rpc/rpc.h>
|
||||
#include <rpc/types.h>
|
||||
#include <rpc/xdr.h>
|
||||
+#include <rpc/rpc_com.h>
|
||||
|
||||
typedef quad_t longlong_t; /* ANSI long long type */
|
||||
typedef u_quad_t u_longlong_t; /* ANSI unsigned long long type */
|
||||
@@ -53,7 +55,6 @@ typedef u_quad_t u_longlong_t; /* ANSI unsigned long long type */
|
||||
*/
|
||||
#define XDR_FALSE ((long) 0)
|
||||
#define XDR_TRUE ((long) 1)
|
||||
-#define LASTUNSIGNED ((u_int) 0-1)
|
||||
|
||||
/*
|
||||
* for unit alignment
|
||||
@@ -629,6 +630,7 @@ xdr_bytes(xdrs, cpp, sizep, maxsize)
|
||||
{
|
||||
char *sp = *cpp; /* sp is the actual string pointer */
|
||||
u_int nodesize;
|
||||
+ bool_t ret, allocated = FALSE;
|
||||
|
||||
/*
|
||||
* first deal with the length since xdr bytes are counted
|
||||
@@ -652,6 +654,7 @@ xdr_bytes(xdrs, cpp, sizep, maxsize)
|
||||
}
|
||||
if (sp == NULL) {
|
||||
*cpp = sp = mem_alloc(nodesize);
|
||||
+ allocated = TRUE;
|
||||
}
|
||||
if (sp == NULL) {
|
||||
warnx("xdr_bytes: out of memory");
|
||||
@@ -660,7 +663,14 @@ xdr_bytes(xdrs, cpp, sizep, maxsize)
|
||||
/* FALLTHROUGH */
|
||||
|
||||
case XDR_ENCODE:
|
||||
- return (xdr_opaque(xdrs, sp, nodesize));
|
||||
+ ret = xdr_opaque(xdrs, sp, nodesize);
|
||||
+ if ((xdrs->x_op == XDR_DECODE) && (ret == FALSE)) {
|
||||
+ if (allocated == TRUE) {
|
||||
+ free(sp);
|
||||
+ *cpp = NULL;
|
||||
+ }
|
||||
+ }
|
||||
+ return (ret);
|
||||
|
||||
case XDR_FREE:
|
||||
if (sp != NULL) {
|
||||
@@ -754,6 +764,7 @@ xdr_string(xdrs, cpp, maxsize)
|
||||
char *sp = *cpp; /* sp is the actual string pointer */
|
||||
u_int size;
|
||||
u_int nodesize;
|
||||
+ bool_t ret, allocated = FALSE;
|
||||
|
||||
/*
|
||||
* first deal with the length since xdr strings are counted-strings
|
||||
@@ -793,8 +804,10 @@ xdr_string(xdrs, cpp, maxsize)
|
||||
switch (xdrs->x_op) {
|
||||
|
||||
case XDR_DECODE:
|
||||
- if (sp == NULL)
|
||||
+ if (sp == NULL) {
|
||||
*cpp = sp = mem_alloc(nodesize);
|
||||
+ allocated = TRUE;
|
||||
+ }
|
||||
if (sp == NULL) {
|
||||
warnx("xdr_string: out of memory");
|
||||
return (FALSE);
|
||||
@@ -803,7 +816,14 @@ xdr_string(xdrs, cpp, maxsize)
|
||||
/* FALLTHROUGH */
|
||||
|
||||
case XDR_ENCODE:
|
||||
- return (xdr_opaque(xdrs, sp, size));
|
||||
+ ret = xdr_opaque(xdrs, sp, size);
|
||||
+ if ((xdrs->x_op == XDR_DECODE) && (ret == FALSE)) {
|
||||
+ if (allocated == TRUE) {
|
||||
+ free(sp);
|
||||
+ *cpp = NULL;
|
||||
+ }
|
||||
+ }
|
||||
+ return (ret);
|
||||
|
||||
case XDR_FREE:
|
||||
mem_free(sp, nodesize);
|
||||
@@ -823,7 +843,7 @@ xdr_wrapstring(xdrs, cpp)
|
||||
XDR *xdrs;
|
||||
char **cpp;
|
||||
{
|
||||
- return xdr_string(xdrs, cpp, LASTUNSIGNED);
|
||||
+ return xdr_string(xdrs, cpp, RPC_MAXDATASIZE);
|
||||
}
|
||||
|
||||
/*
|
||||
--
|
||||
1.9.1
|
||||
|
|
@ -1,26 +0,0 @@
|
|||
Fix a possible overflow (reported by _FORTIFY_SOURCE=2)
|
||||
|
||||
Ported from Gentoo
|
||||
|
||||
Upstream-Status: Pending
|
||||
|
||||
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
||||
|
||||
Index: libtirpc-0.2.1/src/getrpcport.c
|
||||
===================================================================
|
||||
--- libtirpc-0.2.1.orig/src/getrpcport.c
|
||||
+++ libtirpc-0.2.1/src/getrpcport.c
|
||||
@@ -54,11 +54,11 @@ getrpcport(host, prognum, versnum, proto
|
||||
|
||||
if ((hp = gethostbyname(host)) == NULL)
|
||||
return (0);
|
||||
+ if (hp->h_length != sizeof(addr.sin_addr.s_addr))
|
||||
+ return (0);
|
||||
memset(&addr, 0, sizeof(addr));
|
||||
addr.sin_family = AF_INET;
|
||||
addr.sin_port = 0;
|
||||
- if (hp->h_length > sizeof(addr))
|
||||
- hp->h_length = sizeof(addr);
|
||||
memcpy(&addr.sin_addr.s_addr, hp->h_addr, (size_t)hp->h_length);
