rpcbind: 0.2.4 -> 1.2.5

- Drop backport fixes 0001-rpcbind-pair-all-svc_getargs-calls-with-svc_freeargs.patch pmapproc_dump-Fixed-typo-in-memory-leak-patch.patch rpcbproc_callit_com-Stop-freeing-a-static-pointer.patch - Do not manually move binaries from bindir to sbindir, the upstream already moved rpcbind from bin_PROGRAMS to sbin_PROGRAMS in Makefile.am https://git.linux-nfs.org/?p=steved/rpcbind.git;a=commitdiff;h=9afccfcd5ab350d6bc72622f3d1ccfb9e54652b0 (From OE-Core rev: 3df591cd914a4f060f0a178a59c93b464192d80d) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Hongxu Jia <hongxu.jia@windriver.com> 2018-11-13 11:14:26 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-11-14 11:14:40 +0000
commit: a5de19553e401f49d63626be102cc99d7d2539d9 (patch)
tree: d74602053c32786691a457a371091d6d1bb8739c /meta/recipes-extended/rpcbind
parent: a97bfad798d8318dbe93b21bb025f280105cb879 (diff)
download: poky-a5de19553e401f49d63626be102cc99d7d2539d9.tar.gz
4 files changed, 2 insertions, 358 deletions
diff --git a/meta/recipes-extended/rpcbind/rpcbind/0001-rpcbind-pair-all-svc_getargs-calls-with-svc_freeargs.patch b/meta/recipes-extended/rpcbind/rpcbind/0001-rpcbind-pair-all-svc_getargs-calls-with-svc_freeargs.patch
deleted file mode 100644
index bf7aaef5a9..0000000000
--- a/meta/recipes-extended/rpcbind/rpcbind/0001-rpcbind-pair-all-svc_getargs-calls-with-svc_freeargs.patch
+++ /dev/null
@@ -1,221 +0,0 @@
-From 7ea36eeece56b59f98e469934e4c20b4da043346 Mon Sep 17 00:00:00 2001
-From: Doran Moppert <dmoppert@redhat.com>
-Date: Thu, 11 May 2017 11:42:54 -0400
-Subject: [PATCH] rpcbind: pair all svc_getargs() calls with svc_freeargs() to
- avoid memory leak
-This patch is to address CVE-2017-8779 "rpcbomb" in rpcbind, discussed
-at [1], [2], [3].  The last link suggests this issue is actually a bug
-in rpcbind, which led me here.
-The leak caused by the reproducer at [4] appears to come from
-rpcb_service_4(), in the case where svc_getargs() returns false and the
-function had an early return, rather than passing through the cleanup
-path at done:, as would otherwise occur.
-It also addresses a couple of other locations where the same fault seems
-to exist, though I haven't been able to exercise those.  I hope someone
-more intimate with rpc(3) can confirm my understanding is correct, and
-that I haven't introduced any new bugs.
-Without this patch, using the reproducer (and variants) repeatedly
-against rpcbind with a numBytes argument of 1_000_000_000, /proc/$(pidof
-rpcbind)/status reports VmSize increase of 976564 kB each call, and
-VmRSS increase of around 260 kB every 33 calls - the specific numbers
-are probably an artifact of my rhel/glibc version.  With the patch,
-there is a small (~50 kB) VmSize increase with the first message, but
-thereafter both VmSize and VmRSS remain steady.
-[1]: http://seclists.org/oss-sec/2017/q2/209
-[2]: https://bugzilla.redhat.com/show_bug.cgi?id=1448124
-[3]: https://sourceware.org/ml/libc-alpha/2017-05/msg00129.html
-[4]: https://github.com/guidovranken/rpcbomb/
-CVE: CVE-2017-8779
-Upstream-Status: Backport
-Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
---
- src/pmap_svc.c     | 56 +++++++++++++++++++++++++++++++++++++++++++++---------
- src/rpcb_svc.c     |  2 +-
- src/rpcb_svc_4.c   |  2 +-
- src/rpcb_svc_com.c |  8 ++++++++
- 4 files changed, 57 insertions(+), 11 deletions(-)
-diff --git a/src/pmap_svc.c b/src/pmap_svc.c
-index 4c744fe..e926cdc 100644
--- a/src/pmap_svc.c
-+++ b/src/pmap_svc.c
-@@ -175,6 +175,7 @@ pmapproc_change(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt, unsigned long
-        long ans;
-        uid_t uid;
-        char uidbuf[32];
-+       int rc = TRUE;
- 
-        /*
-         * Can't use getpwnam here. We might end up calling ourselves
-@@ -194,7 +195,8 @@ pmapproc_change(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt, unsigned long
- 
-        if (!svc_getargs(xprt, (xdrproc_t) xdr_pmap, (char *)&reg)) {
-                svcerr_decode(xprt);
-               return (FALSE);
-+               rc = FALSE;
-+               goto done;
-        }
- #ifdef RPCBIND_DEBUG
-        if (debugging)
-@@ -205,7 +207,8 @@ pmapproc_change(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt, unsigned long
- 
-        if (!check_access(xprt, op, reg.pm_prog, PMAPVERS)) {
