summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--meta/recipes-extended/libtirpc/libtirpc/0001-Fix-for-CVE-2017-8779.patch276
-rw-r--r--meta/recipes-extended/libtirpc/libtirpc/libtirpc-0.2.1-fortify.patch26
-rw-r--r--meta/recipes-extended/libtirpc/libtirpc/libtirpc-1.0.2-rc3.patch743
-rw-r--r--meta/recipes-extended/libtirpc/libtirpc_1.0.2.bb (renamed from meta/recipes-extended/libtirpc/libtirpc_1.0.1.bb)7
4 files changed, 2 insertions, 1050 deletions
diff --git a/meta/recipes-extended/libtirpc/libtirpc/0001-Fix-for-CVE-2017-8779.patch b/meta/recipes-extended/libtirpc/libtirpc/0001-Fix-for-CVE-2017-8779.patch
deleted file mode 100644
index b3bae675ee..0000000000
--- a/meta/recipes-extended/libtirpc/libtirpc/0001-Fix-for-CVE-2017-8779.patch
+++ /dev/null
@@ -1,276 +0,0 @@
1From dd9c7cf4f8f375c6d641b760d124650c418c2ce3 Mon Sep 17 00:00:00 2001
2From: Guido Vranken <guidovranken@gmail.com>
3Date: Mon, 15 May 2017 11:12:21 -0400
4Subject: [PATCH] Fix for CVE-2017-8779
5
6Signed-off-by: Steve Dickson <steved@redhat.com>
7---
8 src/rpc_generic.c | 8 ++++++++
9 src/rpcb_prot.c | 22 ++++++++++++++--------
10 src/rpcb_st_xdr.c | 9 +++++----
11 src/xdr.c | 30 +++++++++++++++++++++++++-----
12 4 files changed, 52 insertions(+), 17 deletions(-)
13
14CVE: CVE-2017-8779
15Upstream-Status: Backport
16
17Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
18
19diff --git a/src/rpc_generic.c b/src/rpc_generic.c
20index 2f09a8f..589cbd5 100644
21--- a/src/rpc_generic.c
22+++ b/src/rpc_generic.c
23@@ -615,6 +615,9 @@ __rpc_taddr2uaddr_af(int af, const struct netbuf *nbuf)
24
25 switch (af) {
26 case AF_INET:
27+ if (nbuf->len < sizeof(*sin)) {
28+ return NULL;
29+ }
30 sin = nbuf->buf;
31 if (inet_ntop(af, &sin->sin_addr, namebuf, sizeof namebuf)
32 == NULL)
33@@ -626,6 +629,9 @@ __rpc_taddr2uaddr_af(int af, const struct netbuf *nbuf)
34 break;
35 #ifdef INET6
36 case AF_INET6:
37+ if (nbuf->len < sizeof(*sin6)) {
38+ return NULL;
39+ }
40 sin6 = nbuf->buf;
41 if (inet_ntop(af, &sin6->sin6_addr, namebuf6, sizeof namebuf6)
42 == NULL)
43@@ -667,6 +673,8 @@ __rpc_uaddr2taddr_af(int af, const char *uaddr)
44
45 port = 0;
46 sin = NULL;
47+ if (uaddr == NULL)
48+ return NULL;
49 addrstr = strdup(uaddr);
50 if (addrstr == NULL)
51 return NULL;
52diff --git a/src/rpcb_prot.c b/src/rpcb_prot.c
53index 43fd385..a923c8e 100644
54--- a/src/rpcb_prot.c
55+++ b/src/rpcb_prot.c
56@@ -41,6 +41,7 @@
57 #include <rpc/types.h>
58 #include <rpc/xdr.h>
59 #include <rpc/rpcb_prot.h>
60+#include "rpc_com.h"
61
62 bool_t
63 xdr_rpcb(xdrs, objp)
64@@ -53,13 +54,13 @@ xdr_rpcb(xdrs, objp)
65 if (!xdr_u_int32_t(xdrs, &objp->r_vers)) {
66 return (FALSE);
67 }
68- if (!xdr_string(xdrs, &objp->r_netid, (u_int)~0)) {
69+ if (!xdr_string(xdrs, &objp->r_netid, RPC_MAXDATASIZE)) {
70 return (FALSE);
71 }
72- if (!xdr_string(xdrs, &objp->r_addr, (u_int)~0)) {
73+ if (!xdr_string(xdrs, &objp->r_addr, RPC_MAXDATASIZE)) {
74 return (FALSE);
75 }
76- if (!xdr_string(xdrs, &objp->r_owner, (u_int)~0)) {
77+ if (!xdr_string(xdrs, &objp->r_owner, RPC_MAXDATASIZE)) {
78 return (FALSE);
79 }
80 return (TRUE);
81@@ -159,19 +160,19 @@ xdr_rpcb_entry(xdrs, objp)
82 XDR *xdrs;
83 rpcb_entry *objp;
84 {
85- if (!xdr_string(xdrs, &objp->r_maddr, (u_int)~0)) {
86+ if (!xdr_string(xdrs, &objp->r_maddr, RPC_MAXDATASIZE)) {
87 return (FALSE);
88 }
89- if (!xdr_string(xdrs, &objp->r_nc_netid, (u_int)~0)) {
90+ if (!xdr_string(xdrs, &objp->r_nc_netid, RPC_MAXDATASIZE)) {
91 return (FALSE);
92 }
93 if (!xdr_u_int32_t(xdrs, &objp->r_nc_semantics)) {
94 return (FALSE);
95 }
96- if (!xdr_string(xdrs, &objp->r_nc_protofmly, (u_int)~0)) {
97+ if (!xdr_string(xdrs, &objp->r_nc_protofmly, RPC_MAXDATASIZE)) {
98 return (FALSE);
99 }
100- if (!xdr_string(xdrs, &objp->r_nc_proto, (u_int)~0)) {
101+ if (!xdr_string(xdrs, &objp->r_nc_proto, RPC_MAXDATASIZE)) {
102 return (FALSE);
103 }
104 return (TRUE);
105@@ -292,7 +293,7 @@ xdr_rpcb_rmtcallres(xdrs, p)
106 bool_t dummy;
107 struct r_rpcb_rmtcallres *objp = (struct r_rpcb_rmtcallres *)(void *)p;
108
109- if (!xdr_string(xdrs, &objp->addr, (u_int)~0)) {
110+ if (!xdr_string(xdrs, &objp->addr, RPC_MAXDATASIZE)) {
