Control: forwarded -1
https://sourceforge.net/p/libtirpc/mailman/message/36184164/
Hi!
On Mon, 2011-08-22 at 04:32:58 +0100, Ben Hutchings wrote:
> This depends on eglibc being patched as in #638810.
TBH, I find having to use an additional registry of ports a bit
annoying, when /etc/services is already there. In any case rpc.statd
from upstream nfs-utils already honors /etc/services, so here's a
patch doing something similar for libtirpc users. Which I've also
submitted upstream because at least this can be supported everywhere,
compared with the local patch for the blacklist.
Ideally to have all implementations be consistent, libtirpc would
switch to the libc bindresvport() implementation, and that one would
honor /etc/services. Maybe glibc upstream is now more amenable to such
change. :/
Attached the patch we are using locally.
Thanks,
Guillem
From 92e293bdf1b940cfc6deb8a5475eaddb24612140 Mon Sep 17 00:00:00 2001
From: Guillem Jover <gjo...@sipwise.com>
Date: Fri, 5 Jan 2018 14:33:06 +0100
Subject: [PATCH] Do not bind to reserved ports registered in /etc/services
When using the bindresvport() function a privileged port will be looked
for and bound to a socket. The problem is that any service using a static
privileged port registered in the /etc/services file, can get its port
taken over by libtirpc users, making the other service fail to start.
Starting the other service before libtircp users is not an option as
this does not cover restart situations, for example during package
upgrades or HA switchovers and similar.
In addition honoring the /etc/services registry is already done for
example by rpc.statd, so it seems obvious to make libtirpc follow this
same pattern too.
Signed-off-by: Guillem Jover <gjo...@sipwise.com>
---
src/bindresvport.c | 28 +++++++++++++++++++++++++++-
1 file changed, 27 insertions(+), 1 deletion(-)
diff --git a/src/bindresvport.c b/src/bindresvport.c
index 2d8f2bc..98e5f40 100644
--- a/src/bindresvport.c
+++ b/src/bindresvport.c
@@ -40,6 +40,7 @@
#include <netinet/in.h>
#include <errno.h>
+#include <netdb.h>
#include <string.h>
#include <unistd.h>
@@ -73,12 +74,15 @@ bindresvport_sa(sd, sa)
int sd;
struct sockaddr *sa;
{
- int res, af;
+ int res, af, so_proto;
+ socklen_t so_proto_len;
struct sockaddr_storage myaddr;
struct sockaddr_in *sin;
#ifdef INET6
struct sockaddr_in6 *sin6;
#endif
+ struct servent *se;
+ const char *se_proto;
u_int16_t *portp;
static u_int16_t port;
static short startport = STARTPORT;
@@ -125,6 +129,25 @@ bindresvport_sa(sd, sa)
}
sa->sa_family = af;
+ so_proto_len = sizeof(so_proto);
+ if (getsockopt(sd, SOL_SOCKET, SO_PROTOCOL, &so_proto, &so_proto_len) == -1) {
+ mutex_unlock(&port_lock);
+ return -1; /* errno is correctly set */
+ }
+ switch (so_proto) {
+ case IPPROTO_UDP:
+ case IPPROTO_UDPLITE:
+ se_proto = "udp";
+ break;
+ case IPPROTO_TCP:
+ se_proto = "tcp";
+ break;
+ default:
+ errno = ENOPROTOOPT;
+ mutex_unlock(&port_lock);
+ return -1;
+ }
+
if (port == 0) {
port = (getpid() % NPORTS) + STARTPORT;
}
@@ -135,6 +158,9 @@ bindresvport_sa(sd, sa)
*portp = htons(port++);
if (port > endport)
port = startport;
+ se = getservbyport(*portp, se_proto);
+ if (se != NULL)
+ continue;
res = bind(sd, sa, salen);
if (res >= 0 || errno != EADDRINUSE)
break;
--
2.15.1