-                svcerr_weakauth(xprt);
-               return (FALSE);
-+               rc = (FALSE);
-+               goto done;
-        }
- 
-        rpcbreg.r_prog = reg.pm_prog;
-@@ -258,7 +261,16 @@ done_change:
-                rpcbs_set(RPCBVERS_2_STAT, ans);
-        else
-                rpcbs_unset(RPCBVERS_2_STAT, ans);
-       return (TRUE);
-+done:
-+       if (!svc_freeargs(xprt, (xdrproc_t) xdr_pmap, (char *)&reg)) {
-+               if (debugging) {
-+                       /*(void) xlog(LOG_DEBUG, "unable to free arguments\n");*/
-+                       if (doabort) {
-+                               rpcbind_abort();
-+                       }
-+               }
-+       }
-+       return (rc);
- }
- 
- /* ARGSUSED */
-@@ -272,15 +284,18 @@ pmapproc_getport(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt)
- #ifdef RPCBIND_DEBUG
-        char *uaddr;
- #endif
-+       int rc = TRUE;
- 
-        if (!svc_getargs(xprt, (xdrproc_t) xdr_pmap, (char *)&reg)) {
-                svcerr_decode(xprt);
-               return (FALSE);
-+               rc = FALSE;
-+               goto done;
-        }
- 
-        if (!check_access(xprt, PMAPPROC_GETPORT, reg.pm_prog, PMAPVERS)) {
-                svcerr_weakauth(xprt);
-               return FALSE;
-+               rc = FALSE;
-+               goto done;
-        }
- 
- #ifdef RPCBIND_DEBUG
-@@ -330,21 +345,34 @@ pmapproc_getport(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt)
-                pmap_ipprot2netid(reg.pm_prot) ?: "<unknown>",
-                port ? udptrans : "");
- 
-       return (TRUE);
-+done:
-+       if (!svc_freeargs(xprt, (xdrproc_t) xdr_pmap, (char *)&reg)) {
-+               if (debugging) {
-+                       /* (void) xlog(LOG_DEBUG, "unable to free arguments\n");*/
-+                       if (doabort) {
-+                               rpcbind_abort();
-+                       }
-+               }
-+       }
-+       return (rc);
- }
- 
- /* ARGSUSED */
- static bool_t
- pmapproc_dump(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt)
- {
-+       int rc = TRUE;
-+
-        if (!svc_getargs(xprt, (xdrproc_t)xdr_void, NULL)) {
-                svcerr_decode(xprt);
-               return (FALSE);
-+               rc = FALSE;
-+               goto done;
-        }
- 
-        if (!check_access(xprt, PMAPPROC_DUMP, 0, PMAPVERS)) {
-                svcerr_weakauth(xprt);
-               return FALSE;
-+               rc = FALSE;
-+               goto done;
-        }
-        
-        if ((!svc_sendreply(xprt, (xdrproc_t) xdr_pmaplist_ptr,
-@@ -354,7 +382,17 @@ pmapproc_dump(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt)
-                        rpcbind_abort();
-                }
-        }
-       return (TRUE);
-+
-+done:
-+       if (!svc_freeargs(xprt, (xdrproc_t) xdr_pmap, (char *)NULL)) {
-+               if (debugging) {
-+                       /*(void) xlog(LOG_DEBUG, "unable to free arguments\n");*/
-+                       if (doabort) {
-+                               rpcbind_abort();
-+                       }
-+               }
-+       }
-+       return (rc);
- }
- 
- int pmap_netid2ipprot(const char *netid)
-diff --git a/src/rpcb_svc.c b/src/rpcb_svc.c
-index 709e3fb..091f530 100644
--- a/src/rpcb_svc.c
-+++ b/src/rpcb_svc.c
-@@ -166,7 +166,7 @@ rpcb_service_3(struct svc_req *rqstp, SVCXPRT *transp)
-                svcerr_decode(transp);
-                if (debugging)
-                        (void) xlog(LOG_DEBUG, "rpcbind: could not decode");
-               return;
-+               goto done;
-        }
- 
-        if (rqstp->rq_proc == RPCBPROC_SET
-diff --git a/src/rpcb_svc_4.c b/src/rpcb_svc_4.c
-index 5094879..eebbbbe 100644
--- a/src/rpcb_svc_4.c
-+++ b/src/rpcb_svc_4.c
-@@ -218,7 +218,7 @@ rpcb_service_4(struct svc_req *rqstp, SVCXPRT *transp)
-                svcerr_decode(transp);
-                if (debugging)
-                        (void) xlog(LOG_DEBUG, "rpcbind: could not decode\n");
-               return;
-+               goto done;
-        }
- 
-        if (rqstp->rq_proc == RPCBPROC_SET
-diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c
-index 5862c26..cb63afd 100644
--- a/src/rpcb_svc_com.c
-+++ b/src/rpcb_svc_com.c
-@@ -927,6 +927,14 @@ error:
-        if (call_msg.rm_xid != 0)
-                (void) free_slot_by_xid(call_msg.rm_xid);
- out:
-+       if (!svc_freeargs(transp, (xdrproc_t) xdr_rmtcall_args, (char *) &a)) {
-+               if (debugging) {
-+                       (void) xlog(LOG_DEBUG, "unable to free arguments\n");
-+                       if (doabort) {
-+                               rpcbind_abort();
-+                       }
-+               }
-+       }
-        if (local_uaddr)
-                free(local_uaddr);
-        if (buf_alloc)
-- 
-1.9.1
diff --git a/meta/recipes-extended/rpcbind/rpcbind/pmapproc_dump-Fixed-typo-in-memory-leak-patch.patch b/meta/recipes-extended/rpcbind/rpcbind/pmapproc_dump-Fixed-typo-in-memory-leak-patch.patch
deleted file mode 100644
index 4c23ee01ca..0000000000
--- a/meta/recipes-extended/rpcbind/rpcbind/pmapproc_dump-Fixed-typo-in-memory-leak-patch.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From c49a7ea639eb700823e174fd605bbbe183e229aa Mon Sep 17 00:00:00 2001
-From: Steve Dickson <steved@redhat.com>
-Date: Wed, 17 May 2017 10:52:25 -0400
-Subject: [PATCH] pmapproc_dump: Fixed typo in memory leak patch
-commit 7ea36eee introduce a typo that caused
-NIS (aka ypbind) to fail.
-Signed-off-by: Steve Dickson <steved@redhat.com>
-Upstream-Status: Backport
-Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
---
- src/pmap_svc.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-Index: rpcbind-0.2.4/src/pmap_svc.c
-===================================================================
--- rpcbind-0.2.4.orig/src/pmap_svc.c
-+++ rpcbind-0.2.4/src/pmap_svc.c
-@@ -384,7 +384,7 @@ pmapproc_dump(struct svc_req *rqstp /*__
-        }
- 
- done:
-       if (!svc_freeargs(xprt, (xdrproc_t) xdr_pmap, (char *)NULL)) {
-+       if (!svc_freeargs(xprt, (xdrproc_t) xdr_void, (char *)NULL)) {
-                if (debugging) {
-                        /*(void) xlog(LOG_DEBUG, "unable to free arguments\n");*/
-                        if (doabort) {
diff --git a/meta/recipes-extended/rpcbind/rpcbind/rpcbproc_callit_com-Stop-freeing-a-static-pointer.patch b/meta/recipes-extended/rpcbind/rpcbind/rpcbproc_callit_com-Stop-freeing-a-static-pointer.patch
deleted file mode 100644
index 9a000d0285..0000000000
--- a/meta/recipes-extended/rpcbind/rpcbind/rpcbproc_callit_com-Stop-freeing-a-static-pointer.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-From 7c7590ad536c0e24bef790cb1e65702fc54db566 Mon Sep 17 00:00:00 2001
-From: Steve Dickson <steved@redhat.com>
-Date: Tue, 30 May 2017 11:27:22 -0400
-Subject: [PATCH] rpcbproc_callit_com: Stop freeing a static pointer
-commit 7ea36ee introduced a svc_freeargs() call
-that ended up freeing static pointer.
-It turns out the allocations for the rmt_args
-is not necessary . The xdr routines (xdr_bytes) will
-handle the memory management and the largest
-possible message size is UDPMSGSIZE (due to UDP only)
-which is smaller than RPC_BUF_MAX
-Signed-off-by: Steve Dickson <steved@redhat.com>
-Upstream-Status: Backport
-Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
---
- src/rpcb_svc_com.c | 39 ++++++---------------------------------
- 1 file changed, 6 insertions(+), 33 deletions(-)
-diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c
-index cb63afd..1fc2229 100644
--- a/src/rpcb_svc_com.c
-+++ b/src/rpcb_svc_com.c
-@@ -612,9 +612,9 @@ rpcbproc_callit_com(struct svc_req *rqstp, SVCXPRT *transp,
-        struct netconfig *nconf;
-        struct netbuf *caller;
-        struct r_rmtcall_args a;
-       char *buf_alloc = NULL, *outbufp;
-+       char *outbufp;
-        char *outbuf_alloc = NULL;
-       char buf[RPC_BUF_MAX], outbuf[RPC_BUF_MAX];
-+       char  outbuf[RPC_BUF_MAX];
-        struct netbuf *na = (struct netbuf *) NULL;
-        struct rpc_msg call_msg;
-        int outlen;
-@@ -635,36 +635,10 @@ rpcbproc_callit_com(struct svc_req *rqstp, SVCXPRT *transp,
-        }
-        if (si.si_socktype != SOCK_DGRAM)
-                return; /* Only datagram type accepted */
-       sendsz = __rpc_get_t_size(si.si_af, si.si_proto, UDPMSGSIZE);
-       if (sendsz == 0) {      /* data transfer not supported */
-               if (reply_type == RPCBPROC_INDIRECT)
-                       svcerr_systemerr(transp);
-               return;
-       }
-       /*
-        * Should be multiple of 4 for XDR.
-        */
-       sendsz = ((sendsz + 3) / 4) * 4;
-       if (sendsz > RPC_BUF_MAX) {
-#ifdef notyet
-               buf_alloc = alloca(sendsz);             /* not in IDR2? */
-#else
-               buf_alloc = malloc(sendsz);
-#endif /* notyet */
-               if (buf_alloc == NULL) {
-                       if (debugging)
-                               xlog(LOG_DEBUG,
-                                       "rpcbproc_callit_com:  No Memory!\n");
-                       if (reply_type == RPCBPROC_INDIRECT)
-                               svcerr_systemerr(transp);
-                       return;
-               }
-               a.rmt_args.args = buf_alloc;
-       } else {
-               a.rmt_args.args = buf;
-       }
-+       sendsz = UDPMSGSIZE;
- 
-        call_msg.rm_xid = 0;    /* For error checking purposes */
-+       memset(&a, 0, sizeof(a)); /* Zero out the input buffer */
-        if (!svc_getargs(transp, (xdrproc_t) xdr_rmtcall_args, (char *) &a)) {
-                if (reply_type == RPCBPROC_INDIRECT)
-                        svcerr_decode(transp);
-@@ -704,7 +678,8 @@ rpcbproc_callit_com(struct svc_req *rqstp, SVCXPRT *transp,
-        if (rbl == (rpcblist_ptr)NULL) {
- #ifdef RPCBIND_DEBUG
-                if (debugging)
-                       xlog(LOG_DEBUG, "not found\n");
-+                       xlog(LOG_DEBUG, "prog %lu vers %lu: not found\n", 
-+                               a.rmt_prog, a.rmt_vers);
- #endif
-                if (reply_type == RPCBPROC_INDIRECT)
-                        svcerr_noprog(transp);
-@@ -937,8 +912,6 @@ out:
-        }
-        if (local_uaddr)
-                free(local_uaddr);
-       if (buf_alloc)
-               free(buf_alloc);
-        if (outbuf_alloc)
-                free(outbuf_alloc);
-        if (na) {
-- 
-2.7.4
diff --git a/meta/recipes-extended/rpcbind/rpcbind_0.2.4.bb b/meta/recipes-extended/rpcbind/rpcbind_1.2.5.bb
index 3c6774c28b..7c96aca36b 100644
--- a/meta/recipes-extended/rpcbind/rpcbind_0.2.4.bb
+++ b/meta/recipes-extended/rpcbind/rpcbind_1.2.5.bb
@@ -15,13 +15,10 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/rpcbind/rpcbind-${PV}.tar.bz2 \
           file://rpcbind.conf \
           file://rpcbind.socket \
           file://rpcbind.service \
-           file://0001-rpcbind-pair-all-svc_getargs-calls-with-svc_freeargs.patch \
-           file://pmapproc_dump-Fixed-typo-in-memory-leak-patch.patch \
-           file://rpcbproc_callit_com-Stop-freeing-a-static-pointer.patch \
           file://rpcbind_add_option_to_fix_port_number.patch \
          "
-SRC_URI[md5sum] = "cf10cd41ed8228fc54c316191c1f07fe"
+SRC_URI[md5sum] = "ed46f09b9c0fa2d49015f6431bc5ea7b"
-SRC_URI[sha256sum] = "074a9a530dc7c11e0d905aa59bcb0847c009313f02e98d3d798aa9568f414c66"
+SRC_URI[sha256sum] = "2ce360683963b35c19c43f0ee2c7f18aa5b81ef41c3fdbd15ffcb00b8bffda7a"
 inherit autotools update-rc.d systemd pkgconfig
@@ -48,8 +45,6 @@ PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_unitdir}/system/
 EXTRA_OECONF += " --enable-warmstarts --with-rpcuser=rpc"
 do_install_append () {
-        mv ${D}${bindir} ${D}${sbindir}
        install -d ${D}${sysconfdir}/init.d
        sed -e 's,/etc/,${sysconfdir}/,g' \
                -e 's,/sbin/,${sbindir}/,g' \
author	Hongxu Jia <hongxu.jia@windriver.com>	2018-11-13 11:14:26 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-11-14 11:14:40 +0000
commit	a5de19553e401f49d63626be102cc99d7d2539d9 (patch)
tree	d74602053c32786691a457a371091d6d1bb8739c /meta/recipes-extended/rpcbind
parent	a97bfad798d8318dbe93b21bb025f280105cb879 (diff)
download	poky-a5de19553e401f49d63626be102cc99d7d2539d9.tar.gz

diff --git a/meta/recipes-extended/rpcbind/rpcbind/0001-rpcbind-pair-all-svc_getargs-calls-with-svc_freeargs.patch b/meta/recipes-extended/rpcbind/rpcbind/0001-rpcbind-pair-all-svc_getargs-calls-with-svc_freeargs.patch deleted file mode 100644 index bf7aaef5a9..0000000000 --- a/meta/recipes-extended/rpcbind/rpcbind/0001-rpcbind-pair-all-svc_getargs-calls-with-svc_freeargs.patch +++ /dev/null
@@ -1,221 +0,0 @@
1	From 7ea36eeece56b59f98e469934e4c20b4da043346 Mon Sep 17 00:00:00 2001
2	From: Doran Moppert <dmoppert@redhat.com>
3	Date: Thu, 11 May 2017 11:42:54 -0400
4	Subject: [PATCH] rpcbind: pair all svc_getargs() calls with svc_freeargs() to
5	avoid memory leak
6
7	This patch is to address CVE-2017-8779 "rpcbomb" in rpcbind, discussed
8	at [1], [2], [3]. The last link suggests this issue is actually a bug
9	in rpcbind, which led me here.
10
11	The leak caused by the reproducer at [4] appears to come from
12	rpcb_service_4(), in the case where svc_getargs() returns false and the
13	function had an early return, rather than passing through the cleanup
14	path at done:, as would otherwise occur.
15
16	It also addresses a couple of other locations where the same fault seems
17	to exist, though I haven't been able to exercise those. I hope someone
18	more intimate with rpc(3) can confirm my understanding is correct, and
19	that I haven't introduced any new bugs.
20
21	Without this patch, using the reproducer (and variants) repeatedly
22	against rpcbind with a numBytes argument of 1_000_000_000, /proc/$(pidof
23	rpcbind)/status reports VmSize increase of 976564 kB each call, and
24	VmRSS increase of around 260 kB every 33 calls - the specific numbers
25	are probably an artifact of my rhel/glibc version. With the patch,
26	there is a small (~50 kB) VmSize increase with the first message, but
27	thereafter both VmSize and VmRSS remain steady.
28
29	[1]: http://seclists.org/oss-sec/2017/q2/209
30	[2]: https://bugzilla.redhat.com/show_bug.cgi?id=1448124
31	[3]: https://sourceware.org/ml/libc-alpha/2017-05/msg00129.html
32	[4]: https://github.com/guidovranken/rpcbomb/
33
34
35	CVE: CVE-2017-8779
36	Upstream-Status: Backport
37
38	Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
39	---
40	src/pmap_svc.c \| 56 +++++++++++++++++++++++++++++++++++++++++++++---------
41	src/rpcb_svc.c \| 2 +-
42	src/rpcb_svc_4.c \| 2 +-
43	src/rpcb_svc_com.c \| 8 ++++++++
44	4 files changed, 57 insertions(+), 11 deletions(-)
45
46	diff --git a/src/pmap_svc.c b/src/pmap_svc.c
47	index 4c744fe..e926cdc 100644
48	--- a/src/pmap_svc.c
49	+++ b/src/pmap_svc.c
50	@@ -175,6 +175,7 @@ pmapproc_change(struct svc_req rqstp /__unused/, SVCXPRT xprt, unsigned long
51	long ans;
52	uid_t uid;
53	char uidbuf[32];
54	+ int rc = TRUE;
55
56	/*
57	* Can't use getpwnam here. We might end up calling ourselves
58	@@ -194,7 +195,8 @@ pmapproc_change(struct svc_req rqstp /__unused/, SVCXPRT xprt, unsigned long
59
60	if (!svc_getargs(xprt, (xdrproc_t) xdr_pmap, (char *)&reg)) {
61	svcerr_decode(xprt);
62	- return (FALSE);
63	+ rc = FALSE;
64	+ goto done;
65	}
66	#ifdef RPCBIND_DEBUG
67	if (debugging)
68	@@ -205,7 +207,8 @@ pmapproc_change(struct svc_req rqstp /__unused/, SVCXPRT xprt, unsigned long
69
70	if (!check_access(xprt, op, reg.pm_prog, PMAPVERS)) {
71	svcerr_weakauth(xprt);
72	- return (FALSE);
73	+ rc = (FALSE);
74	+ goto done;
75	}
76
77	rpcbreg.r_prog = reg.pm_prog;
78	@@ -258,7 +261,16 @@ done_change:
79	rpcbs_set(RPCBVERS_2_STAT, ans);
80	else
81	rpcbs_unset(RPCBVERS_2_STAT, ans);
82	- return (TRUE);
83	+done:
84	+ if (!svc_freeargs(xprt, (xdrproc_t) xdr_pmap, (char *)&reg)) {
85	+ if (debugging) {
86	+ /(void) xlog(LOG_DEBUG, "unable to free arguments\n");/
87	+ if (doabort) {
88	+ rpcbind_abort();
89	+ }
90	+ }
91	+ }
92	+ return (rc);
93	}
94
95	/* ARGSUSED */
96	@@ -272,15 +284,18 @@ pmapproc_getport(struct svc_req rqstp /__unused/, SVCXPRT xprt)
97	#ifdef RPCBIND_DEBUG
98	char *uaddr;
99	#endif
100	+ int rc = TRUE;
101
102	if (!svc_getargs(xprt, (xdrproc_t) xdr_pmap, (char *)&reg)) {
103	svcerr_decode(xprt);
104	- return (FALSE);
105	+ rc = FALSE;
106	+ goto done;
107	}
108
