| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 03-kfreebsd.diff | Fix build on non Linux architectures | Andreas Beckmann <anbe@debian.org> | not-needed | 2019-09-01 | ||
| 05-hurd-port.diff | Get source building on Hurd - Look for <sys/user.h> before using it. - Define MAXHOSTNAMELEN to 64 if missing. - Bind sockets on Hurd like on Linux. |
Petter Reinholdtsen <pere@hungry.com> | not-needed | |||
| 06-hurd-client-port.diff | Fix client code for hurd, avoiding malloc overflow When trying to setup a inet connection, it happens the following: - in libtirp, src/clnt_vc.c, clnt_vc_create gets called - when trying to allocate vc_fd_locks, __rpc_dtbsize() is used as size for that array of fd locks - __rpc_dtbsize(), in src/rpc_generic.c, queries using rlimit the maximum (rlim_max) number of file descriptors (RLIMIT_NOFILE): - on Linux, the default is { rlim_cur = 1024, rlim_max = 4096 } - on kFreeBSD, the default is { rlim_cur = 1024, rlim_max = 1024 } - on Hurd, the default is { rlim_cur = 1024, rlim_max = RLIM_INFINITY } meaning that on Hurd the memory allocation fails (as __rpc_dtbsize() * sizeof(int) overflows and is negative) Change libtiprc so __rpc_dtbsize falls back on rlim_cur if rlim_max is unlimited. This patch fixes the client connection using inet sockets; local unix sockets are not working, for two reasons so far: - getpeername on them gives EOPNOTSUPP - SO_REUSEADDR is not implemented for them |
Pino Toscano <pino@debian.org> | no | debian | 2020-03-03 | |
| Fix-DoS-vulnerability-in-libtirpc.patch | Fix DoS vulnerability in libtirpc Currently svc_run does not handle poll timeout and rendezvous_request does not handle EMFILE error returned from accept(2 as it used to. These two missing functionality were removed by commit b2c9430f46c4. The effect of not handling poll timeout allows idle TCP conections to remain ESTABLISHED indefinitely. When the number of connections reaches the limit of the open file descriptors (ulimit -n) then accept(2) fails with EMFILE. Since there is no handling of EMFILE error this causes svc_run() to get in a tight loop calling accept(2). This resulting in the RPC service of svc_run is being down, it's no longer able to service any requests. RPC service rpcbind, statd and mountd are effected by this problem. Fix by enhancing rendezvous_request to keep the number of SVCXPRT conections to 4/5 of the size of the file descriptor table. When this thresold is reached, it destroys the idle TCP connections or destroys the least active connection if no idle connnction was found. |
Dai Ngo <dai.ngo@oracle.com> | no | debian | http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=86529758570cef4c73fb9b9c4104fdc510f701ed | 2021-08-21 |