libtirpc: Backport fix for CVE-2021-46828

CVE: CVE-2021-46828
(From OE-Core rev: a4fb608f7fba5b441074505f09b9a9a405884463)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2 files changed, 568 insertions, 1 deletions

diff --git a/meta/recipes-extended/libtirpc/libtirpc/CVE-2021-46828.patch b/meta/recipes-extended/libtirpc/libtirpc/CVE-2021-46828.patch
new file mode 100644
index 0000000000..64dffb923b
--- /dev/null
+++ b/meta/recipes-extended/libtirpc/libtirpc/CVE-2021-46828.patch
@@ -0,0 +1,565 @@
+From 86529758570cef4c73fb9b9c4104fdc510f701ed Mon Sep 17 00:00:00 2001
+From: Dai Ngo <dai.ngo@oracle.com>
+Date: Sat, 21 Aug 2021 13:16:23 -0400
+Subject: [PATCH] Fix DoS vulnerability in libtirpc
+
+Currently svc_run does not handle poll timeout and rendezvous_request
+does not handle EMFILE error returned from accept(2 as it used to.
+These two missing functionality were removed by commit b2c9430f46c4.
+
+The effect of not handling poll timeout allows idle TCP conections
+to remain ESTABLISHED indefinitely. When the number of connections
+reaches the limit of the open file descriptors (ulimit -n) then
+accept(2) fails with EMFILE. Since there is no handling of EMFILE
+error this causes svc_run() to get in a tight loop calling accept(2).
+This resulting in the RPC service of svc_run is being down, it's
+no longer able to service any requests.
+
+RPC service rpcbind, statd and mountd are effected by this
+problem.
+
+Fix by enhancing rendezvous_request to keep the number of
+SVCXPRT conections to 4/5 of the size of the file descriptor
+table. When this thresold is reached, it destroys the idle
+TCP connections or destroys the least active connection if
+no idle connnction was found.
+
+Fixes: 44bf15b8 rpcbind: don't use obsolete svc_fdset interface of libtirpc
+
+CVE: CVE-2021-46828
+Upstream-Status: Backport [http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=86529758570cef4c73fb9b9c4104fdc510f701ed]
+Signed-off-by: dai.ngo@oracle.com
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ INSTALL      | 371 +----------------------------------------------------------
+ src/svc.c    |  17 ++-
+ src/svc_vc.c |  62 +++++++++-
+ 3 files changed, 78 insertions(+), 372 deletions(-)
+ mode change 100644 => 120000 INSTALL
+
+diff --git a/INSTALL b/INSTALL
+deleted file mode 100644
+index 2099840..0000000
+--- a/INSTALL
++++ /dev/null
+@@ -1,370 +0,0 @@
+-Installation Instructions
+-*************************
+-
+-Copyright (C) 1994-1996, 1999-2002, 2004-2013 Free Software Foundation,
+-Inc.
+-
+-   Copying and distribution of this file, with or without modification,
+-are permitted in any medium without royalty provided the copyright
+-notice and this notice are preserved.  This file is offered as-is,
+-without warranty of any kind.
+-
+-Basic Installation
+-==================
+-
+-   Briefly, the shell command `./configure && make && make install'
+-should configure, build, and install this package.  The following
+-more-detailed instructions are generic; see the `README' file for
+-instructions specific to this package.  Some packages provide this
+-`INSTALL' file but do not implement all of the features documented
+-below.  The lack of an optional feature in a given package is not
+-necessarily a bug.  More recommendations for GNU packages can be found
+-in *note Makefile Conventions: (standards)Makefile Conventions.
+-
+-   The `configure' shell script attempts to guess correct values for
+-various system-dependent variables used during compilation.  It uses
+-those values to create a `Makefile' in each directory of the package.
+-It may also create one or more `.h' files containing system-dependent
+-definitions.  Finally, it creates a shell script `config.status' that
+-you can run in the future to recreate the current configuration, and a
+-file `config.log' containing compiler output (useful mainly for
+-debugging `configure').
+-
+-   It can also use an optional file (typically called `config.cache'
+-and enabled with `--cache-file=config.cache' or simply `-C') that saves
+-the results of its tests to speed up reconfiguring.  Caching is
+-disabled by default to prevent problems with accidental use of stale
+-cache files.
+-
+-   If you need to do unusual things to compile the package, please try
+-to figure out how `configure' could check whether to do them, and mail
+-diffs or instructions to the address given in the `README' so they can
+-be considered for the next release.  If you are using the cache, and at
+-some point `config.cache' contains results you don't want to keep, you
+-may remove or edit it.
+-
+-   The file `configure.ac' (or `configure.in') is used to create
+-`configure' by a program called `autoconf'.  You need `configure.ac' if
+-you want to change it or regenerate `configure' using a newer version
+-of `autoconf'.
+-
+-   The simplest way to compile this package is:
+-
+-  1. `cd' to the directory containing the package's source code and type
+-     `./configure' to configure the package for your system.
+-
+-     Running `configure' might take a while.  While running, it prints
+-     some messages telling which features it is checking for.
+-
+-  2. Type `make' to compile the package.
+-
+-  3. Optionally, type `make check' to run any self-tests that come with
+-     the package, generally using the just-built uninstalled binaries.
+-
+-  4. Type `make install' to install the programs and any data files and
+-     documentation.  When installing into a prefix owned by root, it is
+-     recommended that the package be configured and built as a regular
+-     user, and only the `make install' phase executed with root
+-     privileges.
+-
+-  5. Optionally, type `make installcheck' to repeat any self-tests, but
+-     this time using the binaries in their final installed location.
+-     This target does not install anything.  Running this target as a
+-     regular user, particularly if the prior `make install' required
+-     root privileges, verifies that the installation completed
+-     correctly.
+-
+-  6. You can remove the program binaries and object files from the
+-     source code directory by typing `make clean'.  To also remove the
+-     files that `configure' created (so you can compile the package for
+-     a different kind of computer), type `make distclean'.  There is
+-     also a `make maintainer-clean' target, but that is intended mainly
+-     for the package's developers.  If you use it, you may have to get
+-     all sorts of other programs in order to regenerate files that came
+-     with the distribution.
+-
+-  7. Often, you can also type `make uninstall' to remove the installed
+-     files again.  In practice, not all packages have tested that
+-     uninstallation works correctly, even though it is required by the
+-     GNU Coding Standards.
+-
+-  8. Some packages, particularly those that use Automake, provide `make
+-     distcheck', which can by used by developers to test that all other
+-     targets like `make install' and `make uninstall' work correctly.
+-     This target is generally not run by end users.
+-
+-Compilers and Options
+-=====================
+-
+-   Some systems require unusual options for compilation or linking that
+-the `configure' script does not know about.  Run `./configure --help'
+-for details on some of the pertinent environment variables.
+-
+-   You can give `configure' initial values for configuration parameters
+-by setting variables in the command line or in the environment.  Here
+-is an example:
+-
+-     ./configure CC=c99 CFLAGS=-g LIBS=-lposix
+-
+-   *Note Defining Variables::, for more details.
+-
+-Compiling For Multiple Architectures
+-====================================
+-
+-   You can compile the package for more than one kind of computer at the
+-same time, by placing the object files for each architecture in their
+-own directory.  To do this, you can use GNU `make'.  `cd' to the
+-directory where you want the object files and executables to go and run
+-the `configure' script.  `configure' automatically checks for the
+-source code in the directory that `configure' is in and in `..'.  This
+-is known as a "VPATH" build.
+-
+-   With a non-GNU `make', it is safer to compile the package for one
+-architecture at a time in the source code directory.  After you have
+-installed the package for one architecture, use `make distclean' before
+-reconfiguring for another architecture.
+-
+-   On MacOS X 10.5 and later systems, you can create libraries and
+-executables that work on multiple system types--known as "fat" or
+-"universal" binaries--by specifying multiple `-arch' options to the
+-compiler but only a single `-arch' option to the preprocessor.  Like
+-this:
+-
+-     ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
+-                 CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
+-                 CPP="gcc -E" CXXCPP="g++ -E"
+-
+-   This is not guaranteed to produce working output in all cases, you
+-may have to build one architecture at a time and combine the results
+-using the `lipo' tool if you have problems.
+-
+-Installation Names
+-==================
+-
+-   By default, `make install' installs the package's commands under
+-`/usr/local/bin', include files under `/usr/local/include', etc.  You
+-can specify an installation prefix other than `/usr/local' by giving
+-`configure' the option `--prefix=PREFIX', where PREFIX must be an
+-absolute file name.
+-
+-   You can specify separate installation prefixes for
+-architecture-specific files and architecture-independent files.  If you
+-pass the option `--exec-prefix=PREFIX' to `configure', the package uses
+-PREFIX as the prefix for installing programs and libraries.
+-Documentation and other data files still use the regular prefix.
+-
+-   In addition, if you use an unusual directory layout you can give
+-options like `--bindir=DIR' to specify different values for particular
+-kinds of files.  Run `configure --help' for a list of the directories
+-you can set and what kinds of files go in them.  In general, the
+-default for these options is expressed in terms of `${prefix}', so that
+-specifying just `--prefix' will affect all of the other directory
+-specifications that were not explicitly provided.
+-
+-   The most portable way to affect installation locations is to pass the
+-correct locations to `configure'; however, many packages provide one or
+-both of the following shortcuts of passing variable assignments to the
+-`make install' command line to change installation locations without
+-having to reconfigure or recompile.
+-
+-   The first method involves providing an override variable for each
+-affected directory.  For example, `make install
+-prefix=/alternate/directory' will choose an alternate location for all
+-directory configuration variables that were expressed in terms of
+-`${prefix}'.  Any directories that were specified during `configure',
+-but not in terms of `${prefix}', must each be overridden at install
+-time for the entire installation to be relocated.  The approach of
+-makefile variable overrides for each directory variable is required by
+-the GNU Coding Standards, and ideally causes no recompilation.
+-However, some platforms have known limitations with the semantics of
+-shared libraries that end up requiring recompilation when using this
+-method, particularly noticeable in packages that use GNU Libtool.
+-
+-   The second method involves providing the `DESTDIR' variable.  For
+-example, `make install DESTDIR=/alternate/directory' will prepend
+-`/alternate/directory' before all installation names.  The approach of
+-`DESTDIR' overrides is not required by the GNU Coding Standards, and
+-does not work on platforms that have drive letters.  On the other hand,
+-it does better at avoiding recompilation issues, and works well even
+-when some directory options were not specified in terms of `${prefix}'
+-at `configure' time.
+-
+-Optional Features
+-=================
+-
+-   If the package supports it, you can cause programs to be installed
+-with an extra prefix or suffix on their names by giving `configure' the
+-option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
+-
+-   Some packages pay attention to `--enable-FEATURE' options to
+-`configure', where FEATURE indicates an optional part of the package.
+-They may also pay attention to `--with-PACKAGE' options, where PACKAGE
+-is something like `gnu-as' or `x' (for the X Window System).  The
+-`README' should mention any `--enable-' and `--with-' options that the
+-package recognizes.
+-
+-   For packages that use the X Window System, `configure' can usually
+-find the X include and library files automatically, but if it doesn't,
+-you can use the `configure' options `--x-includes=DIR' and
+-`--x-libraries=DIR' to specify their locations.
+-
+-   Some packages offer the ability to configure how verbose the
+-execution of `make' will be.  For these packages, running `./configure
+---enable-silent-rules' sets the default to minimal output, which can be
+-overridden with `make V=1'; while running `./configure
+---disable-silent-rules' sets the default to verbose, which can be
+-overridden with `make V=0'.