109	if (!check_access(xprt, PMAPPROC_GETPORT, reg.pm_prog, PMAPVERS)) {
110	svcerr_weakauth(xprt);
111	- return FALSE;
112	+ rc = FALSE;
113	+ goto done;
114	}
115
116	#ifdef RPCBIND_DEBUG
117	@@ -330,21 +345,34 @@ pmapproc_getport(struct svc_req rqstp /__unused/, SVCXPRT xprt)
118	pmap_ipprot2netid(reg.pm_prot) ?: "<unknown>",
119	port ? udptrans : "");
120
121	- return (TRUE);
122	+done:
123	+ if (!svc_freeargs(xprt, (xdrproc_t) xdr_pmap, (char *)&reg)) {
124	+ if (debugging) {
125	+ /* (void) xlog(LOG_DEBUG, "unable to free arguments\n");*/
126	+ if (doabort) {
127	+ rpcbind_abort();
128	+ }
129	+ }
130	+ }
131	+ return (rc);
132	}
133
134	/* ARGSUSED */
135	static bool_t
136	pmapproc_dump(struct svc_req rqstp /__unused/, SVCXPRT xprt)
137	{
138	+ int rc = TRUE;
139	+
140	if (!svc_getargs(xprt, (xdrproc_t)xdr_void, NULL)) {
141	svcerr_decode(xprt);
142	- return (FALSE);
143	+ rc = FALSE;
144	+ goto done;
145	}
146
147	if (!check_access(xprt, PMAPPROC_DUMP, 0, PMAPVERS)) {
148	svcerr_weakauth(xprt);
149	- return FALSE;
150	+ rc = FALSE;
151	+ goto done;
152	}
153
154	if ((!svc_sendreply(xprt, (xdrproc_t) xdr_pmaplist_ptr,
155	@@ -354,7 +382,17 @@ pmapproc_dump(struct svc_req rqstp /__unused/, SVCXPRT xprt)
156	rpcbind_abort();
157	}
158	}
159	- return (TRUE);
160	+
161	+done:
162	+ if (!svc_freeargs(xprt, (xdrproc_t) xdr_pmap, (char *)NULL)) {
163	+ if (debugging) {
164	+ /(void) xlog(LOG_DEBUG, "unable to free arguments\n");/
165	+ if (doabort) {
166	+ rpcbind_abort();
167	+ }
168	+ }
169	+ }
170	+ return (rc);
171	}
172
173	int pmap_netid2ipprot(const char *netid)
174	diff --git a/src/rpcb_svc.c b/src/rpcb_svc.c
175	index 709e3fb..091f530 100644
176	--- a/src/rpcb_svc.c
177	+++ b/src/rpcb_svc.c
178	@@ -166,7 +166,7 @@ rpcb_service_3(struct svc_req rqstp, SVCXPRT transp)
179	svcerr_decode(transp);
180	if (debugging)
181	(void) xlog(LOG_DEBUG, "rpcbind: could not decode");
182	- return;
183	+ goto done;
184	}
185
186	if (rqstp->rq_proc == RPCBPROC_SET
187	diff --git a/src/rpcb_svc_4.c b/src/rpcb_svc_4.c
188	index 5094879..eebbbbe 100644
189	--- a/src/rpcb_svc_4.c
190	+++ b/src/rpcb_svc_4.c
191	@@ -218,7 +218,7 @@ rpcb_service_4(struct svc_req rqstp, SVCXPRT transp)
192	svcerr_decode(transp);
193	if (debugging)
194	(void) xlog(LOG_DEBUG, "rpcbind: could not decode\n");
195	- return;
196	+ goto done;
197	}
198
199	if (rqstp->rq_proc == RPCBPROC_SET
200	diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c
201	index 5862c26..cb63afd 100644
202	--- a/src/rpcb_svc_com.c
203	+++ b/src/rpcb_svc_com.c
204	@@ -927,6 +927,14 @@ error:
205	if (call_msg.rm_xid != 0)
206	(void) free_slot_by_xid(call_msg.rm_xid);
207	out:
208	+ if (!svc_freeargs(transp, (xdrproc_t) xdr_rmtcall_args, (char *) &a)) {
209	+ if (debugging) {
210	+ (void) xlog(LOG_DEBUG, "unable to free arguments\n");
211	+ if (doabort) {
212	+ rpcbind_abort();
213	+ }
214	+ }
215	+ }
216	if (local_uaddr)
217	free(local_uaddr);
218	if (buf_alloc)
219	--
220	1.9.1
221


diff --git a/meta/recipes-extended/rpcbind/rpcbind/pmapproc_dump-Fixed-typo-in-memory-leak-patch.patch b/meta/recipes-extended/rpcbind/rpcbind/pmapproc_dump-Fixed-typo-in-memory-leak-patch.patch deleted file mode 100644 index 4c23ee01ca..0000000000 --- a/meta/recipes-extended/rpcbind/rpcbind/pmapproc_dump-Fixed-typo-in-memory-leak-patch.patch +++ /dev/null
@@ -1,30 +0,0 @@
1	From c49a7ea639eb700823e174fd605bbbe183e229aa Mon Sep 17 00:00:00 2001
2	From: Steve Dickson <steved@redhat.com>
3	Date: Wed, 17 May 2017 10:52:25 -0400
4	Subject: [PATCH] pmapproc_dump: Fixed typo in memory leak patch
5
6	commit 7ea36eee introduce a typo that caused
7	NIS (aka ypbind) to fail.
8
9	Signed-off-by: Steve Dickson <steved@redhat.com>
10
11	Upstream-Status: Backport
12
13	Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
14	---
15	src/pmap_svc.c \| 2 +-
16	1 file changed, 1 insertion(+), 1 deletion(-)
17
18	Index: rpcbind-0.2.4/src/pmap_svc.c
19	===================================================================
20	--- rpcbind-0.2.4.orig/src/pmap_svc.c
21	+++ rpcbind-0.2.4/src/pmap_svc.c
22	@@ -384,7 +384,7 @@ pmapproc_dump(struct svc_req rqstp /__
23	}
24
25	done:
26	- if (!svc_freeargs(xprt, (xdrproc_t) xdr_pmap, (char *)NULL)) {
27	+ if (!svc_freeargs(xprt, (xdrproc_t) xdr_void, (char *)NULL)) {
28	if (debugging) {
29	/(void) xlog(LOG_DEBUG, "unable to free arguments\n");/
30	if (doabort) {


diff --git a/meta/recipes-extended/rpcbind/rpcbind/rpcbproc_callit_com-Stop-freeing-a-static-pointer.patch b/meta/recipes-extended/rpcbind/rpcbind/rpcbproc_callit_com-Stop-freeing-a-static-pointer.patch deleted file mode 100644 index 9a000d0285..0000000000 --- a/meta/recipes-extended/rpcbind/rpcbind/rpcbproc_callit_com-Stop-freeing-a-static-pointer.patch +++ /dev/null
@@ -1,100 +0,0 @@
1	From 7c7590ad536c0e24bef790cb1e65702fc54db566 Mon Sep 17 00:00:00 2001
2	From: Steve Dickson <steved@redhat.com>
3	Date: Tue, 30 May 2017 11:27:22 -0400
4	Subject: [PATCH] rpcbproc_callit_com: Stop freeing a static pointer
5
6	commit 7ea36ee introduced a svc_freeargs() call
7	that ended up freeing static pointer.
8
9	It turns out the allocations for the rmt_args
10	is not necessary . The xdr routines (xdr_bytes) will
11	handle the memory management and the largest
12	possible message size is UDPMSGSIZE (due to UDP only)
13	which is smaller than RPC_BUF_MAX
14
15	Signed-off-by: Steve Dickson <steved@redhat.com>
16
17	Upstream-Status: Backport
18
19	Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
20	---
21	src/rpcb_svc_com.c \| 39 ++++++---------------------------------
22	1 file changed, 6 insertions(+), 33 deletions(-)
23
24	diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c
25	index cb63afd..1fc2229 100644
26	--- a/src/rpcb_svc_com.c
27	+++ b/src/rpcb_svc_com.c
28	@@ -612,9 +612,9 @@ rpcbproc_callit_com(struct svc_req rqstp, SVCXPRT transp,
29	struct netconfig *nconf;
30	struct netbuf *caller;
31	struct r_rmtcall_args a;
32	- char buf_alloc = NULL, outbufp;
33	+ char *outbufp;
34	char *outbuf_alloc = NULL;
35	- char buf[RPC_BUF_MAX], outbuf[RPC_BUF_MAX];
36	+ char outbuf[RPC_BUF_MAX];
37	struct netbuf na = (struct netbuf ) NULL;
38	struct rpc_msg call_msg;
39	int outlen;
40	@@ -635,36 +635,10 @@ rpcbproc_callit_com(struct svc_req rqstp, SVCXPRT transp,
41	}
42	if (si.si_socktype != SOCK_DGRAM)
43	return; /* Only datagram type accepted */
44	- sendsz = __rpc_get_t_size(si.si_af, si.si_proto, UDPMSGSIZE);
45	- if (sendsz == 0) { /* data transfer not supported */
46	- if (reply_type == RPCBPROC_INDIRECT)
47	- svcerr_systemerr(transp);
48	- return;
49	- }
50	- /*
51	- * Should be multiple of 4 for XDR.
