Description: Fix client code for hurd, avoiding malloc overflow When trying to setup a inet connection, it happens the following: - in libtirp, src/clnt_vc.c, clnt_vc_create gets called - when trying to allocate vc_fd_locks, __rpc_dtbsize() is used as size for that array of fd locks - __rpc_dtbsize(), in src/rpc_generic.c, queries using rlimit the maximum (rlim_max) number of file descriptors (RLIMIT_NOFILE): - on Linux, the default is { rlim_cur = 1024, rlim_max = 4096 } - on kFreeBSD, the default is { rlim_cur = 1024, rlim_max = 1024 } - on Hurd, the default is { rlim_cur = 1024, rlim_max = RLIM_INFINITY } meaning that on Hurd the memory allocation fails (as __rpc_dtbsize() * sizeof(int) overflows and is negative) Change libtiprc so __rpc_dtbsize falls back on rlim_cur if rlim_max is unlimited. This patch fixes the client connection using inet sockets; local unix sockets are not working, for two reasons so far: - getpeername on them gives EOPNOTSUPP - SO_REUSEADDR is not implemented for them Author: Pino Toscano Bug-Debian: http://bugs.debian.org/739674 Forwarded: no Reviewed-By: Petter Reinholdtsen Last-Update: 2020-03-03 --- a/src/rpc_generic.c +++ b/src/rpc_generic.c @@ -107,12 +107,17 @@ { static int tbsize; struct rlimit rl; + rlim_t lim; if (tbsize) { return (tbsize); } if (getrlimit(RLIMIT_NOFILE, &rl) == 0) { - return (tbsize = (int)rl.rlim_cur); + lim = rl.rlim_max; + if (lim == RLIM_INFINITY) { + lim = rl.rlim_cur; + } + return (tbsize = (int)lim); } /* * Something wrong. I'll try to save face by returning a