|
||||
/* Inconsistent interfaces need casts! :-( */
|
||||
return (pmap_getport(&addr, (u_long)prognum, (u_long)versnum,
|
|
@ -1,743 +0,0 @@
|
|||
Backport the 1.0.2 RC3 changes, this fixes issues with gcc7
|
||||
|
||||
Upstream-Status: Backport
|
||||
|
||||
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
||||
|
||||
diff --git a/src/Makefile.am b/src/Makefile.am
|
||||
index e4ed8aa..fba2aa4 100644
|
||||
--- a/src/Makefile.am
|
||||
+++ b/src/Makefile.am
|
||||
@@ -24,7 +24,7 @@ libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c bindresvport.c cln
|
||||
rpcb_st_xdr.c svc.c svc_auth.c svc_dg.c svc_auth_unix.c svc_auth_none.c \
|
||||
svc_auth_des.c \
|
||||
svc_generic.c svc_raw.c svc_run.c svc_simple.c svc_vc.c getpeereid.c \
|
||||
- auth_time.c auth_des.c authdes_prot.c debug.c
|
||||
+ auth_time.c auth_des.c authdes_prot.c debug.c des_crypt.c des_impl.c
|
||||
|
||||
## XDR
|
||||
libtirpc_la_SOURCES += xdr.c xdr_rec.c xdr_array.c xdr_float.c xdr_mem.c xdr_reference.c xdr_stdio.c xdr_sizeof.c
|
||||
diff --git a/src/auth_des.c b/src/auth_des.c
|
||||
index 4d3639e..af2f61f 100644
|
||||
--- a/src/auth_des.c
|
||||
+++ b/src/auth_des.c
|
||||
@@ -46,8 +46,8 @@
|
||||
#include <rpc/clnt.h>
|
||||
#include <rpc/xdr.h>
|
||||
#include <sys/socket.h>
|
||||
-#undef NIS
|
||||
-#include <rpcsvc/nis.h>
|
||||
+
|
||||
+#include "nis.h"
|
||||
|
||||
#if defined(LIBC_SCCS) && !defined(lint)
|
||||
#endif
|
||||
diff --git a/src/auth_gss.c b/src/auth_gss.c
|
||||
index 9b88c38..5959893 100644
|
||||
--- a/src/auth_gss.c
|
||||
+++ b/src/auth_gss.c
|
||||
@@ -526,6 +526,14 @@ _rpc_gss_refresh(AUTH *auth, rpc_gss_options_ret_t *options_ret)
|
||||
gr.gr_major != GSS_S_CONTINUE_NEEDED)) {
|
||||
options_ret->major_status = gr.gr_major;
|
||||
options_ret->minor_status = gr.gr_minor;
|
||||
+ if (call_stat != RPC_SUCCESS) {
|
||||
+ struct rpc_err err;
|
||||
+ clnt_geterr(gd->clnt, &err);
|
||||
+ LIBTIRPC_DEBUG(1, ("authgss_refresh: %s errno: %s",
|
||||
+ clnt_sperrno(call_stat), strerror(err.re_errno)));
|
||||
+ } else
|
||||
+ gss_log_status("authgss_refresh:",
|
||||
+ gr.gr_major, gr.gr_minor);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
diff --git a/src/auth_time.c b/src/auth_time.c
|
||||
index 10e58eb..7f83ab4 100644
|
||||
--- a/src/auth_time.c
|
||||
+++ b/src/auth_time.c
|
||||
@@ -44,8 +44,8 @@
|
||||
#include <rpc/rpcb_prot.h>
|
||||
//#include <clnt_soc.h>
|
||||
#include <sys/select.h>
|
||||
-#undef NIS
|
||||
-#include <rpcsvc/nis.h>
|
||||
+
|
||||
+#include "nis.h"
|
||||
|
||||
|
||||
#ifdef TESTING
|
||||
diff --git a/src/des_impl.c b/src/des_impl.c
|
||||
index c5b7ed6..9dbccaf 100644
|
||||
--- a/src/des_impl.c
|
||||
+++ b/src/des_impl.c
|
||||
@@ -6,7 +6,8 @@
|
||||
/* see <http://www.gnu.org/licenses/> to obtain a copy. */
|
||||
#include <string.h>
|
||||
#include <stdint.h>
|
||||
-#include <rpc/rpc_des.h>
|
||||
+#include <sys/types.h>
|
||||
+#include <rpc/des.h>
|
||||
|
||||
|
||||
static const uint32_t des_SPtrans[8][64] =
|
||||
diff --git a/src/getpublickey.c b/src/getpublickey.c
|
||||
index 764a5f9..8cf4dc2 100644
|
||||
--- a/src/getpublickey.c
|
||||
+++ b/src/getpublickey.c
|
||||
@@ -38,8 +38,10 @@
|
||||
#include <pwd.h>
|
||||
#include <rpc/rpc.h>
|
||||
#include <rpc/key_prot.h>
|
||||
+#ifdef YP
|
||||
#include <rpcsvc/yp_prot.h>
|
||||
#include <rpcsvc/ypclnt.h>
|
||||
+#endif
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
diff --git a/src/nis.h b/src/nis.h
|
||||
new file mode 100644
|
||||
index 0000000..588c041
|
||||
--- /dev/null
|
||||
+++ b/src/nis.h
|
||||
@@ -0,0 +1,70 @@
|
||||
+/*
|
||||
+ * Copyright (c) 2010, Oracle America, Inc.
|
||||
+ *
|
||||
+ * Redistribution and use in source and binary forms, with or without
|
||||
+ * modification, are permitted provided that the following conditions are
|
||||
+ * met:
|
||||
+ *
|
||||
+ * * Redistributions of source code must retain the above copyright
|
||||
+ * notice, this list of conditions and the following disclaimer.
|
||||
+ * * Redistributions in binary form must reproduce the above
|
||||
+ * copyright notice, this list of conditions and the following
|
||||
+ * disclaimer in the documentation and/or other materials
|
||||
+ * provided with the distribution.
|
||||
+ * * Neither the name of the "Oracle America, Inc." nor the names of its
|
||||
+ * contributors may be used to endorse or promote products derived
|
||||
+ * from this software without specific prior written permission.
|
||||
+ *
|
||||
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
|
||||
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
||||
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
|
||||
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
|
||||
+ * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
||||
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
||||
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
+ */
|
||||
+
|
||||
+#ifndef _INTERNAL_NIS_H
|
||||
+#define _INTERNAL_NIS_H 1
|
||||
+
|
||||
+/* This file only contains the definition of nis_server, to be
|
||||
+ able to compile libtirpc without the need to have a glibc
|
||||
+ with sunrpc or a libnsl already installed. */
|
||||
+
|
||||
+#define NIS_PK_NONE 0
|
||||
+
|
||||
+struct nis_attr {
|
||||
+ char *zattr_ndx;
|
||||
+ struct {
|
||||
+ u_int zattr_val_len;
|
||||
+ char *zattr_val_val;
|
||||
+ } zattr_val;
|
||||
+};
|
||||
+typedef struct nis_attr nis_attr;
|
||||
+
|
||||
+typedef char *nis_name;
|
||||
+
|
||||
+struct endpoint {
|
||||
+ char *uaddr;
|
||||
+ char *family;
|
||||
+ char *proto;
|
||||
+};
|
||||
+typedef struct endpoint endpoint;
|
||||
+
|
||||
+struct nis_server {
|
||||
+ nis_name name;
|
||||
+ struct {
|
||||
+ u_int ep_len;
|
||||
+ endpoint *ep_val;
|
||||
+ } ep;
|
||||
+ uint32_t key_type;
|
||||
+ netobj pkey;
|
||||
+};
|
||||
+typedef struct nis_server nis_server;
|
||||
+
|
||||
+#endif /* ! _INTERNAL_NIS_H */
|
||||
diff --git a/src/rpc_dtablesize.c b/src/rpc_dtablesize.c
|
||||
index 13d320c..3fe503a 100644
|
||||
--- a/src/rpc_dtablesize.c
|
||||
+++ b/src/rpc_dtablesize.c
|
||||
@@ -27,22 +27,14 @@
|
||||
*/
|
||||
|
||||
#include <unistd.h>
|
||||
-
|
||||
#include <sys/select.h>
|
||||
-
|
||||
-int _rpc_dtablesize(void); /* XXX */
|
||||
+#include <rpc/clnt.h>
|
||||
+#include <rpc/rpc_com.h>
|
||||
|
||||
/*
|
||||
* Cache the result of getdtablesize(), so we don't have to do an
|
||||
* expensive system call every time.
|
||||
*/
|
||||
-/*
|
||||
- * XXX In FreeBSD 2.x, you can have the maximum number of open file
|
||||
- * descriptors be greater than FD_SETSIZE (which us 256 by default).
|
||||
- *
|
||||
- * Since old programs tend to use this call to determine the first arg
|
||||
- * for _select(), having this return > FD_SETSIZE is a Bad Idea(TM)!
|
||||
- */
|
||||
int
|
||||
_rpc_dtablesize(void)
|
||||
{
|
||||
diff --git a/src/rpc_soc.c b/src/rpc_soc.c
|
||||
index 1ec7b3f..ed0892a 100644
|
||||
--- a/src/rpc_soc.c
|
||||
+++ b/src/rpc_soc.c
|
||||
@@ -61,8 +61,8 @@
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include <fcntl.h>
|
||||
-#include <rpcsvc/nis.h>
|
||||
|
||||
+#include "nis.h"
|
||||
#include "rpc_com.h"
|
||||
|
||||
extern mutex_t rpcsoc_lock;
|
||||
diff --git a/src/rtime.c b/src/rtime.c
|
||||
index c34e0af..b642840 100644
|
||||
--- a/src/rtime.c
|
||||
+++ b/src/rtime.c
|
||||
@@ -46,6 +46,7 @@
|
||||
#include <unistd.h>
|
||||
#include <errno.h>
|
||||
#include <sys/types.h>
|
||||
+#include <sys/poll.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/time.h>
|
||||
#include <netinet/in.h>
|
||||
@@ -67,7 +68,8 @@ rtime(addrp, timep, timeout)
|
||||
struct timeval *timeout;
|
||||
{
|
||||
int s;
|
||||
- fd_set readfds;
|
||||
+ struct pollfd fd;
|
||||
+ int milliseconds;
|
||||
int res;
|
||||
unsigned long thetime;
|
||||
struct sockaddr_in from;
|
||||
@@ -94,31 +96,32 @@ rtime(addrp, timep, timeout)
|
||||
addrp->sin_port = serv->s_port;
|
||||
|
||||
if (type == SOCK_DGRAM) {
|
||||
- res = sendto(s, (char *)&thetime, sizeof(thetime), 0,
|
||||
+ res = sendto(s, (char *)&thetime, sizeof(thetime), 0,
|
||||
(struct sockaddr *)addrp, sizeof(*addrp));
|
||||
if (res < 0) {
|
||||
do_close(s);
|
||||
- return(-1);
|
||||
+ return(-1);
|
||||
}
|
||||
- do {
|
||||
- FD_ZERO(&readfds);
|
||||
- FD_SET(s, &readfds);
|
||||
- res = select(_rpc_dtablesize(), &readfds,
|
||||
- (fd_set *)NULL, (fd_set *)NULL, timeout);
|
||||
- } while (res < 0 && errno == EINTR);
|
||||
+
|
||||
+ milliseconds = (timeout->tv_sec * 1000) + (timeout->tv_usec / 1000);
|
||||
+ fd.fd = s;
|
||||
+ fd.events = POLLIN;
|
||||
+ do
|
||||
+ res = poll (&fd, 1, milliseconds);
|
||||
+ while (res < 0 && errno == EINTR);
|
||||
if (res <= 0) {
|
||||
if (res == 0) {
|
||||
errno = ETIMEDOUT;
|
||||
}
|
||||
do_close(s);
|
||||
- return(-1);
|
||||
+ return(-1);
|
||||
}
|
||||
fromlen = sizeof(from);
|
||||
- res = recvfrom(s, (char *)&thetime, sizeof(thetime), 0,
|
||||
+ res = recvfrom(s, (char *)&thetime, sizeof(thetime), 0,
|
||||
(struct sockaddr *)&from, &fromlen);
|
||||
do_close(s);
|
||||
if (res < 0) {
|
||||
- return(-1);
|
||||
+ return(-1);
|
||||
}
|
||||
} else {
|
||||
if (connect(s, (struct sockaddr *)addrp, sizeof(*addrp)) < 0) {
|
||||
diff --git a/src/svc.c b/src/svc.c
|
||||
index 9c41445..b59467b 100644
|
||||
--- a/src/svc.c
|
||||
+++ b/src/svc.c
|
||||
@@ -99,7 +99,7 @@ xprt_register (xprt)
|
||||
{
|
||||
__svc_xports = (SVCXPRT **) calloc (_rpc_dtablesize(), sizeof (SVCXPRT *));
|
||||
if (__svc_xports == NULL)
|
||||
- return;
|
||||
+ goto unlock;
|
||||
}
|
||||
if (sock < _rpc_dtablesize())
|
||||
{
|
||||
@@ -120,14 +120,14 @@ xprt_register (xprt)
|
||||
svc_pollfd[i].fd = sock;
|
||||
svc_pollfd[i].events = (POLLIN | POLLPRI |
|
||||
POLLRDNORM | POLLRDBAND);
|
||||
- return;
|
||||
+ goto unlock;
|
||||
}
|
||||
|
||||
new_svc_pollfd = (struct pollfd *) realloc (svc_pollfd,
|
||||
sizeof (struct pollfd)
|
||||
* (svc_max_pollfd + 1));
|
||||
if (new_svc_pollfd == NULL) /* Out of memory */
|
||||
- return;
|
||||
+ goto unlock;
|
||||
svc_pollfd = new_svc_pollfd;
|
||||
++svc_max_pollfd;
|
||||
|
||||
@@ -135,6 +135,7 @@ xprt_register (xprt)
|
||||
svc_pollfd[svc_max_pollfd - 1].events = (POLLIN | POLLPRI |
|
||||
POLLRDNORM | POLLRDBAND);
|
||||
}
|
||||
+unlock:
|
||||
rwlock_unlock (&svc_fd_lock);
|
||||
}
|
||||
|
||||
diff --git a/src/svc_auth_des.c b/src/svc_auth_des.c
|
||||
index 5bc264c..2e90146 100644
|
||||
--- a/src/svc_auth_des.c
|
||||
+++ b/src/svc_auth_des.c
|
||||
@@ -86,13 +86,13 @@ static struct cache_entry *authdes_cache/* [AUTHDES_CACHESZ] */;
|
||||
static short *authdes_lru/* [AUTHDES_CACHESZ] */;
|
||||
|
||||
static void cache_init(); /* initialize the cache */
|
||||
-static short cache_spot(); /* find an entry in the cache */
|
||||
-static void cache_ref(/*short sid*/); /* note that sid was ref'd */
