1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
Description: Fix client code for hurd, avoiding malloc overflow
When trying to setup a inet connection, it happens the following:
- in libtirp, src/clnt_vc.c, clnt_vc_create gets called
- when trying to allocate vc_fd_locks, __rpc_dtbsize() is used as size
for that array of fd locks
- __rpc_dtbsize(), in src/rpc_generic.c, queries using rlimit the
maximum (rlim_max) number of file descriptors (RLIMIT_NOFILE):
- on Linux, the default is { rlim_cur = 1024, rlim_max = 4096 }
- on kFreeBSD, the default is { rlim_cur = 1024, rlim_max = 1024 }
- on Hurd, the default is { rlim_cur = 1024, rlim_max = RLIM_INFINITY }
meaning that on Hurd the memory allocation fails (as
__rpc_dtbsize() * sizeof(int) overflows and is negative)
Change libtiprc so __rpc_dtbsize falls back on rlim_cur if rlim_max
is unlimited.
This patch fixes the client connection using inet sockets; local unix
sockets are not working, for two reasons so far:
- getpeername on them gives EOPNOTSUPP
- SO_REUSEADDR is not implemented for them
Author: Pino Toscano <pino@debian.org>
Bug-Debian: http://bugs.debian.org/739674
Forwarded: no
Reviewed-By: Petter Reinholdtsen
Last-Update: 2020-03-03
--- a/src/rpc_generic.c
+++ b/src/rpc_generic.c
@@ -107,12 +107,17 @@
{
static int tbsize;
struct rlimit rl;
+ rlim_t lim;
if (tbsize) {
return (tbsize);
}
if (getrlimit(RLIMIT_NOFILE, &rl) == 0) {
- return (tbsize = (int)rl.rlim_cur);
+ lim = rl.rlim_max;
+ if (lim == RLIM_INFINITY) {
+ lim = rl.rlim_cur;
+ }
+ return (tbsize = (int)lim);
}
/*
* Something wrong. I'll try to save face by returning a
|