111 return (FALSE);
112 }
113 if (!xdr_u_int(xdrs, &objp->results.results_len)) {
114@@ -312,6 +313,11 @@ xdr_netbuf(xdrs, objp)
115 if (!xdr_u_int32_t(xdrs, (u_int32_t *) &objp->maxlen)) {
116 return (FALSE);
117 }
118+
119+ if (objp->maxlen > RPC_MAXDATASIZE) {
120+ return (FALSE);
121+ }
122+
123 dummy = xdr_bytes(xdrs, (char **)&(objp->buf),
124 (u_int *)&(objp->len), objp->maxlen);
125 return (dummy);
126diff --git a/src/rpcb_st_xdr.c b/src/rpcb_st_xdr.c
127index 08db745..28e6a48 100644
128--- a/src/rpcb_st_xdr.c
129+++ b/src/rpcb_st_xdr.c
130@@ -37,6 +37,7 @@
131
132
133 #include <rpc/rpc.h>
134+#include "rpc_com.h"
135
136 /* Link list of all the stats about getport and getaddr */
137
138@@ -58,7 +59,7 @@ xdr_rpcbs_addrlist(xdrs, objp)
139 if (!xdr_int(xdrs, &objp->failure)) {
140 return (FALSE);
141 }
142- if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) {
143+ if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) {
144 return (FALSE);
145 }
146
147@@ -109,7 +110,7 @@ xdr_rpcbs_rmtcalllist(xdrs, objp)
148 IXDR_PUT_INT32(buf, objp->failure);
149 IXDR_PUT_INT32(buf, objp->indirect);
150 }
151- if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) {
152+ if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) {
153 return (FALSE);
154 }
155 if (!xdr_pointer(xdrs, (char **)&objp->next,
156@@ -147,7 +148,7 @@ xdr_rpcbs_rmtcalllist(xdrs, objp)
157 objp->failure = (int)IXDR_GET_INT32(buf);
158 objp->indirect = (int)IXDR_GET_INT32(buf);
159 }
160- if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) {
161+ if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) {
162 return (FALSE);
163 }
164 if (!xdr_pointer(xdrs, (char **)&objp->next,
165@@ -175,7 +176,7 @@ xdr_rpcbs_rmtcalllist(xdrs, objp)
166 if (!xdr_int(xdrs, &objp->indirect)) {
167 return (FALSE);
168 }
169- if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) {
170+ if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) {
171 return (FALSE);
172 }
173 if (!xdr_pointer(xdrs, (char **)&objp->next,
174diff --git a/src/xdr.c b/src/xdr.c
175index f3fb9ad..b9a1558 100644
176--- a/src/xdr.c
177+++ b/src/xdr.c
178@@ -42,8 +42,10 @@
179 #include <stdlib.h>
180 #include <string.h>
181
182+#include <rpc/rpc.h>
183 #include <rpc/types.h>
184 #include <rpc/xdr.h>
185+#include <rpc/rpc_com.h>
186
187 typedef quad_t longlong_t; /* ANSI long long type */
188 typedef u_quad_t u_longlong_t; /* ANSI unsigned long long type */
189@@ -53,7 +55,6 @@ typedef u_quad_t u_longlong_t; /* ANSI unsigned long long type */
190 */
191 #define XDR_FALSE ((long) 0)
192 #define XDR_TRUE ((long) 1)
193-#define LASTUNSIGNED ((u_int) 0-1)
194
195 /*
196 * for unit alignment
197@@ -629,6 +630,7 @@ xdr_bytes(xdrs, cpp, sizep, maxsize)
198 {
199 char *sp = *cpp; /* sp is the actual string pointer */
200 u_int nodesize;
201+ bool_t ret, allocated = FALSE;
202
203 /*
204 * first deal with the length since xdr bytes are counted
205@@ -652,6 +654,7 @@ xdr_bytes(xdrs, cpp, sizep, maxsize)
206 }
207 if (sp == NULL) {
208 *cpp = sp = mem_alloc(nodesize);
209+ allocated = TRUE;
210 }
211 if (sp == NULL) {
212 warnx("xdr_bytes: out of memory");
213@@ -660,7 +663,14 @@ xdr_bytes(xdrs, cpp, sizep, maxsize)
214 /* FALLTHROUGH */
215
216 case XDR_ENCODE:
217- return (xdr_opaque(xdrs, sp, nodesize));
218+ ret = xdr_opaque(xdrs, sp, nodesize);
219+ if ((xdrs->x_op == XDR_DECODE) && (ret == FALSE)) {
220+ if (allocated == TRUE) {
221+ free(sp);
222+ *cpp = NULL;
223+ }
224+ }
225+ return (ret);
226
227 case XDR_FREE:
228 if (sp != NULL) {
229@@ -754,6 +764,7 @@ xdr_string(xdrs, cpp, maxsize)
230 char *sp = *cpp; /* sp is the actual string pointer */
231 u_int size;
232 u_int nodesize;
233+ bool_t ret, allocated = FALSE;
234
235 /*
236 * first deal with the length since xdr strings are counted-strings
237@@ -793,8 +804,10 @@ xdr_string(xdrs, cpp, maxsize)
238 switch (xdrs->x_op) {
239
240 case XDR_DECODE:
241- if (sp == NULL)
242+ if (sp == NULL) {
243 *cpp = sp = mem_alloc(nodesize);
244+ allocated = TRUE;
245+ }
246 if (sp == NULL) {
247 warnx("xdr_string: out of memory");
248 return (FALSE);
