288512 |
02-Oct-2015 |
delphij |
Fix a regression with SA-15:24 patch that prevented NIS from working.
Approved by: so |
288385 |
29-Sep-2015 |
delphij |
The Sun RPC framework uses a netbuf structure to represent the transport specific form of a universal transport address. The structure is expected to be opaque to consumers. In the current implementation, the structure contains a pointer to a buffer that holds the actual address.
In rpcbind(8), netbuf structures are copied directly, which would result in two netbuf structures that reference to one shared address buffer. When one of the two netbuf structures is freed, access to the other netbuf structure would result in an undefined result that may crash the rpcbind(8) daemon.
Fix this by making a copy of the buffer that is going to be freed instead of doing a shallow copy.
Security: FreeBSD-SA-15:24.rpcbind Security: CVE-2015-7236 Approved by: so |
272461 |
03-Oct-2014 |
gjb |
Copy stable/10@r272459 to releng/10.1 as part of the 10.1-RELEASE process.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
256281 |
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
244538 |
21-Dec-2012 |
kevlo |
Fix socket calls on error post-r243965.
Submitted by: Garrett Cooper
|
243187 |
17-Nov-2012 |
hrs |
Fill sin6_scope_id in sockaddr_in6 before passing it from the kernel to userland via routing socket or sysctl. This eliminates the following KAME-specific sin6_scope_id handling routine from each userland utility:
sin6.sin6_scope_id = ntohs(*(u_int16_t *)&sin6.sin6_addr.s6_addr[2]);
This behavior can be controlled by net.inet6.ip6.deembed_scopeid. This is set to 1 by default (sin6_scope_id will be filled in the kernel).
Reviewed by: bz
|
228990 |
30-Dec-2011 |
uqs |
Spelling fixes for usr.sbin/
|
224001 |
14-Jul-2011 |
delphij |
Use prototype. While I'm there, add a pair of parenthesis to mark an if statment's border.
MFC after: 1 month
|
218909 |
21-Feb-2011 |
brucec |
Fix typos - remove duplicate "the".
PR: bin/154928 Submitted by: Eitan Adler <lists at eitanadler.com> MFC after: 3 days
|
203984 |
17-Feb-2010 |
imp |
Revert bogus change that snuck into r203972.
|
203972 |
16-Feb-2010 |
imp |
The NetBSD Foundation has given permission to remove clause 3 and 4 from their liceense.
Obtained from: NetBSD
|
203710 |
09-Feb-2010 |
imp |
When you have multiple addresses on the same network on different interfaces (such as when you are part of a carp pool), and you run rpcbind -h to restrict which interfaces have rpc services, rpcbind can none-the-less return addresses that aren't in the -h list. This patch enforces the rule that when you specify -h on the command line, then services returned from rpcbind must be to one of the addresses listed in -h, or be a loopback address (since localhost is implicit when running -h).
The root cause of this is the assumption in addrmerge that there can be only one interface that matches a given network IP address. This turns out not to be the case. To retain historical behavior, I didn't try to fix the routine to prefer the address that the request came into, since I didn't know the side effects that might cause in the normal case. My quick analysis suggests that it wouldn't be a problem, but since this code is tricky I opted for the more conservative patch of only restricting the reply when -h is in effect.
Hence, this change will have no effect when you are running rpcbind without -h.
Reviewed by: alfred@ Sponsored by: iX Systems MFC after: 2 weeks
|
203604 |
07-Feb-2010 |
imp |
Initialize fromlen before calling recvfrom to avoid passing in random stack garbage.
Obtained from: NetBSD 1.13
|
201390 |
02-Jan-2010 |
ed |
The last big commit: let usr.sbin/ use WARNS=6 by default.
|
176290 |
14-Feb-2008 |
yar |
No network addresses in the system isn't a good excuse for rpcbind(8) to crash.
The crash was due to a boolean variable initialized improperly. Besides fixing the initialization, pick a better name for the variable so that its meaning is clear and no more coding errors appear around it.
|
173412 |
07-Nov-2007 |
kevlo |
Cleanup of userland __P use
|
172901 |
23-Oct-2007 |
matteo |
Avoid leaking file descriptors
|
170457 |
09-Jun-2007 |
matteo |
Remove a comment I forgot to remove
|
169174 |
01-May-2007 |
matteo |
Correctly inizialize local/unix transport. I broke it in rev.1.15.
PR: bin/1122566 MFC after: 1 week
|
168969 |
23-Apr-2007 |
matteo |
1)Make it possible for rpcbind(8) to bind TCP listening socket to an IP other than INADDR_ANY.
2) Add the -6 option to specify "IPv6 only".
Glanced at by: bms Requested by: bms [2] PR: bin/84494 [1] Approved by: silence from maintainer (~2 weeks) [1] MFC after: 2 weeks
|
164774 |
30-Nov-2006 |
ceri |
Bump .Dd for revision 1.8.
|
164746 |
29-Nov-2006 |
maxim |
o Xr netconfig(5).
PR: docs/105720 Submitted by: koitsu MFC after: 1 week
|
156813 |
17-Mar-2006 |
ru |
Reimplementation of world/kernel build options. For details, see:
http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html
The src.conf(5) manpage is to follow in a few days.
Brought to you by: imp, jhb, kris, phk, ru (all bugs are mine)
|
156528 |
10-Mar-2006 |
deischen |
Remove including of libc sources. All the required functions are exported by libc with prototypes in our standard headers. I guess at one time this was necessary, but not any longer.
|
156337 |
06-Mar-2006 |
matteo |
Don't build IPv6 support if NO_INET6 was defined
PR: kern/73865 Submitted by: Jeremy Chadwick <freebsd@jdc.parodius.com> MFC after: 3 days
|
140442 |
18-Jan-2005 |
ru |
Sort sections.
|
137328 |
07-Nov-2004 |
dd |
Reflect that -h takes an argument and belatedly bump .Dd for addition of -h
|
137327 |
07-Nov-2004 |
dd |
Make the usage message match reality about -h and -w.
|
133789 |
16-Aug-2004 |
mbr |
MFNetBSD
Decrease log severity to debug if a protocol is not supported by the kernel (rpcbind checks /etc/netconfig if a protocol is available). This avoids "rpcbind: cannot create socket for tcp6" messages at startup on IPv4-only kernels.
|
121657 |
29-Oct-2003 |
mbr |
Don't pass NULL as an integer.
Obtained from: NetBSD
|
121656 |
29-Oct-2003 |
mbr |
Don't compare a char to NULL.
Obtained from: NetBSD
|
113091 |
04-Apr-2003 |
obrien |
style.Makefile(5)
|
109363 |
16-Jan-2003 |
mbr |
Implement nonblocking tpc-connections. rpcgen -m does still produce backcompatible code.
Reviewed by: rwatson Obtained from: NetBSD MFC after: 1 day
|
108533 |
01-Jan-2003 |
schweikh |
Correct typos, mostly s/ a / an / where appropriate. Some whitespace cleanup, especially in troff files.
|
108470 |
30-Dec-2002 |
schweikh |
Fix typos, mostly s/ an / a / where appropriate and a few s/an/and/ Add FreeBSD Id tag where missing.
|
107952 |
16-Dec-2002 |
mbr |
Change the name for the local unix-socket based protocol from "unix" back to "local". Add some compat stuff so both ways work for some time.
Reviewed by: phk Approved by: imp (UPDATING) Requested by: iedowse, lukem@netbsd.org
|
107725 |
10-Dec-2002 |
mbr |
Check if rpcbind is already running and print a warning. Fixes segfault if rpcbind is started up a second time.
Solution has been taken from mountd(8).
Reviewed by: phk Approved by: re (rwatson)
|
107313 |
27-Nov-2002 |
ru |
mdoc(7) police:
Added the -h option to the synopsis, documented the -a option, sorted options descriptions according to style(9).
Approved by: re
|
104593 |
07-Oct-2002 |
alfred |
Add 'break' to empty 'default' 'switch' statements.
Requested by: mike
|
104592 |
07-Oct-2002 |
alfred |
WARNS=3 safety (mostly), use __unused for unused params and unsigned where needed to avoid warnings about comparing signed and unsigned values.
|
104590 |
07-Oct-2002 |
alfred |
fix line wrap.
|
104589 |
07-Oct-2002 |
alfred |
cast xdr_rpcblist_ptr to xdrproc_t to silence warnings.
|
104588 |
07-Oct-2002 |
alfred |
Add ';' after 'default:' labels to avoid 'deprecated use of label at end of compound statement' warnings.
|
104587 |
07-Oct-2002 |
alfred |
Don't pass a NULL pointer to syslog(3).
Submitted by: kris
|
100505 |
22-Jul-2002 |
ume |
use IPV6_V6ONLY instead of non standard IPV6_BINDV6ONLY.
MFC after: 1 week
|
99968 |
14-Jul-2002 |
charnier |
The .Nm utility
|
99774 |
11-Jul-2002 |
alfred |
Add -h option to rpcbind, used to specify what address to bind to for UDP requests.
Submitted by: mbr
|
96788 |
17-May-2002 |
jmallett |
Stop this program's abuse of malloc(3). Its return value doesn't need these ugly explicit casts, and its argument doesn't need explicitly cast to u_int, especially if sizeof() is being used.
|
81929 |
20-Aug-2001 |
dd |
Capitalize the first word in sentences, and put periods at the end of sentences.
|
80029 |
20-Jul-2001 |
obrien |
Perform a major cleanup of the usr.sbin Makefiles. These are not perfectly in agreement with each other style-wise, but they are orders of orders of magnitude more consistent style-wise than before.
|
79806 |
16-Jul-2001 |
brian |
Free things in the right order
|
79723 |
14-Jul-2001 |
iedowse |
This is a selection of essentially cosmetic changes: - Use '\0' for a char instead of NULL. - Explicitly compare against the global `nullstring' to determine if a non-NULL uaddr is not malloc'd. - Remove some unnecessary casting of the argument to free(). - In rpcbproc_callit_com(), move the freeing of m_uaddr to the cleanup code at the end of the function. - To avoid confusion and possible alignment problems, change netbufdup() to allocate the netbuf struct and the sockaddr buffer separately, and change netbuffree() accordingly. This makes it produce netbufs that are consistent with all other netbufs in rpcbind.
|
79722 |
14-Jul-2001 |
iedowse |
Fix a memory leak in check_bound() by freeing the buffer area of the netbuf before freeing the netbuf structure itself.
|
79721 |
14-Jul-2001 |
iedowse |
Add missing #include <stdio.h>.
Fix an off-by-one error in logit() when determining if a procedure number has a known name.
|
79720 |
14-Jul-2001 |
iedowse |
Simplify to bitmaskcmp() to use the obvious approach instead of comparing bit by bit.
Make the logic in in6_fillscopeid() match that in our ifconfig(8): only set the scope ID if there is one in the address and none in sin6_scope_id.
Correct a comment in network_init() that didn't make sense; it was probably never updated after it was pasted from similar code in addrmerge().
|
79719 |
14-Jul-2001 |
iedowse |
Use snprintf instead of sprintf.
|
79718 |
14-Jul-2001 |
iedowse |
Avoid a harmless compiler warning, and add a missing \n to a debugging fprintf.
Submitted by: Martin Blapp <mb@imp.ch>
|
78705 |
24-Jun-2001 |
iedowse |
Clean up the addrmerge() function, which was over-complicated and contained a number of memory leaks. The changes include:
- Add a comment describing what addrmerge() does. - Deal with 0.0.0.0./::. or AF_LOCAL callers correctly. - Use rpcbind_get_conf() instead of getnetconfigent() so we don't have to remember to free the returned netconfig struct. - Make just one pass through the ifaddrs list; we can pick up a fallback interface address in the same pass as the netmask comparison. - Define and use SA2SIN* macros to avoid the need for loads of protocol-specific local variables. - Use mostly protocol-independent code for building the netbuf version of the address to be returned. - Use the common cleanup code for virtually all error and non-error cases, fixing a number of memory leaks.
|
78681 |
23-Jun-2001 |
iedowse |
Fix some return-value brain-damage in forward_register(). This function has a return type of u_int32_t, into which it was somehow supposed to encode: * A valid 32-bit XID (which could be any value including 0). * 0, meaning a duplicate request. * -1, meaning a malloc failed (!); We now ensure that all XIDs are non-zero, and pass the XID out via a pointer argument.
In forward_find() and free_slot_by_xid(), remove an unnecessary and confusing test for a negative result from an unsigned modulo operation, but add an unnecessary cast to highlight why.
|
76037 |
26-Apr-2001 |
iedowse |
Bring in some bugfixes from NetBSD. I'm going to make a more extensive pass through the rpcbind code soon, but I might as well bring these in now.
- (NetBSD util.c r1.5) Move the initialisation of `tbuf' to avoid a case where it could end up containing junk from the stack. This should address the issue in PR bin/26806. - (NetBSD util.c r1.6) Don't `merge' AF_LOCAL addresses, fix a few memory leaks.
PR: bin/26806 Submitted by: Martin Blapp <mb@imp.ch> Obtained from: NetBSD
|
74816 |
26-Mar-2001 |
ru |
- Backout botched attempt to introduce MANSECT feature. - MAN[1-9] -> MAN.
|
74627 |
22-Mar-2001 |
alfred |
Hopefully fix some of the bugs in passing credentials over UNIX domain sockets.
Make struct cmessage visible from socket.h (about 4 places were defining it for themselves which wasn't good)
Make __rpc_get_local_uid() useable and give it prototype that's visible.
Fix some issues with printing out usernames from rpcbind and keyserv.
|
74532 |
20-Mar-2001 |
ru |
Set the default manual section for usr.sbin/ to 8.
|
74462 |
19-Mar-2001 |
alfred |
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the 1999 release.
Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface.
Many userland updates were done to bring the code up to par with the recent RPC API.
There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library.
While we're at it, bring in NetBSD's lockd, it's been far too long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
|