Date: Wed, 2 Oct 2002 20:34:34 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Robert Watson <rwatson@FreeBSD.org> Cc: current@FreeBSD.org, alfred@FreeBSD.org Subject: Re: rpcbind failure mode non-ideal if run more than once Message-ID: <20021003033434.GA87595@xor.obsecurity.org> In-Reply-To: <Pine.NEB.3.96L.1021002124819.46964D-100000@fledge.watson.org> References: <Pine.NEB.3.96L.1021002124819.46964D-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--OgqxwSJOaUobr8KG Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Oct 02, 2002 at 12:49:43PM -0400, Robert Watson wrote: >=20 > crash1# rpcbind > Oct 2 12:47:15 crash1 rpcbind: cannot bind (null) on udp6: Address > already in use > Segmentation fault > Oct 2 12:47:15 crash1 kernel: pid 1595 (rpcbind), uid 0: exited on signal > 11 > crash1# >=20 > I'm having trouble extracting a core so won't be able to follow-up just > yet, but it looks like it might not be too hard to track down. The error-handling code in rpcbind was bogus..there were failure paths that would continue to execute with a null pointer that eventually causes the crash. Kris Index: rpcbind.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /usr/home/ncvs/src/usr.sbin/rpcbind/rpcbind.c,v retrieving revision 1.4 diff -u -r1.4 rpcbind.c --- rpcbind.c 22 Jul 2002 15:22:53 -0000 1.4 +++ rpcbind.c 3 Oct 2002 03:32:39 -0000 @@ -359,17 +359,18 @@ servname, &hints, &res)) !=3D 0) { syslog(LOG_ERR, "cannot get local address for %s: %s", nconf->nc_netid, gai_strerror(aicode)); - continue; + goto error; } addrlen =3D res->ai_addrlen; sa =3D (struct sockaddr *)res->ai_addr; oldmask =3D umask(S_IXUSR|S_IXGRP|S_IXOTH); if (bind(fd, sa, addrlen) !=3D 0) { syslog(LOG_ERR, "cannot bind %s on %s: %m", - hosts[nhostsbak], nconf->nc_netid); + (hosts[nhostsbak] =3D NULL) ? hosts[nhostsbak] : "*", + nconf->nc_netid); if (res !=3D NULL) freeaddrinfo(res); - continue; + goto error; } else checkbind++; (void) umask(oldmask); @@ -382,7 +383,7 @@ nconf->nc_netid); if (res !=3D NULL) freeaddrinfo(res); - return 1; + goto error; } memcpy(taddr.addr.buf, sa, addrlen); #ifdef ND_DEBUG --OgqxwSJOaUobr8KG Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE9m7rKWry0BWjoQKURAlR5AKCYlHAJgG9AF2lkkkMB+v4wAT+FiACfTlq4 ghlX68ch0I5pXgFxVdoGznU= =P/Iz -----END PGP SIGNATURE----- --OgqxwSJOaUobr8KG-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021003033434.GA87595>