Page MenuHomeFreeBSD
Differential D10528

Support clnt_raw's use of FD_SETSIZE as a fake file descriptor.
ClosedPublic
Actions

Authored by brooks on Apr 27 2017, 11:43 PM.
Tags
None
Referenced Files
F149589624: D10528.id27832.diff
Wed, Mar 25, 11:06 AM
Unknown Object (File)
Tue, Mar 24, 7:17 AM
Unknown Object (File)
Tue, Mar 24, 4:11 AM
Unknown Object (File)
Tue, Mar 24, 1:56 AM
Unknown Object (File)
Tue, Mar 24, 1:14 AM
Unknown Object (File)
Sun, Mar 8, 9:39 PM
Unknown Object (File)
Sun, Mar 8, 9:39 PM
Unknown Object (File)
Sun, Mar 8, 6:30 PM
View All Files
Subscribers
ngie

Details

Reviewers
rmacklem
rwatson
ngie
Commits
rS318327: MFC r317660, r317710
rS318322: MFC r317660, r317710
rS317660: Support clnt_raw's use of FD_SETSIZE as a fake file descriptor.
Summary

Accomplish this by allocating space for it in __svc_xports and allowing
it to be registered. The failure to allocate space was causing an out of
bounds read in svc_getreq_common(). The failure to register caused PR 211804.

The bug was found with CHERI bounds checking.

PR: 211804
Obtained from: CheriBSD
Sponsored by: DARPA, AFRL

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

brooks created this revision.Apr 27 2017, 11:43 PM
Harbormaster completed remote builds in B8943: Diff 27800.Apr 27 2017, 11:43 PM
brooks edited the summary of this revision. (Show Details)Apr 27 2017, 11:43 PM
brooks added a comment.Apr 27 2017, 11:47 PM

FWIW, NetBSD switched to using -1 instead of FD_SETSIZE to allow larger sets. We should probably pick up their assorted RPC fixes at some point.

ngie added a comment.Apr 28 2017, 6:43 AM
In D10528#218125, @brooks wrote:

FWIW, NetBSD switched to using -1 instead of FD_SETSIZE to allow larger sets. We should probably pick up their assorted RPC fixes at some point.

+1

Does supporting code need to be added to not leak the extra bogus descriptor?

lib/libc/rpc/svc.c
116 ↗(On Diff #27800)

This really should be 0, not '\0'.

brooks updated this revision to Diff 27832.Apr 28 2017, 5:54 PM
  • Also deregister fake sockets for raw RPC.
Harbormaster completed remote builds in B8971: Diff 27832.Apr 28 2017, 5:54 PM
brooks added a reviewer: rwatson.Apr 28 2017, 6:01 PM
ngie accepted this revision.Apr 28 2017, 10:27 PM
This revision is now accepted and ready to land.Apr 28 2017, 10:27 PM
Closed by commit rS317660: Support clnt_raw's use of FD_SETSIZE as a fake file descriptor. (authored by brooks). · Explain WhyMay 1 2017, 8:04 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
head/
lib/
libc/
rpc/
10 lines

Diff 27895

View Options

head/lib/libc/rpc/svc.c

Loading...