misc/109315: inetd UNIX socket bug
Aragon Gouveia
aragon at phat.za.net
Mon Feb 19 10:40:06 UTC 2007
>Number: 109315
>Category: misc
>Synopsis: inetd UNIX socket bug
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Feb 19 10:40:05 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: Aragon Gouveia
>Release: 4.10-RELEASE (confirmed on 6.2-RELEASE too)
>Organization:
>Environment:
FreeBSD <snip> 4.10-RELEASE-p2 FreeBSD 4.10-RELEASE-p2 #2: Sat Sep 25 14:19:19 SAST 2004 root@<snip>:/usr/obj/usr/src/sys/DECODER i386
and
FreeBSD sulaco.intranet 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Fri Jan 12 11:05:30 UTC 2007 root at dessler.cse.buffalo.edu:/usr/obj/usr/src/sys/SMP i386
>Description:
Hello,
I have been trying to setup a UNIX socket service in inetd, but it appears the functionality has been broken for some time. I guess I'm the first to notice.
With a UNIX socket service entry in inetd.conf the socket file is created as it should be, but when I try make a connection to the socket (telnet -u), it establishes and then immediately closes. There is nothing logged to syslog and not much info when in debug mode (inetd -d).
In my code references below I should mention that I'm still running 4.10-RELEASE so my line numbering might be out. But after testing this on a 6.2-RELEASE install I can confirm that the bug is still there.
I had a look through inetd.c and found the following in cpmip() starting at line 2202:
---
case AF_INET:
p = (char *)&sin4->sin_addr;
addrlen = sizeof(struct in_addr);
break;
#ifdef INET6
case AF_INET6:
p = (char *)&sin6->sin6_addr;
addrlen = sizeof(struct in6_addr);
break;
#endif
default:
/* should not happen */
return -1;
}
---
There is no case entry for AF_UNIX. From my testing, execution was reaching the default: entry when an AF_UNIX connection was established. When cpmip() returns a negative value it looks like inetd silently closes the socket.
I've included a patch which seems to make it work. The only oddity is that when logging is enabled (inetd -l), AF_UNIX connections are logged as coming from "unknown". No biggie for me, but there might be a better fix.
>How-To-Repeat:
Add unix socket type entry to inetd.conf:
/tmp/telnet stream unix nowait root /usr/libexec/telnetd telnetd
Rehup and telnet to the socket:
# telnet -u /tmp/telnet
Trying /tmp/telnet...
Connected to /tmp/telnet.
Escape character is '^]'.
Connection closed by foreign host.
>Fix:
Patch attached with submission follows:
--- inetd.c.orig Sun Jul 27 15:58:05 2003
+++ inetd.c Fri Oct 20 21:18:59 2006
@@ -2209,6 +2209,10 @@
addrlen = sizeof(struct in6_addr);
break;
#endif
+ case AF_UNIX:
+ p = (char *)&sin4->sin_addr;
+ addrlen = sizeof(struct in_addr);
+ break;
default:
/* should not happen */
return -1;
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list