FreeBSD Mail Archives

Date:      Sun, 22 Nov 1998 20:52:46 +0000
From:      dmlb@ragnet.demon.co.uk
To:        FreeBSD-gnats-submit@FreeBSD.ORG
Cc:        dmlb@ragnet.demon.co.uk
Subject:   kern/8798: Patches to make mount_portal work.
Message-ID:  <E0zhgUw-0000CB-00@ragnet.demon.co.uk>

index | next in thread | raw e-mail



>Number:         8798
>Category:       kern
>Synopsis:       Bug to to portal code.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Nov 22 13:10:01 PST 1998
>Last-Modified:
>Originator:     Duncan Barclay
>Organization:
>Release:        FreeBSD 3.0-CURRENT i386
>Environment:

	-current

>Description:

        mount_portal is broken, when run and an attempt is made to
        open a socket with
        $ cat /p/tcp/localhost/daytime
        an error will occur. This is due to bugs in the call to sendmsg
        in send_reply(), activate.c.

        There is also a security issue in pt_tcp.c and opening
        privilaged ports. I think the whole code is bogus but will
        submit another pr dealing with it.

>How-To-Repeat:

        $ mount_portal /etc/portal.conf /p
        $ cat /p/tcp/localhost/daytime
        Nov 22 11:07:54 computer portald[4459]: send: Invalid argument

>Fix:
        
        Patches included below, diff'd against current CVSup'd 06:30 22/11/98.
	They may not link as I haven't included pt_tcplisten.c in this
	pr. Will be following.

Index: Makefile
===================================================================
RCS file: /ide0.e/ncvs/src/sbin/mount_portal/Makefile,v
retrieving revision 1.8
diff -u -r1.8 Makefile
--- Makefile	1998/01/20 10:40:04	1.8
+++ Makefile	1998/11/22 16:59:32
@@ -3,7 +3,7 @@
 
 PROG=	mount_portal
 SRCS=	mount_portal.c activate.c conf.c getmntopts.c pt_conf.c \
-	pt_exec.c pt_file.c pt_tcp.c
+	pt_exec.c pt_file.c pt_tcp.c
 MAN8=	mount_portal.8
 
 MOUNT=	${.CURDIR}/../mount
Index: activate.c
===================================================================
RCS file: /ide0.e/ncvs/src/sbin/mount_portal/activate.c,v
retrieving revision 1.5
diff -u -r1.5 activate.c
--- activate.c	1998/07/06 07:19:23	1.5
+++ activate.c	1998/11/22 20:40:05
@@ -45,6 +45,9 @@
 #include <errno.h>
 #include <string.h>
 #include <unistd.h>
+#ifdef DEBUG
+#include <stdio.h>
+#endif /* DEBUG */
 #include <sys/types.h>
 #include <sys/param.h>
 #include <sys/socket.h>
@@ -111,7 +114,7 @@
 int error;
 {
 	int n;
-	struct iovec iov;
+	struct iovec iov[1];
 	struct msghdr msg;
 	struct {
 		struct cmsghdr cmsg;
@@ -122,15 +125,17 @@
 	 * Line up error code.  Don't worry about byte ordering
 	 * because we must be sending to the local machine.
 	 */
-	iov.iov_base = (caddr_t) &error;
-	iov.iov_len = sizeof(error);
+	iov[0].iov_base = (caddr_t) &error;
+	iov[0].iov_len = sizeof(error);
 
 	/*
 	 * Build a msghdr
 	 */
 	memset(&msg, 0, sizeof(msg));
-	msg.msg_iov = &iov;
+	msg.msg_iov = iov;
 	msg.msg_iovlen = 1;
+	msg.msg_name = NULL;
+	msg.msg_namelen = 0;
 
 	/*
 	 * If there is a file descriptor to send then
@@ -148,7 +153,7 @@
 	/*
 	 * Send to kernel...
 	 */
-	if ((n = sendmsg(so, &msg, MSG_EOR)) < 0)
+	if ((n = sendmsg(so, &msg, 0)) < 0)
 		syslog(LOG_ERR, "send: %s", strerror(errno));
 #ifdef DEBUG
 	fprintf(stderr, "sent %d bytes\n", n);
@@ -206,6 +211,10 @@
 		error = ENOENT;
 	}
 
+#ifdef DEBUG
+	fprintf(stderr, "returning fd = %d\n", fd);
+	fprintf(stderr, "       error = %d [%s]\n", error, strerror(error));
+#endif DEBUG
 	if (error >= 0)
 		send_reply(so, fd, error);
 
Index: mount_portal.8
===================================================================
RCS file: /ide0.e/ncvs/src/sbin/mount_portal/mount_portal.8,v
retrieving revision 1.3
diff -u -r1.3 mount_portal.8
--- mount_portal.8	1998/07/06 07:19:25	1.3
+++ mount_portal.8	1998/11/22 17:05:05
@@ -89,11 +89,22 @@
 By convention, the portal daemon divides the namespace into sub-namespaces,
 each of which handles objects of a particular type.
 .Pp
-Currently, two sub-namespaces are implemented:
+Currently, three sub-namespaces are implemented:
+.Pa tcplisten ,
 .Pa tcp
 and
 .Pa fs .
 The
+.Pa tcplisten
+namespace takes a slash separated hostname and port and creates a TCP/IP
+socket bound to the given hostname-port pair. The hostname may be
+specified as "ANY" to allow any other host to connect to the socket. A
+port number of 0 will dynamically allocate a port, this can be
+discovered by calling
+.Xr getsockname 8
+with the returned file descriptor. Privilaged ports can only be bound to
+by the super-user.
+The
 .Pa tcp
 namespace takes a hostname and a port (slash separated) and
 creates an open TCP/IP connection.
@@ -116,6 +127,7 @@
 Subsequent fields are passed to the creation function.
 .Bd -literal
 # @(#)portal.conf	5.1 (Berkeley) 7/13/92
+tcplisten/	tcplisten tcplisten/
 tcp/		tcp tcp/
 fs/		file fs/
 .Ed
Index: mount_portal.c
===================================================================
RCS file: /ide0.e/ncvs/src/sbin/mount_portal/mount_portal.c,v
retrieving revision 1.13
diff -u -r1.13 mount_portal.c
--- mount_portal.c	1998/07/06 07:19:25	1.13
+++ mount_portal.c	1998/11/22 17:05:53
@@ -190,7 +190,9 @@
 	/*
 	 * Everything is ready to go - now is a good time to fork
 	 */
+#ifndef DEBUG
 	daemon(0, 0);
+#endif
 
 	/*
 	 * Start logging (and change name)
Index: portald.h
===================================================================
RCS file: /ide0.e/ncvs/src/sbin/mount_portal/portald.h,v
retrieving revision 1.3
diff -u -r1.3 portald.h
--- portald.h	1997/02/22 14:32:55	1.3
+++ portald.h	1998/11/22 17:06:52
@@ -73,6 +73,8 @@
 				char *key, char **v, int so, int *fdp));
 extern int portal_tcp __P((struct portal_cred *,
 				char *key, char **v, int so, int *fdp));
+extern int portal_tcplisten __P((struct portal_cred *,
+				char *key, char **v, int so, int *fdp));
 
 /*
  * Global functions
Index: pt_conf.c
===================================================================
RCS file: /ide0.e/ncvs/src/sbin/mount_portal/pt_conf.c,v
retrieving revision 1.4
diff -u -r1.4 pt_conf.c
--- pt_conf.c	1998/07/06 07:19:25	1.4
+++ pt_conf.c	1998/11/22 17:07:19
@@ -50,5 +50,6 @@
 	{ "exec",	portal_exec },
 	{ "file",	portal_file },
 	{ "tcp",	portal_tcp },
+	{ "tcplisten",	portal_tcplisten },
 	{ 0, 0 }
 };
Index: pt_file.c
===================================================================
RCS file: /ide0.e/ncvs/src/sbin/mount_portal/pt_file.c,v
retrieving revision 1.7
diff -u -r1.7 pt_file.c
--- pt_file.c	1998/07/06 07:19:26	1.7
+++ pt_file.c	1998/11/22 20:39:51
@@ -46,6 +46,9 @@
 #include <fcntl.h>
 #include <string.h>
 #include <unistd.h>
+#ifdef DEBUG
+#include <stdio.h>
+#endif /* DEBUG */
 #include <sys/types.h>
 #include <sys/param.h>
 #include <sys/syslog.h>
Index: pt_tcp.c
===================================================================
RCS file: /ide0.e/ncvs/src/sbin/mount_portal/pt_tcp.c,v
retrieving revision 1.7
diff -u -r1.7 pt_tcp.c
--- pt_tcp.c	1998/07/06 07:19:27	1.7
+++ pt_tcp.c	1998/11/22 17:08:14
@@ -124,9 +124,9 @@
 #endif
 
 	sp = getservbyname(port, "tcp");
-	if (sp != NULL)
+	if (sp != NULL) {
 		s_port = (u_short)sp->s_port;
-	else {
+	} else {
 		s_port = strtoul(port, &p, 0);
 		if (s_port == 0 || *p != '\0')
 			return (EINVAL);
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E0zhgUw-0000CB-00>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation