Site Navigation

Date:      Wed, 2 Oct 2002 20:34:34 -0700
From:      Kris Kennaway <kris@obsecurity.org>
To:        Robert Watson <rwatson@FreeBSD.org>
Cc:        current@FreeBSD.org, alfred@FreeBSD.org
Subject:   Re: rpcbind failure mode non-ideal if run more than once
Message-ID:  <20021003033434.GA87595@xor.obsecurity.org>
In-Reply-To: <Pine.NEB.3.96L.1021002124819.46964D-100000@fledge.watson.org>
References:  <Pine.NEB.3.96L.1021002124819.46964D-100000@fledge.watson.org>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

--OgqxwSJOaUobr8KG
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Oct 02, 2002 at 12:49:43PM -0400, Robert Watson wrote:
>=20
> crash1# rpcbind
> Oct  2 12:47:15 crash1 rpcbind: cannot bind (null) on udp6: Address
> already in use
> Segmentation fault
> Oct  2 12:47:15 crash1 kernel: pid 1595 (rpcbind), uid 0: exited on signal
> 11
> crash1#
>=20
> I'm having trouble extracting a core so won't be able to follow-up just
> yet, but it looks like it might not be too hard to track down.

The error-handling code in rpcbind was bogus..there were failure paths
that would continue to execute with a null pointer that eventually
causes the crash.

Kris

Index: rpcbind.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /usr/home/ncvs/src/usr.sbin/rpcbind/rpcbind.c,v
retrieving revision 1.4
diff -u -r1.4 rpcbind.c
--- rpcbind.c	22 Jul 2002 15:22:53 -0000	1.4
+++ rpcbind.c	3 Oct 2002 03:32:39 -0000
@@ -359,17 +359,18 @@
 			    servname, &hints, &res)) !=3D 0) {
 				syslog(LOG_ERR, "cannot get local address for %s: %s",
 				    nconf->nc_netid, gai_strerror(aicode));
-				continue;
+				goto error;
 			}
 			addrlen =3D res->ai_addrlen;
 			sa =3D (struct sockaddr *)res->ai_addr;
 			oldmask =3D umask(S_IXUSR|S_IXGRP|S_IXOTH);
 			if (bind(fd, sa, addrlen) !=3D 0) {
 				syslog(LOG_ERR, "cannot bind %s on %s: %m",
-					hosts[nhostsbak], nconf->nc_netid);
+				    (hosts[nhostsbak] =3D NULL) ? hosts[nhostsbak] : "*",
+				    nconf->nc_netid);
 				if (res !=3D NULL)
 					freeaddrinfo(res);
-				continue;
+				goto error;
 			} else
 				checkbind++;
 			(void) umask(oldmask);
@@ -382,7 +383,7 @@
 				    nconf->nc_netid);
 				if (res !=3D NULL)
 					freeaddrinfo(res);
-				return 1;
+				goto error;
 			}
 			memcpy(taddr.addr.buf, sa, addrlen);
 #ifdef ND_DEBUG

--OgqxwSJOaUobr8KG
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)

iD8DBQE9m7rKWry0BWjoQKURAlR5AKCYlHAJgG9AF2lkkkMB+v4wAT+FiACfTlq4
ghlX68ch0I5pXgFxVdoGznU=
=P/Iz
-----END PGP SIGNATURE-----

--OgqxwSJOaUobr8KG--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021003033434.GA87595>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact