misc/109315: inetd UNIX socket bug

Mon Feb 19 10:40:06 UTC 2007

>Number:         109315
>Category:       misc
>Synopsis:       inetd UNIX socket bug
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Feb 19 10:40:05 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Aragon Gouveia
>Release:        4.10-RELEASE (confirmed on 6.2-RELEASE too)
>Organization:
>Environment:
FreeBSD <snip> 4.10-RELEASE-p2 FreeBSD 4.10-RELEASE-p2 #2: Sat Sep 25 14:19:19 SAST 2004     root@<snip>:/usr/obj/usr/src/sys/DECODER  i386
  and
FreeBSD sulaco.intranet 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Fri Jan 12 11:05:30 UTC 2007     root at dessler.cse.buffalo.edu:/usr/obj/usr/src/sys/SMP  i386

>Description:
Hello,

I have been trying to setup a UNIX socket service in inetd, but it appears the functionality has been broken for some time.  I guess I'm the first to notice.

With a UNIX socket service entry in inetd.conf the socket file is created as it should be, but when I try make a connection to the socket (telnet -u), it establishes and then immediately closes.  There is nothing logged to syslog and not much info when in debug mode (inetd -d).

In my code references below I should mention that I'm still running 4.10-RELEASE so my line numbering might be out.  But after testing this on a 6.2-RELEASE install I can confirm that the bug is still there. 

I had a look through inetd.c and found the following in cpmip() starting at line 2202:

---
                        case AF_INET:
                                p = (char *)&sin4->sin_addr;
                                addrlen = sizeof(struct in_addr);
                                break;
#ifdef INET6
                        case AF_INET6:
                                p = (char *)&sin6->sin6_addr;
                                addrlen = sizeof(struct in6_addr);
                                break;
#endif 
                        default:
                                /* should not happen */
                                return -1;
                        }
---

There is no case entry for AF_UNIX.  From my testing, execution was reaching the default: entry when an AF_UNIX connection was established.  When cpmip() returns a negative value it looks like inetd silently closes the socket.

I've included a patch which seems to make it work.  The only oddity is that when logging is enabled (inetd -l), AF_UNIX connections are logged as coming from "unknown".  No biggie for me, but there might be a better fix.


>How-To-Repeat:
Add unix socket type entry to inetd.conf:

/tmp/telnet    stream  unix    nowait  root    /usr/libexec/telnetd   telnetd

Rehup and telnet to the socket:

# telnet -u /tmp/telnet 
Trying /tmp/telnet...
Connected to /tmp/telnet.
Escape character is '^]'.
Connection closed by foreign host.

>Fix:


Patch attached with submission follows:

--- inetd.c.orig        Sun Jul 27 15:58:05 2003
+++ inetd.c     Fri Oct 20 21:18:59 2006
@@ -2209,6 +2209,10 @@
                                addrlen = sizeof(struct in6_addr);
                                break;
 #endif
+                       case AF_UNIX:
+                               p = (char *)&sin4->sin_addr;
+                               addrlen = sizeof(struct in_addr);
+                               break;
                        default:
                                /* should not happen */
                                return -1;

>Release-Note:
>Audit-Trail:
>Unformatted:
