Page MenuHomeFreeBSD
Differential D10528

Support clnt_raw's use of FD_SETSIZE as a fake file descriptor.
ClosedPublic
Actions

Authored by brooks on Apr 27 2017, 11:43 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Oct 16, 3:12 AM
Unknown Object (File)
Sat, Oct 4, 8:39 PM
Unknown Object (File)
Thu, Sep 25, 3:56 PM
Unknown Object (File)
Mon, Sep 22, 9:28 PM
Unknown Object (File)
Sep 8 2025, 12:36 PM
Unknown Object (File)
Sep 8 2025, 4:49 AM
Unknown Object (File)
Sep 6 2025, 2:06 AM
Unknown Object (File)
Aug 31 2025, 12:16 PM
View All 76 Files
Subscribers
ngie

Details

Reviewers
rmacklem
rwatson
ngie
Commits
rS318327: MFC r317660, r317710
rS318322: MFC r317660, r317710
rS317660: Support clnt_raw's use of FD_SETSIZE as a fake file descriptor.
Summary

Accomplish this by allocating space for it in __svc_xports and allowing
it to be registered. The failure to allocate space was causing an out of
bounds read in svc_getreq_common(). The failure to register caused PR 211804.

The bug was found with CHERI bounds checking.

PR: 211804
Obtained from: CheriBSD
Sponsored by: DARPA, AFRL

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

brooks created this revision.Apr 27 2017, 11:43 PM
Harbormaster completed remote builds in B8943: Diff 27800.Apr 27 2017, 11:43 PM
brooks edited the summary of this revision. (Show Details)Apr 27 2017, 11:43 PM
brooks added a comment.Apr 27 2017, 11:47 PM

FWIW, NetBSD switched to using -1 instead of FD_SETSIZE to allow larger sets. We should probably pick up their assorted RPC fixes at some point.

ngie added a comment.Apr 28 2017, 6:43 AM
In D10528#218125, @brooks wrote:

FWIW, NetBSD switched to using -1 instead of FD_SETSIZE to allow larger sets. We should probably pick up their assorted RPC fixes at some point.

+1

Does supporting code need to be added to not leak the extra bogus descriptor?

lib/libc/rpc/svc.c
116 ↗(On Diff #27800)

This really should be 0, not '\0'.

brooks updated this revision to Diff 27832.Apr 28 2017, 5:54 PM
  • Also deregister fake sockets for raw RPC.
Harbormaster completed remote builds in B8971: Diff 27832.Apr 28 2017, 5:54 PM
brooks added a reviewer: rwatson.Apr 28 2017, 6:01 PM
ngie accepted this revision.Apr 28 2017, 10:27 PM
This revision is now accepted and ready to land.Apr 28 2017, 10:27 PM
Closed by commit rS317660: Support clnt_raw's use of FD_SETSIZE as a fake file descriptor. (authored by brooks). · Explain WhyMay 1 2017, 8:04 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
head/
lib/
libc/
rpc/
10 lines

Diff 27895

View Options

head/lib/libc/rpc/svc.c

Loading...