Project

General

Profile

Actions
Copy link

Bug #8098

closed

Some xdr_simple(3nsl) and xdr_complex(3nsl) functions can succeed for undefined xdrs->x_op values

Added by Marcel Telka about 6 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Low
Assignee:
Marcel Telka
Category:
lib - userland libraries
Start date:
2017-04-23
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:
External Bug:

Description

All xdr_simple(3nsl) and xdr_complex(3nsl) functions can succeed only in a case when xdrs->x_op is either XDR_ENCODE, XDR_DECODE, or XDR_FREE. For all other values in xdrs->x_op they fails. This is not true in the following cases:

  1. the xdr_hyper(3nsl) function always succeeds for undefined xdrs->x_op values,
  2. the xdr_opaque(3nsl) function always succeeds when cnt is 0,
  3. the xdr_reference(3nsl) function succeeds for undefined xdrs->x_op values in a case the passed xdrproc_t routine succeeds for undefined xdrs->x_op values,
  4. the xdr_vector(3nsl) function always succeeds when size is 0, or it succeed for undefined xdrs->x_op values in a case the passed xdrproc_t routine succeeds for undefined xdrs->x_op values.

For convenience we should harden all of the above cases.

Files

test.c (541 Bytes) test.c Marcel Telka, 2017-04-24 11:39 AM
Actions
Copy link
 #1

Updated by Marcel Telka about 6 years ago

  • Description updated (diff)
Actions
Copy link
 #2

Updated by Marcel Telka about 6 years ago

  • Description updated (diff)
Actions
Copy link
 #3

Updated by Marcel Telka about 6 years ago

The problem is easily reproducible using the attached test.c file. All five calls to xdr functions succeeds, but they should fail:

$ ./test
xdr_hyper: OK
xdr_opaque: OK
xdr_reference: OK
xdr_vector: OK
xdr_vector: OK
$

With the fix, all calls fails:

$ LD_PRELOAD=$CODEMGR_WS/proto/root_i386/usr/lib/libnsl.so.1 ./test
xdr_hyper: FAIL
xdr_opaque: FAIL
xdr_reference: FAIL
xdr_vector: FAIL
xdr_vector: FAIL
$
Actions
Copy link
 #5

Updated by Marcel Telka about 6 years ago

  • Status changed from In Progress to Pending RTI
Actions
Copy link
 #6

Updated by Electric Monk about 6 years ago

  • Status changed from Pending RTI to Closed
  • % Done changed from 0 to 100

git commit 22cc57556161a28b2141976ff578db2558def3e1

commit  22cc57556161a28b2141976ff578db2558def3e1
Author: Marcel Telka <marcel@telka.sk>
Date:   2017-05-03T21:21:34.000Z

    8098 Some xdr_simple(3nsl) and xdr_complex(3nsl) functions can succeed for undefined xdrs->x_op values
    Reviewed by: Yuri Pankov <yuri.pankov@gmail.com>
    Reviewed by: Jason King <jason.brian.king+illumos@gmail.com>
    Reviewed by: Vitaliy Gusev <gusev.vitaliy@icloud.com>
    Approved by: Robert Mustacchi <rm@joyent.com>

Actions
Copy link

Also available in: Atom PDF