249@@ -803,7 +816,14 @@ xdr_string(xdrs, cpp, maxsize)
250 /* FALLTHROUGH */
251
252 case XDR_ENCODE:
253- return (xdr_opaque(xdrs, sp, size));
254+ ret = xdr_opaque(xdrs, sp, size);
255+ if ((xdrs->x_op == XDR_DECODE) && (ret == FALSE)) {
256+ if (allocated == TRUE) {
257+ free(sp);
258+ *cpp = NULL;
259+ }
260+ }
261+ return (ret);
262
263 case XDR_FREE:
264 mem_free(sp, nodesize);
265@@ -823,7 +843,7 @@ xdr_wrapstring(xdrs, cpp)
266 XDR *xdrs;
267 char **cpp;
268 {
269- return xdr_string(xdrs, cpp, LASTUNSIGNED);
270+ return xdr_string(xdrs, cpp, RPC_MAXDATASIZE);
271 }
272
273 /*
274--
2751.9.1
276
diff --git a/meta/recipes-extended/libtirpc/libtirpc/libtirpc-0.2.1-fortify.patch b/meta/recipes-extended/libtirpc/libtirpc/libtirpc-0.2.1-fortify.patch
deleted file mode 100644
index 4a785d344a..0000000000
--- a/meta/recipes-extended/libtirpc/libtirpc/libtirpc-0.2.1-fortify.patch
+++ /dev/null
@@ -1,26 +0,0 @@
1Fix a possible overflow (reported by _FORTIFY_SOURCE=2)
2
3Ported from Gentoo
4
5Upstream-Status: Pending
6
7Signed-off-by: Khem Raj <raj.khem@gmail.com>
8
9Index: libtirpc-0.2.1/src/getrpcport.c
10===================================================================
11--- libtirpc-0.2.1.orig/src/getrpcport.c
12+++ libtirpc-0.2.1/src/getrpcport.c
13@@ -54,11 +54,11 @@ getrpcport(host, prognum, versnum, proto
14
15 if ((hp = gethostbyname(host)) == NULL)
16 return (0);
17+ if (hp->h_length != sizeof(addr.sin_addr.s_addr))
18+ return (0);
19 memset(&addr, 0, sizeof(addr));
20 addr.sin_family = AF_INET;
21 addr.sin_port = 0;
22- if (hp->h_length > sizeof(addr))
23- hp->h_length = sizeof(addr);
24 memcpy(&addr.sin_addr.s_addr, hp->h_addr, (size_t)hp->h_length);
25 /* Inconsistent interfaces need casts! :-( */
26 return (pmap_getport(&addr, (u_long)prognum, (u_long)versnum,
diff --git a/meta/recipes-extended/libtirpc/libtirpc/libtirpc-1.0.2-rc3.patch b/meta/recipes-extended/libtirpc/libtirpc/libtirpc-1.0.2-rc3.patch
deleted file mode 100644
index 113dabe13b..0000000000
--- a/meta/recipes-extended/libtirpc/libtirpc/libtirpc-1.0.2-rc3.patch
+++ /dev/null
@@ -1,743 +0,0 @@
1Backport the 1.0.2 RC3 changes, this fixes issues with gcc7
2
3Upstream-Status: Backport
4
5Signed-off-by: Khem Raj <raj.khem@gmail.com>
6
7diff --git a/src/Makefile.am b/src/Makefile.am
8index e4ed8aa..fba2aa4 100644
9--- a/src/Makefile.am
10+++ b/src/Makefile.am
11@@ -24,7 +24,7 @@ libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c bindresvport.c cln
12 rpcb_st_xdr.c svc.c svc_auth.c svc_dg.c svc_auth_unix.c svc_auth_none.c \
13 svc_auth_des.c \
14 svc_generic.c svc_raw.c svc_run.c svc_simple.c svc_vc.c getpeereid.c \
15- auth_time.c auth_des.c authdes_prot.c debug.c
16+ auth_time.c auth_des.c authdes_prot.c debug.c des_crypt.c des_impl.c
17
18 ## XDR
19 libtirpc_la_SOURCES += xdr.c xdr_rec.c xdr_array.c xdr_float.c xdr_mem.c xdr_reference.c xdr_stdio.c xdr_sizeof.c
20diff --git a/src/auth_des.c b/src/auth_des.c
21index 4d3639e..af2f61f 100644
22--- a/src/auth_des.c
23+++ b/src/auth_des.c
24@@ -46,8 +46,8 @@
25 #include <rpc/clnt.h>
26 #include <rpc/xdr.h>
27 #include <sys/socket.h>
28-#undef NIS
29-#include <rpcsvc/nis.h>
30+
31+#include "nis.h"
32
33 #if defined(LIBC_SCCS) && !defined(lint)
34 #endif
35diff --git a/src/auth_gss.c b/src/auth_gss.c
36index 9b88c38..5959893 100644
37--- a/src/auth_gss.c
38+++ b/src/auth_gss.c
39@@ -526,6 +526,14 @@ _rpc_gss_refresh(AUTH *auth, rpc_gss_options_ret_t *options_ret)
40 gr.gr_major != GSS_S_CONTINUE_NEEDED)) {
41 options_ret->major_status = gr.gr_major;
42 options_ret->minor_status = gr.gr_minor;
43+ if (call_stat != RPC_SUCCESS) {
44+ struct rpc_err err;
45+ clnt_geterr(gd->clnt, &err);
46+ LIBTIRPC_DEBUG(1, ("authgss_refresh: %s errno: %s",
47+ clnt_sperrno(call_stat), strerror(err.re_errno)));
48+ } else
49+ gss_log_status("authgss_refresh:",
50+ gr.gr_major, gr.gr_minor);
51 return FALSE;
52 }
53
54diff --git a/src/auth_time.c b/src/auth_time.c
55index 10e58eb..7f83ab4 100644
56--- a/src/auth_time.c
57+++ b/src/auth_time.c
58@@ -44,8 +44,8 @@
59 #include <rpc/rpcb_prot.h>
60 //#include <clnt_soc.h>
61 #include <sys/select.h>
62-#undef NIS
63-#include <rpcsvc/nis.h>
64+
65+#include "nis.h"
66
67
68 #ifdef TESTING
69diff --git a/src/des_impl.c b/src/des_impl.c
70index c5b7ed6..9dbccaf 100644
71--- a/src/des_impl.c
72+++ b/src/des_impl.c
73@@ -6,7 +6,8 @@
74 /* see <http://www.gnu.org/licenses/> to obtain a copy. */
75 #include <string.h>
76 #include <stdint.h>
77-#include <rpc/rpc_des.h>
78+#include <sys/types.h>
79+#include <rpc/des.h>
80
81
82 static const uint32_t des_SPtrans[8][64] =
83diff --git a/src/getpublickey.c b/src/getpublickey.c
84index 764a5f9..8cf4dc2 100644
85--- a/src/getpublickey.c
86+++ b/src/getpublickey.c
87@@ -38,8 +38,10 @@
88 #include <pwd.h>
89 #include <rpc/rpc.h>
90 #include <rpc/key_prot.h>
91+#ifdef YP
92 #include <rpcsvc/yp_prot.h>
93 #include <rpcsvc/ypclnt.h>
94+#endif
95 #include <string.h>
96 #include <stdlib.h>
97
98diff --git a/src/nis.h b/src/nis.h
99new file mode 100644
100index 0000000..588c041
101--- /dev/null
102+++ b/src/nis.h
103@@ -0,0 +1,70 @@
104+/*
105+ * Copyright (c) 2010, Oracle America, Inc.
106+ *
107+ * Redistribution and use in source and binary forms, with or without
108+ * modification, are permitted provided that the following conditions are
109+ * met:
110+ *
111+ * * Redistributions of source code must retain the above copyright
112+ * notice, this list of conditions and the following disclaimer.
113+ * * Redistributions in binary form must reproduce the above
114+ * copyright notice, this list of conditions and the following
115+ * disclaimer in the documentation and/or other materials
116+ * provided with the distribution.
117+ * * Neither the name of the "Oracle America, Inc." nor the names of its
118+ * contributors may be used to endorse or promote products derived
119+ * from this software without specific prior written permission.
120+ *
121+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
122+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
123+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
124+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
125+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
126+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
127+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
128+ * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
129+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
130+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
131+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
132+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
133+ */
134+
135+#ifndef _INTERNAL_NIS_H
136+#define _INTERNAL_NIS_H 1
137+
138+/* This file only contains the definition of nis_server, to be
139+ able to compile libtirpc without the need to have a glibc
140+ with sunrpc or a libnsl already installed. */
141+
142+#define NIS_PK_NONE 0
143+
144+struct nis_attr {
145+ char *zattr_ndx;
146+ struct {
147+ u_int zattr_val_len;
148+ char *zattr_val_val;
149+ } zattr_val;
150+};
151+typedef struct nis_attr nis_attr;
152+
153+typedef char *nis_name;
154+
155+struct endpoint {
156+ char *uaddr;
157+ char *family;
158+ char *proto;
159+};
160+typedef struct endpoint endpoint;
161+
162+struct nis_server {
163+ nis_name name;
164+ struct {
165+ u_int ep_len;
166+ endpoint *ep_val;
167+ } ep;
168+ uint32_t key_type;
169+ netobj pkey;
170+};
171+typedef struct nis_server nis_server;
172+
173+#endif /* ! _INTERNAL_NIS_H */
174diff --git a/src/rpc_dtablesize.c b/src/rpc_dtablesize.c
175index 13d320c..3fe503a 100644
176--- a/src/rpc_dtablesize.c
177+++ b/src/rpc_dtablesize.c
178@@ -27,22 +27,14 @@
179 */
180
181 #include <unistd.h>
182-
183 #include <sys/select.h>
184-
185-int _rpc_dtablesize(void); /* XXX */
186+#include <rpc/clnt.h>
187+#include <rpc/rpc_com.h>
188
189 /*
190 * Cache the result of getdtablesize(), so we don't have to do an
191 * expensive system call every time.
192 */
193-/*
194- * XXX In FreeBSD 2.x, you can have the maximum number of open file
195- * descriptors be greater than FD_SETSIZE (which us 256 by default).
196- *
197- * Since old programs tend to use this call to determine the first arg
198- * for _select(), having this return > FD_SETSIZE is a Bad Idea(TM)!
199- */
200 int
201 _rpc_dtablesize(void)
202 {
203diff --git a/src/rpc_soc.c b/src/rpc_soc.c
204index 1ec7b3f..ed0892a 100644
205--- a/src/rpc_soc.c
206+++ b/src/rpc_soc.c
207@@ -61,8 +61,8 @@
208 #include <string.h>
209 #include <unistd.h>
210 #include <fcntl.h>
211-#include <rpcsvc/nis.h>
212
213+#include "nis.h"
214 #include "rpc_com.h"
215
216 extern mutex_t rpcsoc_lock;
217diff --git a/src/rtime.c b/src/rtime.c
218index c34e0af..b642840 100644
219--- a/src/rtime.c
220+++ b/src/rtime.c
221@@ -46,6 +46,7 @@
222 #include <unistd.h>
223 #include <errno.h>
224 #include <sys/types.h>
225+#include <sys/poll.h>
226 #include <sys/socket.h>
227 #include <sys/time.h>
228 #include <netinet/in.h>
229@@ -67,7 +68,8 @@ rtime(addrp, timep, timeout)
230 struct timeval *timeout;
231 {
232 int s;
233- fd_set readfds;
234+ struct pollfd fd;
235+ int milliseconds;
236 int res;
237 unsigned long thetime;
238 struct sockaddr_in from;
239@@ -94,31 +96,32 @@ rtime(addrp, timep, timeout)
240 addrp->sin_port = serv->s_port;
241
242 if (type == SOCK_DGRAM) {
243- res = sendto(s, (char *)&thetime, sizeof(thetime), 0,
244+ res = sendto(s, (char *)&thetime, sizeof(thetime), 0,
245 (struct sockaddr *)addrp, sizeof(*addrp));
246 if (res < 0) {
247 do_close(s);
248- return(-1);
249+ return(-1);
250 }
251- do {
252- FD_ZERO(&readfds);
253- FD_SET(s, &readfds);
254- res = select(_rpc_dtablesize(), &readfds,
255- (fd_set *)NULL, (fd_set *)NULL, timeout);
256- } while (res < 0 && errno == EINTR);
257+
258+ milliseconds = (timeout->tv_sec * 1000) + (timeout->tv_usec / 1000);
259+ fd.fd = s;
260+ fd.events = POLLIN;
261+ do
262+ res = poll (&fd, 1, milliseconds);
263+ while (res < 0 && errno == EINTR);
264 if (res <= 0) {
265 if (res == 0) {
266 errno = ETIMEDOUT;
267 }
268 do_close(s);
269- return(-1);
270+ return(-1);
271 }
272 fromlen = sizeof(from);
273- res = recvfrom(s, (char *)&thetime, sizeof(thetime), 0,
274+ res = recvfrom(s, (char *)&thetime, sizeof(thetime), 0,
275 (struct sockaddr *)&from, &fromlen);
276 do_close(s);
277 if (res < 0) {
278- return(-1);
279+ return(-1);
280 }
281 } else {
282 if (connect(s, (struct sockaddr *)addrp, sizeof(*addrp)) < 0) {
283diff --git a/src/svc.c b/src/svc.c
284index 9c41445..b59467b 100644
285--- a/src/svc.c
286+++ b/src/svc.c
287@@ -99,7 +99,7 @@ xprt_register (xprt)
288 {
289 __svc_xports = (SVCXPRT **) calloc (_rpc_dtablesize(), sizeof (SVCXPRT *));
290 if (__svc_xports == NULL)
291- return;
292+ goto unlock;
293 }
294 if (sock < _rpc_dtablesize())
295 {
296@@ -120,14 +120,14 @@ xprt_register (xprt)
297 svc_pollfd[i].fd = sock;
298 svc_pollfd[i].events = (POLLIN | POLLPRI |
299 POLLRDNORM | POLLRDBAND);
300- return;
301+ goto unlock;
302 }
303
304 new_svc_pollfd = (struct pollfd *) realloc (svc_pollfd,
305 sizeof (struct pollfd)
306 * (svc_max_pollfd + 1));
307 if (new_svc_pollfd == NULL) /* Out of memory */
308- return;
309+ goto unlock;
310 svc_pollfd = new_svc_pollfd;
311 ++svc_max_pollfd;
312
313@@ -135,6 +135,7 @@ xprt_register (xprt)
314 svc_pollfd[svc_max_pollfd - 1].events = (POLLIN | POLLPRI |
315 POLLRDNORM | POLLRDBAND);
316 }
317+unlock:
318 rwlock_unlock (&svc_fd_lock);
319 }
320
321diff --git a/src/svc_auth_des.c b/src/svc_auth_des.c
322index 5bc264c..2e90146 100644
323--- a/src/svc_auth_des.c
324+++ b/src/svc_auth_des.c
325@@ -86,13 +86,13 @@ static struct cache_entry *authdes_cache/* [AUTHDES_CACHESZ] */;
326 static short *authdes_lru/* [AUTHDES_CACHESZ] */;
327
328 static void cache_init(); /* initialize the cache */
329-static short cache_spot(); /* find an entry in the cache */
330-static void cache_ref(/*short sid*/); /* note that sid was ref'd */
331+static short cache_spot(des_block *key, char *name, struct timeval *timestamp); /* find an entry in the cache */
332+static void cache_ref(short sid); /* note that sid was ref'd */
333
334-static void invalidate(); /* invalidate entry in cache */
335+static void invalidate(char *cred); /* invalidate entry in cache */
336
337 /*
338- * cache statistics
339+ * cache statistics
340 */
341 static struct {
342 u_long ncachehits; /* times cache hit, and is not replay */
343diff --git a/src/svc_auth_gss.c b/src/svc_auth_gss.c
344index b6aa407..bece46a 100644
345--- a/src/svc_auth_gss.c
346+++ b/src/svc_auth_gss.c
347@@ -129,6 +129,8 @@ struct svc_rpc_gss_data {
348 ((struct svc_rpc_gss_data *)(auth)->svc_ah_private)
349
350 /* Global server credentials. */
351+static u_int _svcauth_req_time = 0;
352+static gss_OID_set_desc _svcauth_oid_set = {1, GSS_C_NULL_OID };
353 static gss_cred_id_t _svcauth_gss_creds;
354 static gss_name_t _svcauth_gss_name = GSS_C_NO_NAME;
355 static char * _svcauth_svc_name = NULL;
356@@ -167,6 +169,7 @@ svcauth_gss_import_name(char *service)
357 gss_name_t name;
358 gss_buffer_desc namebuf;
359 OM_uint32 maj_stat, min_stat;
360+ bool_t result;
361
362 gss_log_debug("in svcauth_gss_import_name()");
363
364@@ -181,22 +184,21 @@ svcauth_gss_import_name(char *service)
365 maj_stat, min_stat);
366 return (FALSE);
367 }
368- if (svcauth_gss_set_svc_name(name) != TRUE) {
369- gss_release_name(&min_stat, &name);
370- return (FALSE);
371- }
372- return (TRUE);
373+ result = svcauth_gss_set_svc_name(name);
374+ gss_release_name(&min_stat, &name);
375+ return result;
376 }
377
378 static bool_t
379-svcauth_gss_acquire_cred(u_int req_time, gss_OID_set_desc *oid_set)
380+svcauth_gss_acquire_cred(void)
381 {
382 OM_uint32 maj_stat, min_stat;
383
384 gss_log_debug("in svcauth_gss_acquire_cred()");
385
386- maj_stat = gss_acquire_cred(&min_stat, _svcauth_gss_name, req_time,
387- oid_set, GSS_C_ACCEPT,
388+ maj_stat = gss_acquire_cred(&min_stat, _svcauth_gss_name,
389+ _svcauth_req_time, &_svcauth_oid_set,
390+ GSS_C_ACCEPT,
391 &_svcauth_gss_creds, NULL, NULL);
392
393 if (maj_stat != GSS_S_COMPLETE) {
394@@ -300,6 +302,8 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst,
395 NULL,
396 &gd->deleg);
397
398+ xdr_free((xdrproc_t)xdr_rpc_gss_init_args, (caddr_t)&recv_tok);
399+
400 if (gr->gr_major != GSS_S_COMPLETE &&
401 gr->gr_major != GSS_S_CONTINUE_NEEDED) {
402 gss_log_status("svcauth_gss_accept_sec_context: accept_sec_context",
403@@ -352,8 +356,11 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst,
404 return (FALSE);
405
406 rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS;
407- rqst->rq_xprt->xp_verf.oa_base = checksum.value;
408+ memcpy(rqst->rq_xprt->xp_verf.oa_base, checksum.value,
409+ checksum.length);
410 rqst->rq_xprt->xp_verf.oa_length = checksum.length;
411+
412+ gss_release_buffer(&min_stat, &checksum);
413 }
414 return (TRUE);
415 }
416@@ -435,10 +442,13 @@ svcauth_gss_nextverf(struct svc_req *rqst, u_int num)
417 maj_stat, min_stat);
418 return (FALSE);
419 }
420+
421 rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS;
422- rqst->rq_xprt->xp_verf.oa_base = (caddr_t)checksum.value;
423+ memcpy(rqst->rq_xprt->xp_verf.oa_base, checksum.value, checksum.length);
424 rqst->rq_xprt->xp_verf.oa_length = (u_int)checksum.length;
425
426+ gss_release_buffer(&min_stat, &checksum);
427+
428 return (TRUE);
429 }
430
431@@ -568,6 +578,8 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
432 gss_qop_t qop;
433 struct svcauth_gss_cache_entry **ce;
434 time_t now;
435+ enum auth_stat result = AUTH_OK;
436+ OM_uint32 min_stat;
437
438 gss_log_debug("in svcauth_gss()");
439
440@@ -621,19 +633,25 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
441 XDR_DESTROY(&xdrs);
442
443 /* Check version. */
444- if (gc->gc_v != RPCSEC_GSS_VERSION)
445- return (AUTH_BADCRED);
446+ if (gc->gc_v != RPCSEC_GSS_VERSION) {
447+ result = AUTH_BADCRED;
448+ goto out;
449+ }
450
451 /* Check RPCSEC_GSS service. */
452 if (gc->gc_svc != RPCSEC_GSS_SVC_NONE &&
453 gc->gc_svc != RPCSEC_GSS_SVC_INTEGRITY &&
454- gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY)
455- return (AUTH_BADCRED);
456+ gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY) {
457+ result = AUTH_BADCRED;
458+ goto out;
459+ }
460
461 /* Check sequence number. */
462 if (gd->established) {
463- if (gc->gc_seq > MAXSEQ)
464- return (RPCSEC_GSS_CTXPROBLEM);
465+ if (gc->gc_seq > MAXSEQ) {
466+ result = RPCSEC_GSS_CTXPROBLEM;
467+ goto out;
468+ }
469
470 if ((offset = gd->seqlast - gc->gc_seq) < 0) {
471 gd->seqlast = gc->gc_seq;
472@@ -643,7 +661,8 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
473 }
474 else if (offset >= gd->win || (gd->seqmask & (1 << offset))) {
475 *no_dispatch = 1;
476- return (RPCSEC_GSS_CTXPROBLEM);
477+ result = RPCSEC_GSS_CTXPROBLEM;
478+ goto out;
479 }
480 gd->seq = gc->gc_seq;
481 gd->seqmask |= (1 << offset);
482@@ -654,35 +673,52 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
483 rqst->rq_svcname = (char *)gd->ctx;
484 }
485
486+ rqst->rq_xprt->xp_verf.oa_base = msg->rm_call.cb_verf.oa_base;
487+
488 /* Handle RPCSEC_GSS control procedure. */
489 switch (gc->gc_proc) {
490
491 case RPCSEC_GSS_INIT:
492 case RPCSEC_GSS_CONTINUE_INIT:
493- if (rqst->rq_proc != NULLPROC)
494- return (AUTH_FAILED); /* XXX ? */
495+ if (rqst->rq_proc != NULLPROC) {
496+ result = AUTH_FAILED; /* XXX ? */
497+ break;
498+ }
499
500 if (_svcauth_gss_name == GSS_C_NO_NAME) {
501- if (!svcauth_gss_import_name("nfs"))
502- return (AUTH_FAILED);
503+ if (!svcauth_gss_import_name("nfs")) {
504+ result = AUTH_FAILED;
505+ break;
506+ }
507 }
508
509- if (!svcauth_gss_acquire_cred(0, GSS_C_NULL_OID_SET))
510- return (AUTH_FAILED);
511+ if (!svcauth_gss_acquire_cred()) {
512+ result = AUTH_FAILED;
513+ break;
514+ }
515
516- if (!svcauth_gss_accept_sec_context(rqst, &gr))
517- return (AUTH_REJECTEDCRED);
518+ if (!svcauth_gss_accept_sec_context(rqst, &gr)) {
519+ result = AUTH_REJECTEDCRED;
520+ break;
521+ }
522
523- if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win)))
524- return (AUTH_FAILED);
525+ if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win))) {
526+ result = AUTH_FAILED;
527+ break;
528+ }
529
530 *no_dispatch = TRUE;
531
532 call_stat = svc_sendreply(rqst->rq_xprt,
533 (xdrproc_t)xdr_rpc_gss_init_res, (caddr_t)&gr);
534
535- if (!call_stat)
536- return (AUTH_FAILED);
537+ gss_release_buffer(&min_stat, &gr.gr_token);
538+ free(gr.gr_ctx.value);
539+
540+ if (!call_stat) {
541+ result = AUTH_FAILED;
542+ break;
543+ }
544
545 if (gr.gr_major == GSS_S_COMPLETE)
546 gd->established = TRUE;
547@@ -690,27 +726,37 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
548 break;
549
550 case RPCSEC_GSS_DATA:
551- if (!svcauth_gss_validate(gd, msg, &qop))
552- return (RPCSEC_GSS_CREDPROBLEM);
553+ if (!svcauth_gss_validate(gd, msg, &qop)) {
554+ result = RPCSEC_GSS_CREDPROBLEM;
555+ break;
556+ }
557
558- if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq)))
559- return (AUTH_FAILED);
560+ if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) {
561+ result = AUTH_FAILED;
562+ break;
563+ }
564
565 if (!gd->callback_done) {
566 gd->callback_done = TRUE;
567 gd->sec.qop = qop;
568 (void)rpc_gss_num_to_qop(gd->rcred.mechanism,
569 gd->sec.qop, &gd->rcred.qop);
570- if (!svcauth_gss_callback(rqst, gd))
571- return (AUTH_REJECTEDCRED);
572+ if (!svcauth_gss_callback(rqst, gd)) {
573+ result = AUTH_REJECTEDCRED;
574+ break;
575+ }
576 }
577
578 if (gd->locked) {
579 if (gd->rcred.service !=
580- _rpc_gss_svc_to_service(gc->gc_svc))
581- return (AUTH_FAILED);
582- if (gd->sec.qop != qop)
583- return (AUTH_BADVERF);
584+ _rpc_gss_svc_to_service(gc->gc_svc)) {
585+ result = AUTH_FAILED;
586+ break;
587+ }
588+ if (gd->sec.qop != qop) {
589+ result = AUTH_BADVERF;
590+ break;
591+ }
592 }
593
594 if (gd->sec.qop != qop) {
595@@ -724,17 +770,25 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
596 break;
597
598 case RPCSEC_GSS_DESTROY:
599- if (rqst->rq_proc != NULLPROC)
600- return (AUTH_FAILED); /* XXX ? */
601+ if (rqst->rq_proc != NULLPROC) {
602+ result = AUTH_FAILED; /* XXX ? */
603+ break;
604+ }
605
606- if (!svcauth_gss_validate(gd, msg, &qop))
607- return (RPCSEC_GSS_CREDPROBLEM);
608+ if (!svcauth_gss_validate(gd, msg, &qop)) {
609+ result = RPCSEC_GSS_CREDPROBLEM;
610+ break;
611+ }
612
613- if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq)))
614- return (AUTH_FAILED);
615+ if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) {
616+ result = AUTH_FAILED;
617+ break;
618+ }
619
620- if (!svcauth_gss_release_cred())
621- return (AUTH_FAILED);
622+ if (!svcauth_gss_release_cred()) {
623+ result = AUTH_FAILED;
624+ break;
625+ }
626
627 SVCAUTH_DESTROY(&SVC_XP_AUTH(rqst->rq_xprt));
628 SVC_XP_AUTH(rqst->rq_xprt).svc_ah_ops = svc_auth_none.svc_ah_ops;
629@@ -743,10 +797,12 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
630 break;
631
632 default:
633- return (AUTH_REJECTEDCRED);
634+ result = AUTH_REJECTEDCRED;
635 break;
636 }
637- return (AUTH_OK);
638+out:
639+ xdr_free((xdrproc_t)xdr_rpc_gss_cred, (caddr_t)gc);
640+ return result;
641 }
642
643 static bool_t
644@@ -890,7 +946,6 @@ bool_t
645 rpc_gss_set_svc_name(char *principal, char *mechanism, u_int req_time,
646 u_int UNUSED(program), u_int UNUSED(version))
647 {
648- gss_OID_set_desc oid_set;
649 rpc_gss_OID oid;
650 char *save;
651
652@@ -902,14 +957,13 @@ rpc_gss_set_svc_name(char *principal, char *mechanism, u_int req_time,
653
654 if (!rpc_gss_mech_to_oid(mechanism, &oid))
655 goto out_err;
656- oid_set.count = 1;
657- oid_set.elements = (gss_OID)oid;
658
659 if (!svcauth_gss_import_name(principal))
660 goto out_err;
661- if (!svcauth_gss_acquire_cred(req_time, &oid_set))
662- goto out_err;
663
664+ _svcauth_req_time = req_time;
665+ _svcauth_oid_set.count = 1;
666+ _svcauth_oid_set.elements = (gss_OID)oid;
667 free(_svcauth_svc_name);
668 _svcauth_svc_name = save;
669 return TRUE;
670diff --git a/src/svc_vc.c b/src/svc_vc.c
671index 6ae613d..97a76a3 100644
672--- a/src/svc_vc.c
673+++ b/src/svc_vc.c
674@@ -270,14 +270,8 @@ makefd_xprt(fd, sendsize, recvsize)
675 struct cf_conn *cd;
676 const char *netid;
677 struct __rpc_sockinfo si;
678-
679- assert(fd != -1);
680
681- if (fd >= FD_SETSIZE) {
682- warnx("svc_vc: makefd_xprt: fd too high\n");
683- xprt = NULL;
684- goto done;
685- }
686+ assert(fd != -1);
687
688 xprt = mem_alloc(sizeof(SVCXPRT));
689 if (xprt == NULL) {
690@@ -338,22 +332,10 @@ rendezvous_request(xprt, msg)
691 r = (struct cf_rendezvous *)xprt->xp_p1;
692 again:
693 len = sizeof addr;
694- if ((sock = accept(xprt->xp_fd, (struct sockaddr *)(void *)&addr,
695- &len)) < 0) {
696+ sock = accept(xprt->xp_fd, (struct sockaddr *)(void *)&addr, &len);
697+ if (sock < 0) {
698 if (errno == EINTR)
699 goto again;
700-
701- if (errno == EMFILE || errno == ENFILE) {
702- /* If there are no file descriptors available, then accept will fail.