|
||||
+static short cache_spot(des_block *key, char *name, struct timeval *timestamp); /* find an entry in the cache */
|
||||
+static void cache_ref(short sid); /* note that sid was ref'd */
|
||||
|
||||
-static void invalidate(); /* invalidate entry in cache */
|
||||
+static void invalidate(char *cred); /* invalidate entry in cache */
|
||||
|
||||
/*
|
||||
- * cache statistics
|
||||
+ * cache statistics
|
||||
*/
|
||||
static struct {
|
||||
u_long ncachehits; /* times cache hit, and is not replay */
|
||||
diff --git a/src/svc_auth_gss.c b/src/svc_auth_gss.c
|
||||
index b6aa407..bece46a 100644
|
||||
--- a/src/svc_auth_gss.c
|
||||
+++ b/src/svc_auth_gss.c
|
||||
@@ -129,6 +129,8 @@ struct svc_rpc_gss_data {
|
||||
((struct svc_rpc_gss_data *)(auth)->svc_ah_private)
|
||||
|
||||
/* Global server credentials. */
|
||||
+static u_int _svcauth_req_time = 0;
|
||||
+static gss_OID_set_desc _svcauth_oid_set = {1, GSS_C_NULL_OID };
|
||||
static gss_cred_id_t _svcauth_gss_creds;
|
||||
static gss_name_t _svcauth_gss_name = GSS_C_NO_NAME;
|
||||
static char * _svcauth_svc_name = NULL;
|
||||
@@ -167,6 +169,7 @@ svcauth_gss_import_name(char *service)
|
||||
gss_name_t name;
|
||||
gss_buffer_desc namebuf;
|
||||
OM_uint32 maj_stat, min_stat;
|
||||
+ bool_t result;
|
||||
|
||||
gss_log_debug("in svcauth_gss_import_name()");
|
||||
|
||||
@@ -181,22 +184,21 @@ svcauth_gss_import_name(char *service)
|
||||
maj_stat, min_stat);
|
||||
return (FALSE);
|
||||
}
|
||||
- if (svcauth_gss_set_svc_name(name) != TRUE) {
|
||||
- gss_release_name(&min_stat, &name);
|
||||
- return (FALSE);
|
||||
- }
|
||||
- return (TRUE);
|
||||
+ result = svcauth_gss_set_svc_name(name);
|
||||
+ gss_release_name(&min_stat, &name);
|
||||
+ return result;
|
||||
}
|
||||
|
||||
static bool_t
|
||||
-svcauth_gss_acquire_cred(u_int req_time, gss_OID_set_desc *oid_set)
|
||||
+svcauth_gss_acquire_cred(void)
|
||||
{
|
||||
OM_uint32 maj_stat, min_stat;
|
||||
|
||||
gss_log_debug("in svcauth_gss_acquire_cred()");
|
||||
|
||||
- maj_stat = gss_acquire_cred(&min_stat, _svcauth_gss_name, req_time,
|
||||
- oid_set, GSS_C_ACCEPT,
|
||||
+ maj_stat = gss_acquire_cred(&min_stat, _svcauth_gss_name,
|
||||
+ _svcauth_req_time, &_svcauth_oid_set,
|
||||
+ GSS_C_ACCEPT,
|
||||
&_svcauth_gss_creds, NULL, NULL);
|
||||
|
||||
if (maj_stat != GSS_S_COMPLETE) {
|
||||
@@ -300,6 +302,8 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst,
|
||||
NULL,
|
||||
&gd->deleg);
|
||||
|
||||
+ xdr_free((xdrproc_t)xdr_rpc_gss_init_args, (caddr_t)&recv_tok);
|
||||
+
|
||||
if (gr->gr_major != GSS_S_COMPLETE &&
|
||||
gr->gr_major != GSS_S_CONTINUE_NEEDED) {
|
||||
gss_log_status("svcauth_gss_accept_sec_context: accept_sec_context",
|
||||
@@ -352,8 +356,11 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst,
|
||||
return (FALSE);
|
||||
|
||||
rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS;
|
||||
- rqst->rq_xprt->xp_verf.oa_base = checksum.value;
|
||||
+ memcpy(rqst->rq_xprt->xp_verf.oa_base, checksum.value,
|
||||
+ checksum.length);
|
||||
rqst->rq_xprt->xp_verf.oa_length = checksum.length;
|
||||
+
|
||||
+ gss_release_buffer(&min_stat, &checksum);
|
||||
}
|
||||
return (TRUE);
|
||||
}
|
||||
@@ -435,10 +442,13 @@ svcauth_gss_nextverf(struct svc_req *rqst, u_int num)
|
||||
maj_stat, min_stat);
|
||||
return (FALSE);
|
||||
}
|
||||
+
|
||||
rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS;
|
||||
- rqst->rq_xprt->xp_verf.oa_base = (caddr_t)checksum.value;
|
||||
+ memcpy(rqst->rq_xprt->xp_verf.oa_base, checksum.value, checksum.length);
|
||||
rqst->rq_xprt->xp_verf.oa_length = (u_int)checksum.length;
|
||||
|
||||
+ gss_release_buffer(&min_stat, &checksum);
|
||||
+
|
||||
return (TRUE);
|
||||
}
|
||||
|
||||
@@ -568,6 +578,8 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
|
||||
gss_qop_t qop;
|
||||
struct svcauth_gss_cache_entry **ce;
|
||||
time_t now;
|
||||
+ enum auth_stat result = AUTH_OK;
|
||||
+ OM_uint32 min_stat;
|
||||
|
||||
gss_log_debug("in svcauth_gss()");
|
||||
|
||||
@@ -621,19 +633,25 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
