From owner-freebsd-bugs@FreeBSD.ORG Wed Aug 3 13:20:22 2005 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E380616A41F for ; Wed, 3 Aug 2005 13:20:21 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8629543D45 for ; Wed, 3 Aug 2005 13:20:21 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j73DKLZw012557 for ; Wed, 3 Aug 2005 13:20:21 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j73DKLLP012556; Wed, 3 Aug 2005 13:20:21 GMT (envelope-from gnats) Date: Wed, 3 Aug 2005 13:20:21 GMT Message-Id: <200508031320.j73DKLLP012556@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org From: Kai Cc: Subject: Re: bin/73422: portmap forks ad infinitum when the NIS domain name is set, probably a bug in the RPC library X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Kai List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Aug 2005 13:20:22 -0000 The following reply was made to PR bin/73422; it has been noted by GNATS. From: Kai To: bug-followup@FreeBSD.org, Trond.Endrestol@gtf.ol.no Cc: Subject: Re: bin/73422: portmap forks ad infinitum when the NIS domain name is set, probably a bug in the RPC library Date: Wed, 3 Aug 2005 15:12:38 +0200 Hello, We're having trouble with our nis servers running in the same problems as the above problems, though we are running *without* the -v option. Having a look at the endless problem reports on portmap I can only come to the conclusioin that one shouldn't try to do any conversion of portnumbers to names in the logit() function. Or even, which flabbergasted me even more, a call to getnameinfo() in freebsd5's rpcbind. I surely can see that one can stall the process on purpose this way. The thing is that this only triggers when a lot of logging is done. Ofcourse "a lot of logging" isn't supposed to happen that often, but when it does, as with the '-v' option, it triggers this bug. I therefore suggest the following patches to rpcbind in usr.sbin/rpcbind/security.c, and the almost identical patch to portmap in usr.sbin/portmap/pmap_check.c. Regards, Kai Storbeck XS4ALL Internet --- security.c.orig Wed Aug 3 14:48:24 2005 +++ security.c Wed Aug 3 14:59:03 2005 @@ -165,7 +165,7 @@ char procbuf[32]; char *progname; char progbuf[32]; - char fromname[NI_MAXHOST]; + /* char fromname[NI_MAXHOST]; */ struct rpcent *rpc; static const char *procmap[] = { /* RPCBPROC_NULL */ "null", @@ -195,8 +195,9 @@ if (prognum == 0) { progname = ""; - } else if ((rpc = getrpcbynumber((int) prognum))) { - progname = rpc->r_name; + /* } else if ((rpc = getrpcbynumber((int) prognum))) { + * progname = rpc->r_name; + */ } else { snprintf(progname = progbuf, sizeof(progbuf), "%u", (unsigned)prognum); @@ -213,14 +214,15 @@ /* Write syslog record. */ - if (addr->sa_family == AF_LOCAL) - strcpy(fromname, "local"); - else - getnameinfo(addr, addr->sa_len, fromname, - sizeof fromname, NULL, 0, NI_NUMERICHOST); + /* if (addr->sa_family == AF_LOCAL) + * strcpy(fromname, "local"); + * else + * getnameinfo(addr, addr->sa_len, fromname, + * sizeof fromname, NULL, 0, NI_NUMERICHOST); + */ syslog(severity, "connect from %s to %s(%s)%s", - fromname, procname, progname, text); + inet_ntoa(addr->sin_addr), procname, progname, text); _exit(0); } } --- pmap_check.c.orig Wed Aug 3 15:00:28 2005 +++ pmap_check.c Wed Aug 3 15:02:37 2005 @@ -238,8 +238,9 @@ if (prognum == 0) { progname = ""; - } else if ((rpc = getrpcbynumber((int) prognum))) { - progname = rpc->r_name; + /* } else if ((rpc = getrpcbynumber((int) prognum))) { + * progname = rpc->r_name; + */ } else { sprintf(progbuf, "%lu", prognum); progname = progbuf;