703- We want to delay here so the connection request can be dequeued;
704- otherwise we can bounce between polling and accepting, never
705- giving the request a chance to dequeue and eating an enormous
706- amount of cpu time in svc_run if we're polling on many file
707- descriptors. */
708- struct timespec ts = { .tv_sec = 0, .tv_nsec = 50000000 };
709- nanosleep (&ts, NULL);
710- goto again;
711- }
712 return (FALSE);
713 }
714 /*
715diff --git a/tirpc/rpc/des.h b/tirpc/rpc/des.h
716index d2881ad..018aa48 100644
717--- a/tirpc/rpc/des.h
718+++ b/tirpc/rpc/des.h
719@@ -82,6 +82,6 @@ struct desparams {
720 /*
721 * Software DES.
722 */
723-extern int _des_crypt( char *, int, struct desparams * );
724+extern int _des_crypt( char *, unsigned, struct desparams * );
725
726 #endif
727diff --git a/tirpc/rpc/rpcent.h b/tirpc/rpc/rpcent.h
728index 147f909..e07503c 100644
729--- a/tirpc/rpc/rpcent.h
730+++ b/tirpc/rpc/rpcent.h
731@@ -60,10 +60,11 @@ struct rpcent {
732 extern struct rpcent *getrpcbyname(const char *);
733 extern struct rpcent *getrpcbynumber(int);
734 extern struct rpcent *getrpcent(void);
735-#endif
736
737 extern void setrpcent(int);
738 extern void endrpcent(void);
739+#endif
740+
741 #ifdef __cplusplus
742 }
743 #endif
diff --git a/meta/recipes-extended/libtirpc/libtirpc_1.0.1.bb b/meta/recipes-extended/libtirpc/libtirpc_1.0.2.bb
index f41d2f3e3d..94fd5f99c1 100644
--- a/meta/recipes-extended/libtirpc/libtirpc_1.0.1.bb
+++ b/meta/recipes-extended/libtirpc/libtirpc_1.0.2.bb
@@ -11,12 +11,9 @@ PROVIDES = "virtual/librpc"
11 11
12SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BP}.tar.bz2;name=libtirpc \ 12SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BP}.tar.bz2;name=libtirpc \
13 ${GENTOO_MIRROR}/${BPN}-glibc-nfs.tar.xz;name=glibc-nfs \ 13 ${GENTOO_MIRROR}/${BPN}-glibc-nfs.tar.xz;name=glibc-nfs \
14 file://libtirpc-1.0.2-rc3.patch \
15 file://libtirpc-0.2.1-fortify.patch \
16 file://export_key_secretkey_is_set.patch \ 14 file://export_key_secretkey_is_set.patch \
17 file://0001-replace-__bzero-with-memset-API.patch \ 15 file://0001-replace-__bzero-with-memset-API.patch \
18 file://0001-include-stdint.h-for-uintptr_t.patch \ 16 file://0001-include-stdint.h-for-uintptr_t.patch \
19 file://0001-Fix-for-CVE-2017-8779.patch \
20 " 17 "
21 18
22SRC_URI_append_libc-uclibc = " file://remove-des-functionality.patch \ 19SRC_URI_append_libc-uclibc = " file://remove-des-functionality.patch \
@@ -26,8 +23,8 @@ SRC_URI_append_libc-musl = " \
26 file://Use-netbsd-queue.h.patch \ 23 file://Use-netbsd-queue.h.patch \
27 " 24 "
28 25
29SRC_URI[libtirpc.md5sum] = "36ce1c0ff80863bb0839d54aa0b94014" 26SRC_URI[libtirpc.md5sum] = "d5a37f1dccec484f9cabe2b97e54e9a6"
30SRC_URI[libtirpc.sha256sum] = "5156974f31be7ccbc8ab1de37c4739af6d9d42c87b1d5caf4835dda75fcbb89e" 27SRC_URI[libtirpc.sha256sum] = "723c5ce92706cbb601a8db09110df1b4b69391643158f20ff587e20e7c5f90f5"
31SRC_URI[glibc-nfs.md5sum] = "5ae500b9d0b6b72cb875bc04944b9445" 28SRC_URI[glibc-nfs.md5sum] = "5ae500b9d0b6b72cb875bc04944b9445"
32SRC_URI[glibc-nfs.sha256sum] = "2677cfedf626f3f5a8f6e507aed5bb8f79a7453b589d684dbbc086e755170d83" 29SRC_URI[glibc-nfs.sha256sum] = "2677cfedf626f3f5a8f6e507aed5bb8f79a7453b589d684dbbc086e755170d83"
33 30
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-01-09 22:52:17 +0000