src/lib/libc/yp, branch release/2.2.2 FreeBSD source tree Merge from -current: sanity checks on domain names. 1997-04-10T20:29:35+00:00 Bill Paul wpaul@FreeBSD.org 1997-04-10T20:29:35+00:00 7aca2d6d19a411b7a9e34bc17f1f15c84d9e2927 






>Date: Fri, 20 Dec 1996 11:46:33 -0800
1996-12-21T18:17:42+00:00

Bill Paul
wpaul@FreeBSD.org

1996-12-21T18:17:42+00:00

d6aae7044589437c5f8c691b064102c9f5df3854

>Message-ID: <18736.851111193@time.cdrom.com>
>From: "Jordan K. Hubbard" <jkh@time.cdrom.com>
>Status: O

>Permission granted!

>> wpaul       96/12/20 11:41:16
>>
>>   Modified:    lib/libc/yp  yplib.c
>>   Log:
>>   Fix for bug noticed by Christoph Kukulies.
[file descriptors getting host by _yp_dobind()]
>>   This is basically a one-liner. Once I confirm that it fixes Christoph's
>>   problem, I'd like permission to put it in the 2.2-RELENG branch.

Target confirmed destroyed.





>Message-ID: <18736.851111193@time.cdrom.com>
>From: "Jordan K. Hubbard" <jkh@time.cdrom.com>
>Status: O

>Permission granted!

>> wpaul       96/12/20 11:41:16
>>
>>   Modified:    lib/libc/yp  yplib.c
>>   Log:
>>   Fix for bug noticed by Christoph Kukulies.
[file descriptors getting host by _yp_dobind()]
>>   This is basically a one-liner. Once I confirm that it fixes Christoph's
>>   problem, I'd like permission to put it in the 2.2-RELENG branch.

Target confirmed destroyed.







Merge the fix from rev 1.25: sanity checks etc.
1996-11-08T23:21:17+00:00

Joerg Wunsch
joerg@FreeBSD.org

1996-11-08T23:21:17+00:00

f85d01574b0e1f732a090922199da874b4f65955












In _yp_dobind(), if we find ourselves required to contact the local ypbind
1996-07-13T20:23:13+00:00

Bill Paul
wpaul@FreeBSD.org

1996-07-13T20:23:13+00:00

56d18eda29576ebcb8962f98cd852e4ce501892d

directly in order to obtain binding information, check that the local
ypbind is using a reserved port and return YPERR_YPBIND if it isn't.
We should not trust any ypbind running on a port >= IPPORT_RESERVED;
it may have been started by a malicious user hoping to trick us into
talking to a bogus ypserv.

Note that we do not check the ypserv port returned to us from ypbind.
It is assumed that ypbind has already done a reserved port test (or not,
depending on whether or not it was started with -s); if we trust the
authenticity of the local ypbind, we should also trust its judgement.

Obtained from: OpenBSD





directly in order to obtain binding information, check that the local
ypbind is using a reserved port and return YPERR_YPBIND if it isn't.
We should not trust any ypbind running on a port >= IPPORT_RESERVED;
it may have been started by a malicious user hoping to trick us into
talking to a bogus ypserv.

Note that we do not check the ypserv port returned to us from ypbind.
It is assumed that ypbind has already done a reserved port test (or not,
depending on whether or not it was started with -s); if we trust the
authenticity of the local ypbind, we should also trust its judgement.

Obtained from: OpenBSD







General -Wall warning cleanup, part I.
1996-07-12T18:57:58+00:00

Jordan K. Hubbard
jkh@FreeBSD.org

1996-07-12T18:57:58+00:00

51295a4d3e4c551df85249433c490208dc7fd23d

Submitted-By: Kent Vander Velden <graphix@iastate.edu>





Submitted-By: Kent Vander Velden <graphix@iastate.edu>







Code clean up:
1996-06-04T17:35:15+00:00

James Raynard
jraynard@FreeBSD.org

1996-06-04T17:35:15+00:00

ccbcef60f5398d103aa40055a030cf684bdb85d6

Changed type of pid from int to pid_t. (Missed one!)





Changed type of pid from int to pid_t. (Missed one!)







Code clean up:
1996-06-03T13:19:10+00:00

James Raynard
jraynard@FreeBSD.org

1996-06-03T13:19:10+00:00

e75ad74a88dcf0421f3a87655ac8395b76aaa291

Changed type of pid from int to pid_t.





Changed type of pid from int to pid_t.







Code clean up:
1996-06-03T13:16:53+00:00

James Raynard
jraynard@FreeBSD.org

1996-06-03T13:16:53+00:00

0eb3435311bb0cdbebf9618ceca97d1cf6d737e1

Added missing headers for system functions.





Added missing headers for system functions.







Make _yp_dobind() a litle smarter:
1996-06-01T05:08:31+00:00

Bill Paul
wpaul@FreeBSD.org

1996-06-01T05:08:31+00:00

a230877213de04795c58907240b3a581b29fcfc9

Now that we preserve RPC handles instead of rebuilding them each time
a ypcln function is called, we have to be careful about keeping our sockets
in a sane state. It's possible that the caller may call a ypclnt
function, and then decide to close all its file descriptors. This would
also close the socket descriptor held by the yplib code. Worse, it
could re-open the same descriptor number for its own use. If it then calls
another ypclnt function, the subsequent RPC will fail because the socket
will either be gone or replaced with Something Completely Different. The
yplib code will recover by rebinding, but it doing so it may wreck the
descriptor which now belongs to the caller.

To fix this, _yp_dobind() needs to label the descriptor somehow so
that it can test it later to make sure it hasn't been altered between
ypclnt calls. It does this by binding the socket, thus associating a port
number with it. It then saves this port number in the dom_local_port member
of the dom_binding structure for the given domain. When _yp_dobind() is
called again (which it is at the start of each ypclnt function), it checks
to see if the domain is already bound, and if it is, it does a getsockname()
on the socket and compares the port number to the one it saved. If the
getsockname() fails, or the port number doesn't match, it abandons the
socket and sets up a new client handle.

This still incurs some syscall overhead, which is what I was trying to
avoid, but it's still not as bad as before.





Now that we preserve RPC handles instead of rebuilding them each time
a ypcln function is called, we have to be careful about keeping our sockets
in a sane state. It's possible that the caller may call a ypclnt
function, and then decide to close all its file descriptors. This would
also close the socket descriptor held by the yplib code. Worse, it
could re-open the same descriptor number for its own use. If it then calls
another ypclnt function, the subsequent RPC will fail because the socket
will either be gone or replaced with Something Completely Different. The
yplib code will recover by rebinding, but it doing so it may wreck the
descriptor which now belongs to the caller.

To fix this, _yp_dobind() needs to label the descriptor somehow so
that it can test it later to make sure it hasn't been altered between
ypclnt calls. It does this by binding the socket, thus associating a port
number with it. It then saves this port number in the dom_local_port member
of the dom_binding structure for the given domain. When _yp_dobind() is
called again (which it is at the start of each ypclnt function), it checks
to see if the domain is already bound, and if it is, it does a getsockname()
on the socket and compares the port number to the one it saved. If the
getsockname() fails, or the port number doesn't match, it abandons the
socket and sets up a new client handle.

This still incurs some syscall overhead, which is what I was trying to
avoid, but it's still not as bad as before.







- Patch around amd core dump problem: don't allow yp_unbind() or _yp_unbind()
1996-05-16T18:01:17+00:00

Bill Paul
wpaul@FreeBSD.org

1996-05-16T18:01:17+00:00

2694f9b9a885c2cc25125ec3b3b3bfbdd6afa4f6

  to call clnt_destroy() on a potentially NULL RPC handle. Somebody should
  bang on this a bit to make sure the problem is really gone; I seem to
  have difficulty reproducing it. Patch provided by Peter Wemm and
  slightly tweaked by me.

- Don't call _yp_unbind() in individual ypclnt functions unless we encounter
  an RPC error while making a clnt_call().





  to call clnt_destroy() on a potentially NULL RPC handle. Somebody should
  bang on this a bit to make sure the problem is really gone; I seem to
  have difficulty reproducing it. Patch provided by Peter Wemm and
  slightly tweaked by me.

- Don't call _yp_unbind() in individual ypclnt functions unless we encounter
  an RPC error while making a clnt_call().