Page MenuHomeFreeBSD

Support clnt_raw's use of FD_SETSIZE as a fake file descriptor.
ClosedPublic

Authored by brooks on Apr 27 2017, 11:43 PM.
Tags
None
Referenced Files
Unknown Object (File)
Nov 8 2024, 10:06 PM
Unknown Object (File)
Sep 24 2024, 4:19 AM
Unknown Object (File)
Sep 24 2024, 2:41 AM
Unknown Object (File)
Sep 24 2024, 12:22 AM
Unknown Object (File)
Sep 20 2024, 2:10 PM
Unknown Object (File)
Sep 19 2024, 7:26 PM
Unknown Object (File)
Sep 19 2024, 7:34 AM
Unknown Object (File)
Sep 19 2024, 2:46 AM
Subscribers

Details

Summary

Accomplish this by allocating space for it in __svc_xports and allowing
it to be registered. The failure to allocate space was causing an out of
bounds read in svc_getreq_common(). The failure to register caused PR 211804.

The bug was found with CHERI bounds checking.

PR: 211804
Obtained from: CheriBSD
Sponsored by: DARPA, AFRL

Diff Detail

Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 8971
Build 9365: arc lint + arc unit

Event Timeline

FWIW, NetBSD switched to using -1 instead of FD_SETSIZE to allow larger sets. We should probably pick up their assorted RPC fixes at some point.

FWIW, NetBSD switched to using -1 instead of FD_SETSIZE to allow larger sets. We should probably pick up their assorted RPC fixes at some point.

+1

Does supporting code need to be added to not leak the extra bogus descriptor?

lib/libc/rpc/svc.c
116

This really should be 0, not '\0'.

  • Also deregister fake sockets for raw RPC.
This revision is now accepted and ready to land.Apr 28 2017, 10:27 PM
This revision was automatically updated to reflect the committed changes.