bin/73422: portmap forks ad infinitum when the NIS domain name
is set, probably a bug in the RPC library
Kai
kai at xs4all.nl
Wed Aug 3 13:20:22 GMT 2005
The following reply was made to PR bin/73422; it has been noted by GNATS.
From: Kai <kai at xs4all.nl>
To: bug-followup at FreeBSD.org, Trond.Endrestol at gtf.ol.no
Cc:
Subject: Re: bin/73422: portmap forks ad infinitum when the NIS domain name is set, probably a bug in the RPC library
Date: Wed, 3 Aug 2005 15:12:38 +0200
Hello,
We're having trouble with our nis servers running in the same problems as
the above problems, though we are running *without* the -v option.
Having a look at the endless problem reports on portmap I can only come
to the conclusioin that one shouldn't try to do any conversion of
portnumbers to names in the logit() function. Or even, which flabbergasted
me even more, a call to getnameinfo() in freebsd5's rpcbind.
I surely can see that one can stall the process on purpose this way.
The thing is that this only triggers when a lot of logging is done. Ofcourse
"a lot of logging" isn't supposed to happen that often, but when it does,
as with the '-v' option, it triggers this bug.
I therefore suggest the following patches to rpcbind in
usr.sbin/rpcbind/security.c, and the almost identical patch to portmap in
usr.sbin/portmap/pmap_check.c.
Regards,
Kai Storbeck
XS4ALL Internet
--- security.c.orig Wed Aug 3 14:48:24 2005
+++ security.c Wed Aug 3 14:59:03 2005
@@ -165,7 +165,7 @@
char procbuf[32];
char *progname;
char progbuf[32];
- char fromname[NI_MAXHOST];
+ /* char fromname[NI_MAXHOST]; */
struct rpcent *rpc;
static const char *procmap[] = {
/* RPCBPROC_NULL */ "null",
@@ -195,8 +195,9 @@
if (prognum == 0) {
progname = "";
- } else if ((rpc = getrpcbynumber((int) prognum))) {
- progname = rpc->r_name;
+ /* } else if ((rpc = getrpcbynumber((int) prognum))) {
+ * progname = rpc->r_name;
+ */
} else {
snprintf(progname = progbuf, sizeof(progbuf), "%u",
(unsigned)prognum);
@@ -213,14 +214,15 @@
/* Write syslog record. */
- if (addr->sa_family == AF_LOCAL)
- strcpy(fromname, "local");
- else
- getnameinfo(addr, addr->sa_len, fromname,
- sizeof fromname, NULL, 0, NI_NUMERICHOST);
+ /* if (addr->sa_family == AF_LOCAL)
+ * strcpy(fromname, "local");
+ * else
+ * getnameinfo(addr, addr->sa_len, fromname,
+ * sizeof fromname, NULL, 0, NI_NUMERICHOST);
+ */
syslog(severity, "connect from %s to %s(%s)%s",
- fromname, procname, progname, text);
+ inet_ntoa(addr->sin_addr), procname, progname,
text);
_exit(0);
}
}
--- pmap_check.c.orig Wed Aug 3 15:00:28 2005
+++ pmap_check.c Wed Aug 3 15:02:37 2005
@@ -238,8 +238,9 @@
if (prognum == 0) {
progname = "";
- } else if ((rpc = getrpcbynumber((int) prognum))) {
- progname = rpc->r_name;
+ /* } else if ((rpc = getrpcbynumber((int) prognum))) {
+ * progname = rpc->r_name;
+ */
} else {
sprintf(progbuf, "%lu", prognum);
progname = progbuf;
More information about the freebsd-bugs
mailing list