NetBSD Problem Report #47617
From www@NetBSD.org Mon Mar 4 15:08:07 2013
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
by www.NetBSD.org (Postfix) with ESMTP id 9FBC963C07C
for <gnats-bugs@gnats.NetBSD.org>; Mon, 4 Mar 2013 15:08:06 +0000 (UTC)
Message-Id: <20130304150805.88C2D63C07C@www.NetBSD.org>
Date: Mon, 4 Mar 2013 15:08:05 +0000 (UTC)
From: tbrehm@dspace.de
Reply-To: tbrehm@dspace.de
To: gnats-bugs@NetBSD.org
Subject: Memory and socket leak in librpc
X-Send-Pr-Version: www-1.0
>Number: 47617
>Category: lib
>Synopsis: Memory and socket leak in librpc
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: lib-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Mar 04 15:10:01 +0000 2013
>Closed-Date: Tue Mar 05 16:31:34 +0000 2013
>Last-Modified: Wed Mar 06 01:10:09 +0000 2013
>Originator: Thorsten Brehm
>Release: NetBSD 6.0.1
>Organization:
dSPACE
>Environment:
>Description:
A memory and a socket descriptor leak is triggered in librpc whenever a new RPC connection is processed, where the file descriptor exceeds the FD_SETSIZE limit (i.e. when the process has too many open file/socket handles).
Cause of the problem is "xprt_register", which detects the error condition (socket > FD_SETSIZE), however it does not report the error, nor return status information to the caller. The calling functions, unaware that "xprt_register" failed, assume the socket is always registered – so do not free related memory, neither do they close the new connection socket.
I'm attaching a patch fixing the issue:
* It adds a return status to "xprt_register" (bool_t instead of void).
* It adds appropriate error checks to all callers of "xprt_register", so they can free memory and close the unhandled socket when the issue occurs.
The patch should be clean – I’ve been using it locally for a while. If you need anything else about it, let me know.
>How-To-Repeat:
Choose an arbitrary RPC server interface and keep creating RPC client connections until FD_SETSIZE is exceeded (and keep going). Eventually check memory consumption and especially socket statistics for the RPC server process, which will show loads of pending (leaked) sockets.
>Fix:
(I'm attaching a patch by email)
>Release-Note:
>Audit-Trail:
From: Thorsten Brehm <tbrehm@dspace.de>
To: "gnats-bugs@NetBSD.org" <gnats-bugs@NetBSD.org>
Cc:
Subject: RE: lib/47617: Memory and socket leak in librpc
Date: Mon, 4 Mar 2013 15:21:21 +0000
--_002_C8EE0F1FA402474893651B07DA446721EDC3F6C4Exchange2010dsp_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Attached is the patch fixing the issue (see description above).
Best regards,
Thorsten
--_002_C8EE0F1FA402474893651B07DA446721EDC3F6C4Exchange2010dsp_
Content-Type: application/octet-stream; name="rpc_xprt_register.patch"
Content-Description: rpc_xprt_register.patch
Content-Disposition: attachment; filename="rpc_xprt_register.patch";
size=5251; creation-date="Mon, 04 Mar 2013 11:29:52 GMT";
modification-date="Mon, 04 Mar 2013 13:50:53 GMT"
Content-Transfer-Encoding: base64
ZGlmZiAtcnUgb3JpZ2luYWwvaW5jbHVkZS9ycGMvc3ZjLmggc3JjL2luY2x1ZGUvcnBjL3N2Yy5o
Ci0tLSBvcmlnaW5hbC9pbmNsdWRlL3JwYy9zdmMuaAlUdWUgQXVnIDMwIDIwOjA2OjIwIDIwMTEK
KysrIHNyYy9pbmNsdWRlL3JwYy9zdmMuaAlNb24gTWFyICA0IDEyOjA1OjEzIDIwMTMKQEAgLTIy
MSw3ICsyMjEsNyBAQAogICoJU1ZDWFBSVCAqeHBydDsNCiAgKi8NCiBfX0JFR0lOX0RFQ0xTDQot
ZXh0ZXJuIHZvaWQJeHBydF9yZWdpc3RlcgkoU1ZDWFBSVCAqKTsNCitleHRlcm4gYm9vbF90CXhw
cnRfcmVnaXN0ZXIJKFNWQ1hQUlQgKik7DQogX19FTkRfREVDTFMNCiANCiAvKg0KZGlmZiAtcnUg
b3JpZ2luYWwvbGliL2xpYmMvcnBjL3JwY19zb2MuMyBzcmMvbGliL2xpYmMvcnBjL3JwY19zb2Mu
MwotLS0gb3JpZ2luYWwvbGliL2xpYmMvcnBjL3JwY19zb2MuMwlTdW4gSmFuIDExIDAzOjQ2OjMw
IDIwMDkKKysrIHNyYy9saWIvbGliYy9ycGMvcnBjX3NvYy4zCU1vbiBNYXIgIDQgMTI6MjQ6MzQg
MjAxMwpAQCAtMjIxLDcgKzIyMSw3IEBACiAuRm4geGRyX3JlamVjdGVkX3JlcGx5ICJYRFIgKnhk
cnMiICJzdHJ1Y3QgcmVqZWN0ZWRfcmVwbHkgKnJyIg0KIC5GdCBpbnQNCiAuRm4geGRyX3JlcGx5
bXNnICJYRFIgKnhkcnMiICJzdHJ1Y3QgcnBjX21zZyAqcm1zZyINCi0uRnQgdm9pZA0KKy5GdCBi
b29sX3QNCiAuRm4geHBydF9yZWdpc3RlciAiU1ZDWFBSVCAqeHBydCINCiAuRnQgdm9pZA0KIC5G
biB4cHJ0X3VucmVnaXN0ZXIgIlNWQ1hQUlQgKnhwcnQiDQpkaWZmIC1ydSBvcmlnaW5hbC9saWIv
bGliYy9ycGMvcnBjX3N2Y19yZWcuMyBzcmMvbGliL2xpYmMvcnBjL3JwY19zdmNfcmVnLjMKLS0t
IG9yaWdpbmFsL2xpYi9saWJjL3JwYy9ycGNfc3ZjX3JlZy4zCVdlZCBNYXIgMTEgMTQ6MzY6MDIg
MjAwOQorKysgc3JjL2xpYi9saWJjL3JwYy9ycGNfc3ZjX3JlZy4zCU1vbiBNYXIgIDQgMTI6MjY6
MTIgMjAxMwpAQCAtMjcsNyArMjcsNyBAQAogLkZuIHN2Y191bnJlZyAiY29uc3QgcnBjcHJvZ190
IHByb2dudW0iICJjb25zdCBycGN2ZXJzX3QgdmVyc251bSINCiAuRnQgaW50DQogLkZuIHN2Y19h
dXRoX3JlZyAiY29uc3QgaW50IGNyZWRfZmxhdm9yIiAiY29uc3QgZW51bSBhdXRoX3N0YXQgKCpo
YW5kbGVyKHN0cnVjdCBzdmNfcmVxICosIHN0cnVjdCBycGNfbXNnICopKSINCi0uRnQgdm9pZA0K
Ky5GdCBib29sX3QNCiAuRm4geHBydF9yZWdpc3RlciAiY29uc3QgU1ZDWFBSVCAqeHBydCINCiAu
RnQgdm9pZA0KIC5GbiB4cHJ0X3VucmVnaXN0ZXIgImNvbnN0IFNWQ1hQUlQgKnhwcnQiDQpkaWZm
IC1ydSBvcmlnaW5hbC9saWIvbGliYy9ycGMvc3ZjLmMgc3JjL2xpYi9saWJjL3JwYy9zdmMuYwot
LS0gb3JpZ2luYWwvbGliL2xpYmMvcnBjL3N2Yy5jCVR1ZSBNYXIgMjAgMTg6MTQ6NTAgMjAxMgor
Kysgc3JjL2xpYi9saWJjL3JwYy9zdmMuYwlNb24gTWFyICA0IDE0OjQ2OjUyIDIwMTMKQEAgLTEy
NSw3ICsxMjUsNyBAQAogLyoNCiAgKiBBY3RpdmF0ZSBhIHRyYW5zcG9ydCBoYW5kbGUuDQogICov
DQotdm9pZA0KK2Jvb2xfdA0KIHhwcnRfcmVnaXN0ZXIoU1ZDWFBSVCAqeHBydCkNCiB7DQogCWlu
dCBzb2NrOw0KQEAgLTE0MywxMyArMTQzLDIwIEBACiAJCX0NCiAJCW1lbXNldChfX3N2Y194cG9y
dHMsICdcMCcsIEZEX1NFVFNJWkUgKiBzaXplb2YoU1ZDWFBSVCAqKSk7DQogCX0NCi0JaWYgKHNv
Y2sgPCBGRF9TRVRTSVpFKSB7DQotCQlfX3N2Y194cG9ydHNbc29ja10gPSB4cHJ0Ow0KLQkJRkRf
U0VUKHNvY2ssICZzdmNfZmRzZXQpOw0KLQkJc3ZjX21heGZkID0gbWF4KHN2Y19tYXhmZCwgc29j
ayk7DQorCWlmIChzb2NrID49IEZEX1NFVFNJWkUpDQorCXsNCisJCXdhcm54KCJ4cHJ0X3JlZ2lz
dGVyOiBzb2NrZXQgZGVzY3JpcHRvciBvdXQgb2YgYm91bmRzIik7DQorCQlnb3RvIG91dDsNCiAJ
fQ0KKwlfX3N2Y194cG9ydHNbc29ja10gPSB4cHJ0Ow0KKwlGRF9TRVQoc29jaywgJnN2Y19mZHNl
dCk7DQorCXN2Y19tYXhmZCA9IG1heChzdmNfbWF4ZmQsIHNvY2spOw0KKwlyd2xvY2tfdW5sb2Nr
KCZzdmNfZmRfbG9jayk7DQorCXJldHVybiAoVFJVRSk7DQorDQogb3V0Og0KIAlyd2xvY2tfdW5s
b2NrKCZzdmNfZmRfbG9jayk7DQorCXJldHVybiAoRkFMU0UpOw0KIH0NCiANCiB2b2lkDQpkaWZm
IC1ydSBvcmlnaW5hbC9saWIvbGliYy9ycGMvc3ZjX2RnLmMgc3JjL2xpYi9saWJjL3JwYy9zdmNf
ZGcuYwotLS0gb3JpZ2luYWwvbGliL2xpYmMvcnBjL3N2Y19kZy5jCVR1ZSBNYXIgMjAgMTg6MTQ6
NTAgMjAxMgorKysgc3JjL2xpYi9saWJjL3JwYy9zdmNfZGcuYwlNb24gTWFyICA0IDE0OjE1OjI0
IDIwMTMKQEAgLTEyOCwxNSArMTI4LDE1IEBACiANCiAJeHBydCA9IG1lbV9hbGxvYyhzaXplb2Yg
KFNWQ1hQUlQpKTsNCiAJaWYgKHhwcnQgPT0gTlVMTCkNCi0JCWdvdG8gZnJlZWRhdGE7DQorCQln
b3RvIG91dG9mbWVtOw0KIAltZW1zZXQoeHBydCwgMCwgc2l6ZW9mIChTVkNYUFJUKSk7DQogDQog
CXN1ID0gbWVtX2FsbG9jKHNpemVvZiAoKnN1KSk7DQogCWlmIChzdSA9PSBOVUxMKQ0KLQkJZ290
byBmcmVlZGF0YTsNCisJCWdvdG8gb3V0b2ZtZW07DQogCXN1LT5zdV9pb3N6ID0gKChNQVgoc2Vu
ZHNpemUsIHJlY3ZzaXplKSArIDMpIC8gNCkgKiA0Ow0KIAlpZiAoKHJwY19idWZmZXIoeHBydCkg
PSBtYWxsb2Moc3UtPnN1X2lvc3opKSA9PSBOVUxMKQ0KLQkJZ290byBmcmVlZGF0YTsNCisJCWdv
dG8gb3V0b2ZtZW07DQogCV9ESUFHQVNTRVJUKF9fdHlwZV9maXQodV9pbnQsIHN1LT5zdV9pb3N6
KSk7DQogCXhkcm1lbV9jcmVhdGUoJihzdS0+c3VfeGRycyksIHJwY19idWZmZXIoeHBydCksICh1
X2ludClzdS0+c3VfaW9zeiwNCiAJCVhEUl9ERUNPREUpOw0KQEAgLTE0OSwxNiArMTQ5LDE5IEBA
CiANCiAJc2xlbiA9IHNpemVvZiBzczsNCiAJaWYgKGdldHNvY2tuYW1lKGZkLCAoc3RydWN0IHNv
Y2thZGRyICopKHZvaWQgKikmc3MsICZzbGVuKSA8IDApDQotCQlnb3RvIGZyZWVkYXRhOw0KKwkJ
Z290byBvdXRvZm1lbTsNCiAJeHBydC0+eHBfbHRhZGRyLmJ1ZiA9IG1lbV9hbGxvYyhzaXplb2Yg