|
||||
XDR_DESTROY(&xdrs);
|
||||
|
||||
/* Check version. */
|
||||
- if (gc->gc_v != RPCSEC_GSS_VERSION)
|
||||
- return (AUTH_BADCRED);
|
||||
+ if (gc->gc_v != RPCSEC_GSS_VERSION) {
|
||||
+ result = AUTH_BADCRED;
|
||||
+ goto out;
|
||||
+ }
|
||||
|
||||
/* Check RPCSEC_GSS service. */
|
||||
if (gc->gc_svc != RPCSEC_GSS_SVC_NONE &&
|
||||
gc->gc_svc != RPCSEC_GSS_SVC_INTEGRITY &&
|
||||
- gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY)
|
||||
- return (AUTH_BADCRED);
|
||||
+ gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY) {
|
||||
+ result = AUTH_BADCRED;
|
||||
+ goto out;
|
||||
+ }
|
||||
|
||||
/* Check sequence number. */
|
||||
if (gd->established) {
|
||||
- if (gc->gc_seq > MAXSEQ)
|
||||
- return (RPCSEC_GSS_CTXPROBLEM);
|
||||
+ if (gc->gc_seq > MAXSEQ) {
|
||||
+ result = RPCSEC_GSS_CTXPROBLEM;
|
||||
+ goto out;
|
||||
+ }
|
||||
|
||||
if ((offset = gd->seqlast - gc->gc_seq) < 0) {
|
||||
gd->seqlast = gc->gc_seq;
|
||||
@@ -643,7 +661,8 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
|
||||
}
|
||||
else if (offset >= gd->win || (gd->seqmask & (1 << offset))) {
|
||||
*no_dispatch = 1;
|
||||
- return (RPCSEC_GSS_CTXPROBLEM);
|
||||
+ result = RPCSEC_GSS_CTXPROBLEM;
|
||||
+ goto out;
|
||||
}
|
||||
gd->seq = gc->gc_seq;
|
||||
gd->seqmask |= (1 << offset);
|
||||
@@ -654,35 +673,52 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
|
||||
rqst->rq_svcname = (char *)gd->ctx;
|
||||
}
|
||||
|
||||
+ rqst->rq_xprt->xp_verf.oa_base = msg->rm_call.cb_verf.oa_base;
|
||||
+
|
||||
/* Handle RPCSEC_GSS control procedure. */
|
||||
switch (gc->gc_proc) {
|
||||
|
||||
case RPCSEC_GSS_INIT:
|
||||
case RPCSEC_GSS_CONTINUE_INIT:
|
||||
- if (rqst->rq_proc != NULLPROC)
|
||||
- return (AUTH_FAILED); /* XXX ? */
|
||||
+ if (rqst->rq_proc != NULLPROC) {
|
||||
+ result = AUTH_FAILED; /* XXX ? */
|
||||
+ break;
|
||||
+ }
|
||||
|
||||
if (_svcauth_gss_name == GSS_C_NO_NAME) {
|
||||
- if (!svcauth_gss_import_name("nfs"))
|
||||
- return (AUTH_FAILED);
|
||||
+ if (!svcauth_gss_import_name("nfs")) {
|
||||
+ result = AUTH_FAILED;
|
||||
+ break;
|
||||
+ }
|
||||
}
|
||||
|
||||
- if (!svcauth_gss_acquire_cred(0, GSS_C_NULL_OID_SET))
|
||||
- return (AUTH_FAILED);
|
||||
+ if (!svcauth_gss_acquire_cred()) {
|
||||
+ result = AUTH_FAILED;
|
||||
+ break;
|
||||
+ }
|
||||
|
||||
- if (!svcauth_gss_accept_sec_context(rqst, &gr))
|
||||
- return (AUTH_REJECTEDCRED);
|
||||
+ if (!svcauth_gss_accept_sec_context(rqst, &gr)) {
|
||||
+ result = AUTH_REJECTEDCRED;
|
||||
+ break;
|
||||
+ }
|
||||
|
||||
- if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win)))
|
||||
- return (AUTH_FAILED);
|
||||
+ if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win))) {
|
||||
+ result = AUTH_FAILED;
|
||||
+ break;
|
||||
+ }
|
||||
|
||||
*no_dispatch = TRUE;
|
||||
|
||||
call_stat = svc_sendreply(rqst->rq_xprt,
|
||||
(xdrproc_t)xdr_rpc_gss_init_res, (caddr_t)&gr);
|
||||
|
||||
- if (!call_stat)
|
||||
- return (AUTH_FAILED);
|
||||
+ gss_release_buffer(&min_stat, &gr.gr_token);
|
||||
+ free(gr.gr_ctx.value);
|
||||
+
|
||||
+ if (!call_stat) {
|
||||
+ result = AUTH_FAILED;
|
||||
+ break;
|
||||
+ }
|
||||
|
||||
if (gr.gr_major == GSS_S_COMPLETE)
|
||||
gd->established = TRUE;
|
||||
@@ -690,27 +726,37 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
|
||||
break;
|
||||
|
||||
case RPCSEC_GSS_DATA:
|
||||
- if (!svcauth_gss_validate(gd, msg, &qop))
|
||||
- return (RPCSEC_GSS_CREDPROBLEM);
|
||||
+ if (!svcauth_gss_validate(gd, msg, &qop)) {
|
||||
+ result = RPCSEC_GSS_CREDPROBLEM;
|
||||
+ break;
|
||||
+ }
|
||||
|
||||
- if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq)))
|
||||
- return (AUTH_FAILED);
|
||||
+ if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) {
|
||||
+ result = AUTH_FAILED;
|
||||
+ break;
|
||||
+ }
|
||||
|
||||
if (!gd->callback_done) {
|
||||
gd->callback_done = TRUE;
|
||||
gd->sec.qop = qop;
|
||||
(void)rpc_gss_num_to_qop(gd->rcred.mechanism,
|
||||
gd->sec.qop, &gd->rcred.qop);
|
||||
- if (!svcauth_gss_callback(rqst, gd))
|
||||
- return (AUTH_REJECTEDCRED);
|
||||
+ if (!svcauth_gss_callback(rqst, gd)) {
|
||||
+ result = AUTH_REJECTEDCRED;
|
||||
+ break;
|
||||
+ }
|
||||
}
|
||||
|
||||
if (gd->locked) {
|
||||
if (gd->rcred.service !=
|
||||
- _rpc_gss_svc_to_service(gc->gc_svc))
|
||||
- return (AUTH_FAILED);
|
||||
- if (gd->sec.qop != qop)
|
||||
- return (AUTH_BADVERF);
|
||||
+ _rpc_gss_svc_to_service(gc->gc_svc)) {
|
||||
+ result = AUTH_FAILED;
|
||||
+ break;
|
||||
+ }
|
||||
+ if (gd->sec.qop != qop) {
|
||||
+ result = AUTH_BADVERF;
|
||||
+ break;
|
||||
+ }
|
||||
}
|
||||
|
||||
if (gd->sec.qop != qop) {
|
||||
@@ -724,17 +770,25 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
|
||||
break;
|
||||
|
||||
case RPCSEC_GSS_DESTROY:
|
||||
- if (rqst->rq_proc != NULLPROC)
|
||||
- return (AUTH_FAILED); /* XXX ? */
|
||||
+ if (rqst->rq_proc != NULLPROC) {
|
||||
+ result = AUTH_FAILED; /* XXX ? */
|
||||
+ break;
|
||||
+ }
|
||||
|
||||
- if (!svcauth_gss_validate(gd, msg, &qop))
|
||||
- return (RPCSEC_GSS_CREDPROBLEM);
|
||||
+ if (!svcauth_gss_validate(gd, msg, &qop)) {
|
||||
+ result = RPCSEC_GSS_CREDPROBLEM;
|
||||
+ break;
|
||||
+ }
|
||||
|
||||
- if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq)))
|
||||
- return (AUTH_FAILED);
|
||||
+ if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) {
|
||||
+ result = AUTH_FAILED;
|
||||
+ break;
|
||||
+ }
|
||||
|
||||
- if (!svcauth_gss_release_cred())
|
||||
- return (AUTH_FAILED);
|
||||
+ if (!svcauth_gss_release_cred()) {
|
||||
+ result = AUTH_FAILED;
|
||||
+ break;
|
||||
+ }
|
||||
|
||||
SVCAUTH_DESTROY(&SVC_XP_AUTH(rqst->rq_xprt));
|
||||
SVC_XP_AUTH(rqst->rq_xprt).svc_ah_ops = svc_auth_none.svc_ah_ops;
|
||||
@@ -743,10 +797,12 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
|
||||
break;
|
||||
|
||||
default:
|
||||
- return (AUTH_REJECTEDCRED);
|
||||
+ result = AUTH_REJECTEDCRED;
|
||||
break;
|
||||
}
|
||||
- return (AUTH_OK);
|
||||
+out:
|
||||
+ xdr_free((xdrproc_t)xdr_rpc_gss_cred, (caddr_t)gc);
|
||||
+ return result;
|
||||
}
|
||||
|
||||
static bool_t
|
||||
@@ -890,7 +946,6 @@ bool_t
|
||||
rpc_gss_set_svc_name(char *principal, char *mechanism, u_int req_time,
|
||||
u_int UNUSED(program), u_int UNUSED(version))
|
||||
{
|
||||
- gss_OID_set_desc oid_set;
|
||||
rpc_gss_OID oid;
|
||||
char *save;
|
||||
|
||||
@@ -902,14 +957,13 @@ rpc_gss_set_svc_name(char *principal, char *mechanism, u_int req_time,
|
||||
|
||||
if (!rpc_gss_mech_to_oid(mechanism, &oid))
|
||||
goto out_err;
|
||||
- oid_set.count = 1;
|
||||
- oid_set.elements = (gss_OID)oid;
|
||||
|
||||
if (!svcauth_gss_import_name(principal))
|
||||
goto out_err;
|
||||
- if (!svcauth_gss_acquire_cred(req_time, &oid_set))
|
||||
- goto out_err;
|
||||
|
||||
+ _svcauth_req_time = req_time;
|
||||
+ _svcauth_oid_set.count = 1;
|
||||
+ _svcauth_oid_set.elements = (gss_OID)oid;
|
||||
free(_svcauth_svc_name);
|
||||
_svcauth_svc_name = save;
|
||||
return TRUE;
|
||||
diff --git a/src/svc_vc.c b/src/svc_vc.c
|
||||
index 6ae613d..97a76a3 100644
|
||||
--- a/src/svc_vc.c
|
||||
+++ b/src/svc_vc.c
|
||||
@@ -270,14 +270,8 @@ makefd_xprt(fd, sendsize, recvsize)
|
||||
struct cf_conn *cd;
|
||||
const char *netid;
|
||||
struct __rpc_sockinfo si;
|
||||
-
|
||||
- assert(fd != -1);
|
||||
|
||||
- if (fd >= FD_SETSIZE) {
|
||||
- warnx("svc_vc: makefd_xprt: fd too high\n");
|
||||
- xprt = NULL;
|
||||
- goto done;
|
||||
- }
|
||||
+ assert(fd != -1);
|
||||
|
||||
xprt = mem_alloc(sizeof(SVCXPRT));
|
||||
if (xprt == NULL) {
|
||||
@@ -338,22 +332,10 @@ rendezvous_request(xprt, msg)
|
||||
r = (struct cf_rendezvous *)xprt->xp_p1;
|
||||
again:
|
||||
len = sizeof addr;
|
||||
- if ((sock = accept(xprt->xp_fd, (struct sockaddr *)(void *)&addr,
|
||||
- &len)) < 0) {
|
||||
+ sock = accept(xprt->xp_fd, (struct sockaddr *)(void *)&addr, &len);
|
||||
+ if (sock < 0) {
|
||||
if (errno == EINTR)
|
||||
goto again;
|
||||
-
|
||||
- if (errno == EMFILE || errno == ENFILE) {
|
||||
- /* If there are no file descriptors available, then accept will fail.
|
||||
- We want to delay here so the connection request can be dequeued;
|
||||
- otherwise we can bounce between polling and accepting, never
|
||||
- giving the request a chance to dequeue and eating an enormous
|
||||
- amount of cpu time in svc_run if we're polling on many file
|
||||
- descriptors. */
|
||||
- struct timespec ts = { .tv_sec = 0, .tv_nsec = 50000000 };
|
||||
- nanosleep (&ts, NULL);
|
||||
- goto again;
|
||||
- }
|
||||
return (FALSE);
|
||||
}
|
||||
/*
|
||||
diff --git a/tirpc/rpc/des.h b/tirpc/rpc/des.h
|
||||
index d2881ad..018aa48 100644
|
||||
--- a/tirpc/rpc/des.h
|
||||
+++ b/tirpc/rpc/des.h
|
||||
@@ -82,6 +82,6 @@ struct desparams {
|
||||
/*
|
||||
* Software DES.
|
||||
*/
|
||||
-extern int _des_crypt( char *, int, struct desparams * );
|
||||
+extern int _des_crypt( char *, unsigned, struct desparams * );
|
||||
|
||||
#endif
|
||||
diff --git a/tirpc/rpc/rpcent.h b/tirpc/rpc/rpcent.h
|
||||
index 147f909..e07503c 100644
|
||||
--- a/tirpc/rpc/rpcent.h
|
||||
+++ b/tirpc/rpc/rpcent.h
|
||||
@@ -60,10 +60,11 @@ struct rpcent {
|
||||
extern struct rpcent *getrpcbyname(const char *);
|
||||
extern struct rpcent *getrpcbynumber(int);
|
||||
extern struct rpcent *getrpcent(void);
|
||||
-#endif
|
||||
|
||||
extern void setrpcent(int);
|
||||
extern void endrpcent(void);
|
||||
+#endif
|
||||
+
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
|
@ -11,12 +11,9 @@ PROVIDES = "virtual/librpc"
|
|||
|
||||
SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BP}.tar.bz2;name=libtirpc \
|
||||
${GENTOO_MIRROR}/${BPN}-glibc-nfs.tar.xz;name=glibc-nfs \
|
||||
file://libtirpc-1.0.2-rc3.patch \
|
||||
file://libtirpc-0.2.1-fortify.patch \
|
||||
file://export_key_secretkey_is_set.patch \
|
||||
file://0001-replace-__bzero-with-memset-API.patch \
|
||||
file://0001-include-stdint.h-for-uintptr_t.patch \
|
||||
file://0001-Fix-for-CVE-2017-8779.patch \
|
||||
"
|
||||
|
||||
SRC_URI_append_libc-uclibc = " file://remove-des-functionality.patch \
|
||||
|
@ -26,8 +23,8 @@ SRC_URI_append_libc-musl = " \
|
|||
file://Use-netbsd-queue.h.patch \
|
||||
"
|
||||
|
||||
SRC_URI[libtirpc.md5sum] = "36ce1c0ff80863bb0839d54aa0b94014"
|
||||
SRC_URI[libtirpc.sha256sum] = "5156974f31be7ccbc8ab1de37c4739af6d9d42c87b1d5caf4835dda75fcbb89e"
|
||||
SRC_URI[libtirpc.md5sum] = "d5a37f1dccec484f9cabe2b97e54e9a6"
|
||||
SRC_URI[libtirpc.sha256sum] = "723c5ce92706cbb601a8db09110df1b4b69391643158f20ff587e20e7c5f90f5"
|
||||
SRC_URI[glibc-nfs.md5sum] = "5ae500b9d0b6b72cb875bc04944b9445"
|
||||
SRC_URI[glibc-nfs.sha256sum] = "2677cfedf626f3f5a8f6e507aed5bb8f79a7453b589d684dbbc086e755170d83"
|
||||
|
Loading…
Reference in New Issue