52	- */
53	- sendsz = ((sendsz + 3) / 4) * 4;
54	- if (sendsz > RPC_BUF_MAX) {
55	-#ifdef notyet
56	- buf_alloc = alloca(sendsz); /* not in IDR2? */
57	-#else
58	- buf_alloc = malloc(sendsz);
59	-#endif /* notyet */
60	- if (buf_alloc == NULL) {
61	- if (debugging)
62	- xlog(LOG_DEBUG,
63	- "rpcbproc_callit_com: No Memory!\n");
64	- if (reply_type == RPCBPROC_INDIRECT)
65	- svcerr_systemerr(transp);
66	- return;
67	- }
68	- a.rmt_args.args = buf_alloc;
69	- } else {
70	- a.rmt_args.args = buf;
71	- }
72	+ sendsz = UDPMSGSIZE;
73
74	call_msg.rm_xid = 0; /* For error checking purposes */
75	+ memset(&a, 0, sizeof(a)); /* Zero out the input buffer */
76	if (!svc_getargs(transp, (xdrproc_t) xdr_rmtcall_args, (char *) &a)) {
77	if (reply_type == RPCBPROC_INDIRECT)
78	svcerr_decode(transp);
79	@@ -704,7 +678,8 @@ rpcbproc_callit_com(struct svc_req rqstp, SVCXPRT transp,
80	if (rbl == (rpcblist_ptr)NULL) {
81	#ifdef RPCBIND_DEBUG
82	if (debugging)
83	- xlog(LOG_DEBUG, "not found\n");
84	+ xlog(LOG_DEBUG, "prog %lu vers %lu: not found\n",
85	+ a.rmt_prog, a.rmt_vers);
86	#endif
87	if (reply_type == RPCBPROC_INDIRECT)
88	svcerr_noprog(transp);
89	@@ -937,8 +912,6 @@ out:
90	}
91	if (local_uaddr)
92	free(local_uaddr);
93	- if (buf_alloc)
94	- free(buf_alloc);
95	if (outbuf_alloc)
96	free(outbuf_alloc);
97	if (na) {
98	--
99	2.7.4
100


diff --git a/meta/recipes-extended/rpcbind/rpcbind_0.2.4.bb b/meta/recipes-extended/rpcbind/rpcbind_1.2.5.bb index 3c6774c28b..7c96aca36b 100644 --- a/meta/recipes-extended/rpcbind/rpcbind_0.2.4.bb +++ b/meta/recipes-extended/rpcbind/rpcbind_1.2.5.bb
@@ -15,13 +15,10 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/rpcbind/rpcbind-${PV}.tar.bz2 \
15	file://rpcbind.conf \	15	file://rpcbind.conf \
16	file://rpcbind.socket \	16	file://rpcbind.socket \
17	file://rpcbind.service \	17	file://rpcbind.service \
18	file://0001-rpcbind-pair-all-svc_getargs-calls-with-svc_freeargs.patch \
19	file://pmapproc_dump-Fixed-typo-in-memory-leak-patch.patch \
20	file://rpcbproc_callit_com-Stop-freeing-a-static-pointer.patch \
21	file://rpcbind_add_option_to_fix_port_number.patch \	18	file://rpcbind_add_option_to_fix_port_number.patch \
22	"	19	"
23	SRC_URI[md5sum] = "cf10cd41ed8228fc54c316191c1f07fe"	20	SRC_URI[md5sum] = "ed46f09b9c0fa2d49015f6431bc5ea7b"
24	SRC_URI[sha256sum] = "074a9a530dc7c11e0d905aa59bcb0847c009313f02e98d3d798aa9568f414c66"	21	SRC_URI[sha256sum] = "2ce360683963b35c19c43f0ee2c7f18aa5b81ef41c3fdbd15ffcb00b8bffda7a"
25		22
26	inherit autotools update-rc.d systemd pkgconfig	23	inherit autotools update-rc.d systemd pkgconfig
27		24
@@ -48,8 +45,6 @@ PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_unitdir}/system/
48	EXTRA_OECONF += " --enable-warmstarts --with-rpcuser=rpc"	45	EXTRA_OECONF += " --enable-warmstarts --with-rpcuser=rpc"
49		46
50	do_install_append () {	47	do_install_append () {
51	mv ${D}${bindir} ${D}${sbindir}
52
53	install -d ${D}${sysconfdir}/init.d	48	install -d ${D}${sysconfdir}/init.d
54	sed -e 's,/etc/,${sysconfdir}/,g' \	49	sed -e 's,/etc/,${sysconfdir}/,g' \
55	-e 's,/sbin/,${sbindir}/,g' \	50	-e 's,/sbin/,${sbindir}/,g' \