freebsd-src/lib
Bill Paul 4c45fb08aa Correct a bug in the 'allow arbitrary number of socket descriptors' changes
made to the RPC code some months ago. The value of __svc_fdsetsize is being
calculated incorrectly.

Logically, one would assume that __svc_fdsetsize is being used as a
substitute for FD_SETSIZE, with the difference being that __svc_fdsetsize
can be expanded on the fly to accomodate more descriptors if need be.
There are two problems: first, __svc_fdsetsize is not initialized to 0.
Second, __svc_fdsetsize is being calculated in svc.c:xprt_registere() as:

                __svc_fdsetsize = howmany(sock+1, NFDBITS);

This is wrong. If we are adding a socket with index value 4 to the
descriptor set, then __svc_fdsetsize will be 1 (since fds_bits is
an unsigned long, it can support any descriptor from 0 to 31, so we
only need one of them). In order for this to make sense with the
rest of the code though, it should be:

                __svc_fdsetsize = howmany(sock+1, NFDBITS) * NFDBITS;

Now if sock == 4, __svc_fdsetsize will be 32.

This bug causes 2 errors to occur. First, in xprt_register(), it
causes the __svc_fdset descriptor array to be freed and reallocated
unnecessarily. The code checks if it needs to expand the array using
the test: if (sock + 1 > __svc_fdsetsize). The very first time through,
__svc_fdsetsize is 0, which is fine: an array has to be allocated the
first time out. However __svc_fdsetsize is incorrectly set to 1, so
on the second time through, the test (sock + 1 > __svc_fdsetsize)
will still succeed, and the __svc_fdset array will be destroyed and
reallocated for no reason.

Second, the code in svc_run.c:svc_run() can become hopelessly confused.
The svc_run() routine malloc()s its own fd_set array using the value
of __svc_fdsetsize to decide how much memory to allocate. Once the
xprt_register() function expands the __svc_fdset array the first time,
the value for __svc_fdsetsize becomes 2, which is too small: the resulting
calculation causes the code to allocate an array that's only 32 bits wide
when it actually needs 64 bits. It also uses the valuse of __svc_fdsetsize
when copying the contents of the __svc_fdset array into the new array.
The end result is that all but the first 32 file descriptors get lost.

Note: from what I can tell, this bug originated in OpenBSD and was
brought over to us when the code was merged. The bug is still there
in the OpenBSD source.

Total nervous breakdown averted by: Electric Fence 2.0.5
1997-10-14 21:50:17 +00:00
..
compat Add libg++ 3.0 1997-04-03 06:08:28 +00:00
csu/i386 Make this file p-make clean. (Use "ld -O foo" instead of "ld; mv 1997-10-11 02:37:42 +00:00
libalias Upgrade to 2.4 (Fix -PKT_ALIAS_UNREGISTERED_ONLY) 1997-09-06 11:11:43 +00:00
libc Correct a bug in the 'allow arbitrary number of socket descriptors' changes 1997-10-14 21:50:17 +00:00
libc_r Bring back nanosleep from the cold. 1997-06-04 13:03:12 +00:00
libcom_err Revert $FreeBSD$ to $Id$ 1997-02-22 15:12:41 +00:00
libcompat kill the undead 1997-07-13 14:26:00 +00:00
libcrypt When compiling under elf, use correct library naming conventions. Also 1997-09-05 12:12:35 +00:00
libcurses Remove extra definition of vwprintw. 1997-08-23 23:23:07 +00:00
libdisk Fixed this header to compile with gcc -pedantic -Werror (removed comma 1997-03-19 01:54:04 +00:00
libedit Sort cross refereces in section SEE ALSO. 1997-09-29 19:11:55 +00:00
libf2c Add a -I switch to CFLAGS to use the f2c.h header file in the usr.bin/f2c 1997-04-24 17:10:56 +00:00
libF77 Upgrade to the 1997/02/26 version. 1997-04-13 01:16:58 +00:00
libftpio Teach ftpErrString to format UNIX errnos, since at least ftpLogin() 1997-10-02 23:26:03 +00:00
libgnumalloc Revert $FreeBSD$ to $Id$ 1997-02-22 15:12:41 +00:00
libI77 Upgrade to the 1997/02/26 version. 1997-04-13 01:16:58 +00:00
libipx -I${DESTDIR}/sys -> -I${.CURDIR}/../../sys. 1997-08-26 14:13:02 +00:00
libkse Bring back nanosleep from the cold. 1997-06-04 13:03:12 +00:00
libkvm -I${DESTDIR}/sys -> -I${.CURDIR}/../../sys. 1997-08-26 14:13:02 +00:00
libm This commit was generated by cvs2svn to compensate for changes in r27180, 1997-07-03 03:28:27 +00:00
libmd If not building a.out, still build a pic version of libmd. This allows 1997-09-05 11:49:43 +00:00
libmytinfo Fix longstanding bug with buffer pointer goes beyoud buffer start 1997-08-13 01:21:36 +00:00
libncurses environmental -> environment. 1997-09-18 06:55:21 +00:00
libopie Move locks from /etc/opielocks to /var/run/opielocks to keep 1997-10-01 13:02:20 +00:00
libpam/modules Changes for KTH KerberosIV. 1997-09-28 08:57:24 +00:00
libpcap Also install pcap-int.h so things can call pcap_compile on arbitary 1997-10-10 11:55:42 +00:00
libpthread Bring back nanosleep from the cold. 1997-06-04 13:03:12 +00:00
libresolv Yet another attempt to remove the old libraries correctly. libfoo.* 1996-10-08 20:06:41 +00:00
librpcsvc Fix conflicts (this one is easy: there's just the Makefile). 1997-05-28 04:53:07 +00:00
libscsi -I${DESTDIR}/sys -> -I${.CURDIR}/../../sys. 1997-08-26 14:13:02 +00:00
libskey If building under elf, have libskey.so depend on libmd and libcrypt. 1997-09-05 11:52:20 +00:00
libss Revert $FreeBSD$ to $Id$ 1997-02-22 15:12:41 +00:00
libtcl Update to tcl8.0 release version. 1997-10-01 13:37:27 +00:00
libtelnet Revert $FreeBSD$ to $Id$ 1997-02-22 15:12:41 +00:00
libtermcap Restore back issetugid() usage and bump major number 1997-08-31 08:37:28 +00:00
libutil Remove the claim that UUCP locking were not atomic. It is since 1997-10-07 07:24:50 +00:00
libvgl Add rudimentary support for using the keyboard. 1997-10-01 20:53:41 +00:00
libxpg4 Add mskanji.c 1997-09-25 23:24:35 +00:00
liby Revert $FreeBSD$ to $Id$ 1997-02-22 15:12:41 +00:00
libz This commit was generated by cvs2svn to compensate for changes in r29747, 1997-09-23 21:34:42 +00:00
msun Hide the declaration of `struct exception' from C++, since it conflicts 1997-08-31 22:12:19 +00:00
ncurses/ncurses Fix saving/restoring tty modes, allow initscr be called twice, 1997-08-25 07:41:15 +00:00
Makefile Changes for KTH KerberosIV 1997-09-28 09:08:48 +00:00
Makefile.inc