From owner-freebsd-current Wed Oct 2 20:34:38 2002 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F27E437B401; Wed, 2 Oct 2002 20:34:35 -0700 (PDT) Received: from obsecurity.dyndns.org (adsl-64-165-226-88.dsl.lsan03.pacbell.net [64.165.226.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1CAB343E65; Wed, 2 Oct 2002 20:34:35 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id A2A9A66B79; Wed, 2 Oct 2002 20:34:34 -0700 (PDT) Date: Wed, 2 Oct 2002 20:34:34 -0700 From: Kris Kennaway To: Robert Watson Cc: current@FreeBSD.org, alfred@FreeBSD.org Subject: Re: rpcbind failure mode non-ideal if run more than once Message-ID: <20021003033434.GA87595@xor.obsecurity.org> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="OgqxwSJOaUobr8KG" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4i Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --OgqxwSJOaUobr8KG Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Oct 02, 2002 at 12:49:43PM -0400, Robert Watson wrote: >=20 > crash1# rpcbind > Oct 2 12:47:15 crash1 rpcbind: cannot bind (null) on udp6: Address > already in use > Segmentation fault > Oct 2 12:47:15 crash1 kernel: pid 1595 (rpcbind), uid 0: exited on signal > 11 > crash1# >=20 > I'm having trouble extracting a core so won't be able to follow-up just > yet, but it looks like it might not be too hard to track down. The error-handling code in rpcbind was bogus..there were failure paths that would continue to execute with a null pointer that eventually causes the crash. Kris Index: rpcbind.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /usr/home/ncvs/src/usr.sbin/rpcbind/rpcbind.c,v retrieving revision 1.4 diff -u -r1.4 rpcbind.c --- rpcbind.c 22 Jul 2002 15:22:53 -0000 1.4 +++ rpcbind.c 3 Oct 2002 03:32:39 -0000 @@ -359,17 +359,18 @@ servname, &hints, &res)) !=3D 0) { syslog(LOG_ERR, "cannot get local address for %s: %s", nconf->nc_netid, gai_strerror(aicode)); - continue; + goto error; } addrlen =3D res->ai_addrlen; sa =3D (struct sockaddr *)res->ai_addr; oldmask =3D umask(S_IXUSR|S_IXGRP|S_IXOTH); if (bind(fd, sa, addrlen) !=3D 0) { syslog(LOG_ERR, "cannot bind %s on %s: %m", - hosts[nhostsbak], nconf->nc_netid); + (hosts[nhostsbak] =3D NULL) ? hosts[nhostsbak] : "*", + nconf->nc_netid); if (res !=3D NULL) freeaddrinfo(res); - continue; + goto error; } else checkbind++; (void) umask(oldmask); @@ -382,7 +383,7 @@ nconf->nc_netid); if (res !=3D NULL) freeaddrinfo(res); - return 1; + goto error; } memcpy(taddr.addr.buf, sa, addrlen); #ifdef ND_DEBUG --OgqxwSJOaUobr8KG Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE9m7rKWry0BWjoQKURAlR5AKCYlHAJgG9AF2lkkkMB+v4wAT+FiACfTlq4 ghlX68ch0I5pXgFxVdoGznU= =P/Iz -----END PGP SIGNATURE----- --OgqxwSJOaUobr8KG-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message