+-
+-Particular systems
+-==================
+-
+-   On HP-UX, the default C compiler is not ANSI C compatible.  If GNU
+-CC is not installed, it is recommended to use the following options in
+-order to use an ANSI C compiler:
+-
+-     ./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
+-
+-and if that doesn't work, install pre-built binaries of GCC for HP-UX.
+-
+-   HP-UX `make' updates targets which have the same time stamps as
+-their prerequisites, which makes it generally unusable when shipped
+-generated files such as `configure' are involved.  Use GNU `make'
+-instead.
+-
+-   On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
+-parse its `<wchar.h>' header file.  The option `-nodtk' can be used as
+-a workaround.  If GNU CC is not installed, it is therefore recommended
+-to try
+-
+-     ./configure CC="cc"
+-
+-and if that doesn't work, try
+-
+-     ./configure CC="cc -nodtk"
+-
+-   On Solaris, don't put `/usr/ucb' early in your `PATH'.  This
+-directory contains several dysfunctional programs; working variants of
+-these programs are available in `/usr/bin'.  So, if you need `/usr/ucb'
+-in your `PATH', put it _after_ `/usr/bin'.
+-
+-   On Haiku, software installed for all users goes in `/boot/common',
+-not `/usr/local'.  It is recommended to use the following options:
+-
+-     ./configure --prefix=/boot/common
+-
+-Specifying the System Type
+-==========================
+-
+-   There may be some features `configure' cannot figure out
+-automatically, but needs to determine by the type of machine the package
+-will run on.  Usually, assuming the package is built to be run on the
+-_same_ architectures, `configure' can figure that out, but if it prints
+-a message saying it cannot guess the machine type, give it the
+-`--build=TYPE' option.  TYPE can either be a short name for the system
+-type, such as `sun4', or a canonical name which has the form:
+-
+-     CPU-COMPANY-SYSTEM
+-
+-where SYSTEM can have one of these forms:
+-
+-     OS
+-     KERNEL-OS
+-
+-   See the file `config.sub' for the possible values of each field.  If
+-`config.sub' isn't included in this package, then this package doesn't
+-need to know the machine type.
+-
+-   If you are _building_ compiler tools for cross-compiling, you should
+-use the option `--target=TYPE' to select the type of system they will
+-produce code for.
+-
+-   If you want to _use_ a cross compiler, that generates code for a
+-platform different from the build platform, you should specify the
+-"host" platform (i.e., that on which the generated programs will
+-eventually be run) with `--host=TYPE'.
+-
+-Sharing Defaults
+-================
+-
+-   If you want to set default values for `configure' scripts to share,
+-you can create a site shell script called `config.site' that gives
+-default values for variables like `CC', `cache_file', and `prefix'.
+-`configure' looks for `PREFIX/share/config.site' if it exists, then
+-`PREFIX/etc/config.site' if it exists.  Or, you can set the
+-`CONFIG_SITE' environment variable to the location of the site script.
+-A warning: not all `configure' scripts look for a site script.
+-
+-Defining Variables
+-==================
+-
+-   Variables not defined in a site shell script can be set in the
+-environment passed to `configure'.  However, some packages may run
+-configure again during the build, and the customized values of these
+-variables may be lost.  In order to avoid this problem, you should set
+-them in the `configure' command line, using `VAR=value'.  For example:
+-
+-     ./configure CC=/usr/local2/bin/gcc
+-
+-causes the specified `gcc' to be used as the C compiler (unless it is
+-overridden in the site shell script).
+-
+-Unfortunately, this technique does not work for `CONFIG_SHELL' due to
+-an Autoconf limitation.  Until the limitation is lifted, you can use
+-this workaround:
+-
+-     CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash
+-
+-`configure' Invocation
+-======================
+-
+-   `configure' recognizes the following options to control how it
+-operates.
+-
+-`--help'
+-`-h'
+-     Print a summary of all of the options to `configure', and exit.
+-
+-`--help=short'
+-`--help=recursive'
+-     Print a summary of the options unique to this package's
+-     `configure', and exit.  The `short' variant lists options used
+-     only in the top level, while the `recursive' variant lists options
+-     also present in any nested packages.
+-
+-`--version'
+-`-V'
+-     Print the version of Autoconf used to generate the `configure'
+-     script, and exit.
+-
+-`--cache-file=FILE'
+-     Enable the cache: use and save the results of the tests in FILE,
+-     traditionally `config.cache'.  FILE defaults to `/dev/null' to
+-     disable caching.
+-
+-`--config-cache'
+-`-C'
+-     Alias for `--cache-file=config.cache'.
+-
+-`--quiet'
+-`--silent'
+-`-q'
+-     Do not print messages saying which checks are being made.  To
+-     suppress all normal output, redirect it to `/dev/null' (any error
+-     messages will still be shown).
+-
+-`--srcdir=DIR'
+-     Look for the package's source code in directory DIR.  Usually
+-     `configure' can determine that directory automatically.
+-
+-`--prefix=DIR'
+-     Use DIR as the installation prefix.  *note Installation Names::
+-     for more details, including other options available for fine-tuning
+-     the installation locations.
+-
+-`--no-create'
+-`-n'
+-     Run the configure checks, but stop before creating any output
+-     files.
+-
+-`configure' also accepts some other, not widely useful, options.  Run
+-`configure --help' for more details.
+diff --git a/INSTALL b/INSTALL
+new file mode 120000
+index 0000000..e3f22c0
+--- /dev/null
++++ b/INSTALL
+@@ -0,0 +1 @@
++/usr/share/automake-1.16/INSTALL
+\ No newline at end of file
+diff --git a/src/svc.c b/src/svc.c
+index 6db164b..3a8709f 100644
+--- a/src/svc.c
++++ b/src/svc.c
+@@ -57,7 +57,7 @@
+ 
+ #define max(a, b) (a > b ? a : b)
+ 
+-static SVCXPRT **__svc_xports;
++SVCXPRT **__svc_xports;
+ int __svc_maxrec;
+ 
+ /*
+@@ -194,6 +194,21 @@ __xprt_do_unregister (xprt, dolock)
+     rwlock_unlock (&svc_fd_lock);
+ }
+ 
++int
++svc_open_fds()
++{
++       int ix;
++       int nfds = 0;
++
++       rwlock_rdlock (&svc_fd_lock);
++       for (ix = 0; ix < svc_max_pollfd; ++ix) {
++               if (svc_pollfd[ix].fd != -1)
++                       nfds++;
++       }
++       rwlock_unlock (&svc_fd_lock);
++       return (nfds);
++}
++
+ /*
+  * Add a service program to the callout list.
+  * The dispatch routine will be called when a rpc request for this
+diff --git a/src/svc_vc.c b/src/svc_vc.c
+index f1d9f00..3dc8a75 100644
+--- a/src/svc_vc.c
++++ b/src/svc_vc.c
+@@ -64,6 +64,8 @@
+ 
+ 
+ extern rwlock_t svc_fd_lock;
++extern SVCXPRT **__svc_xports;
++extern int svc_open_fds();
+ 
+ static SVCXPRT *makefd_xprt(int, u_int, u_int);
+ static bool_t rendezvous_request(SVCXPRT *, struct rpc_msg *);
+@@ -82,6 +84,7 @@ static void svc_vc_ops(SVCXPRT *);
+ static bool_t svc_vc_control(SVCXPRT *xprt, const u_int rq, void *in);
+ static bool_t svc_vc_rendezvous_control (SVCXPRT *xprt, const u_int rq,
+                                             void *in);
++static int __svc_destroy_idle(int timeout);
+ 
+ struct cf_rendezvous { /* kept in xprt->xp_p1 for rendezvouser */
+        u_int sendsize;
+@@ -313,13 +316,14 @@ done:
+        return (xprt);
+ }
+ 
++
+ /*ARGSUSED*/
+ static bool_t
+ rendezvous_request(xprt, msg)
+        SVCXPRT *xprt;
+        struct rpc_msg *msg;
+ {
+-       int sock, flags;
++       int sock, flags, nfds, cnt;
+        struct cf_rendezvous *r;
+        struct cf_conn *cd;
+        struct sockaddr_storage addr;
+@@ -379,6 +383,16 @@ again:
+ 
+        gettimeofday(&cd->last_recv_time, NULL);
+ 
++       nfds = svc_open_fds();
++       if (nfds >= (_rpc_dtablesize() / 5) * 4) {
++               /* destroy idle connections */
++               cnt = __svc_destroy_idle(15);
++               if (cnt == 0) {
++                       /* destroy least active */
++                       __svc_destroy_idle(0);
++               }
++       }
++
+        return (FALSE); /* there is never an rpc msg to be processed */
+ }
+ 
+@@ -820,3 +834,49 @@ __svc_clean_idle(fd_set *fds, int timeout, bool_t cleanblock)
+ {
+        return FALSE;
+ }
++
++static int
++__svc_destroy_idle(int timeout)
++{
++       int i, ncleaned = 0;
++       SVCXPRT *xprt, *least_active;
++       struct timeval tv, tdiff, tmax;
++       struct cf_conn *cd;
++
++       gettimeofday(&tv, NULL);
++       tmax.tv_sec = tmax.tv_usec = 0;
++       least_active = NULL;
++       rwlock_wrlock(&svc_fd_lock);
++
++       for (i = 0; i <= svc_max_pollfd; i++) {
++               if (svc_pollfd[i].fd == -1)
++                       continue;
++               xprt = __svc_xports[i];
++               if (xprt == NULL || xprt->xp_ops == NULL ||
++                       xprt->xp_ops->xp_recv != svc_vc_recv)
++                       continue;
++               cd = (struct cf_conn *)xprt->xp_p1;
++               if (!cd->nonblock)
++                       continue;
++               if (timeout == 0) {
++                       timersub(&tv, &cd->last_recv_time, &tdiff);
++                       if (timercmp(&tdiff, &tmax, >)) {
++                               tmax = tdiff;
++                               least_active = xprt;
++                       }
++                       continue;
++               }
++               if (tv.tv_sec - cd->last_recv_time.tv_sec > timeout) {
++                       __xprt_unregister_unlocked(xprt);
++                       __svc_vc_dodestroy(xprt);
++                       ncleaned++;
++               }
++       }
++       if (timeout == 0 && least_active != NULL) {
++               __xprt_unregister_unlocked(least_active);
++               __svc_vc_dodestroy(least_active);
++               ncleaned++;
++       }
++       rwlock_unlock(&svc_fd_lock);
++       return (ncleaned);
++}
+-- 
+1.8.3.1
+
diff --git a/meta/recipes-extended/libtirpc/libtirpc_1.3.2.bb b/meta/recipes-extended/libtirpc/libtirpc_1.3.2.bb
index 45b3d2befc..cc87638c0f 100644
--- a/meta/recipes-extended/libtirpc/libtirpc_1.3.2.bb
+++ b/meta/recipes-extended/libtirpc/libtirpc_1.3.2.bb
@@ -9,7 +9,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=f835cce8852481e4b2bbbdd23b5e47f3 \
 
 PROVIDES = "virtual/librpc"
 
-SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BP}.tar.bz2"
+SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BP}.tar.bz2 \
+           file://CVE-2021-46828.patch \
+          "
 UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/libtirpc/files/libtirpc/"
 UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)/"
 SRC_URI[sha256sum] = "e24eb88b8ce7db3b7ca6eb80115dd1284abc5ec32a8deccfed2224fc2532b9fd"