KHN0cnVjdCBzb2NrYWRkcl9zdG9yYWdlKSk7DQogCXhwcnQtPnhwX2x0YWRkci5tYXhsZW4gPSBz
aXplb2YgKHN0cnVjdCBzb2NrYWRkcl9zdG9yYWdlKTsNCiAJeHBydC0+eHBfbHRhZGRyLmxlbiA9
IHNsZW47DQogCW1lbWNweSh4cHJ0LT54cF9sdGFkZHIuYnVmLCAmc3MsIHNsZW4pOw0KIA0KLQl4
cHJ0X3JlZ2lzdGVyKHhwcnQpOw0KKwlpZiAoIXhwcnRfcmVnaXN0ZXIoeHBydCkpDQorCQlnb3Rv
IGZyZWVkYXRhOw0KIAlyZXR1cm4gKHhwcnQpOw0KLWZyZWVkYXRhOg0KKw0KK291dG9mbWVtOg0K
IAkodm9pZCkgd2Fybngoc3ZjX2RnX3N0ciwgX19ub19tZW1fc3RyKTsNCitmcmVlZGF0YToNCiAJ
aWYgKHhwcnQpIHsNCiAJCWlmIChzdSkNCiAJCQkodm9pZCkgbWVtX2ZyZWUoc3UsIHNpemVvZiAo
KnN1KSk7DQpkaWZmIC1ydSBvcmlnaW5hbC9saWIvbGliYy9ycGMvc3ZjX3Jhdy5jIHNyYy9saWIv
bGliYy9ycGMvc3ZjX3Jhdy5jCi0tLSBvcmlnaW5hbC9saWIvbGliYy9ycGMvc3ZjX3Jhdy5jCVR1
ZSBNYXIgMjAgMTg6MTQ6NTAgMjAxMgorKysgc3JjL2xpYi9saWJjL3JwYy9zdmNfcmF3LmMJTW9u
IE1hciAgNCAxMjoyMTo0OSAyMDEzCkBAIC0xMTcsNyArMTE3LDggQEAKIAlzdmNfcmF3X29wcygm
c3JwLT5zZXJ2ZXIpOw0KIAlzcnAtPnNlcnZlci54cF92ZXJmLm9hX2Jhc2UgPSBzcnAtPnZlcmZf
Ym9keTsNCiAJeGRybWVtX2NyZWF0ZSgmc3JwLT54ZHJfc3RyZWFtLCBzcnAtPnJhd19idWYsIFVE
UE1TR1NJWkUsIFhEUl9ERUNPREUpOw0KLQl4cHJ0X3JlZ2lzdGVyKCZzcnAtPnNlcnZlcik7DQor
CWlmICgheHBydF9yZWdpc3Rlcigmc3JwLT5zZXJ2ZXIpKQ0KKwkJZ290byBvdXQ7DQogCW11dGV4
X3VubG9jaygmc3ZjcmF3X2xvY2spOw0KIAlyZXR1cm4gKCZzcnAtPnNlcnZlcik7DQogb3V0Og0K
ZGlmZiAtcnUgb3JpZ2luYWwvbGliL2xpYmMvcnBjL3N2Y192Yy5jIHNyYy9saWIvbGliYy9ycGMv
c3ZjX3ZjLmMKLS0tIG9yaWdpbmFsL2xpYi9saWJjL3JwYy9zdmNfdmMuYwlUdWUgRmViIDI2IDIx
OjU1OjI2IDIwMTMKKysrIHNyYy9saWIvbGliYy9ycGMvc3ZjX3ZjLmMJTW9uIE1hciAgNCAxNDox
Njo1MCAyMDEzCkBAIC0xODgsNyArMTg4LDggQEAKIAltZW1jcHkoeHBydC0+eHBfbHRhZGRyLmJ1
ZiwgJnNzbG9jYWwsIChzaXplX3Qpc3Nsb2NhbC5zc19sZW4pOw0KIA0KIAl4cHJ0LT54cF9ydGFk
ZHIubWF4bGVuID0gc2l6ZW9mIChzdHJ1Y3Qgc29ja2FkZHJfc3RvcmFnZSk7DQotCXhwcnRfcmVn
aXN0ZXIoeHBydCk7DQorCWlmICgheHBydF9yZWdpc3Rlcih4cHJ0KSkNCisJCWdvdG8gY2xlYW51
cF9zdmNfdmNfY3JlYXRlOw0KIAlyZXR1cm4geHBydDsNCiBjbGVhbnVwX3N2Y192Y19jcmVhdGU6
DQogCWlmICh4cHJ0KQ0KQEAgLTI2OCwxMSArMjY5LDExIEBACiANCiAJeHBydCA9IG1lbV9hbGxv
YyhzaXplb2YoU1ZDWFBSVCkpOw0KIAlpZiAoeHBydCA9PSBOVUxMKQ0KLQkJZ290byBvdXQ7DQor
CQlnb3RvIG91dG9mbWVtOw0KIAltZW1zZXQoeHBydCwgMCwgc2l6ZW9mICp4cHJ0KTsNCiAJY2Qg
PSBtZW1fYWxsb2Moc2l6ZW9mKHN0cnVjdCBjZl9jb25uKSk7DQogCWlmIChjZCA9PSBOVUxMKQ0K
LQkJZ290byBvdXQ7DQorCQlnb3RvIG91dG9mbWVtOw0KIAljZC0+c3RybV9zdGF0ID0gWFBSVF9J
RExFOw0KIAl4ZHJyZWNfY3JlYXRlKCYoY2QtPnhkcnMpLCBzZW5kc2l6ZSwgcmVjdnNpemUsDQog
CSAgICAoY2FkZHJfdCkodm9pZCAqKXhwcnQsIHJlYWRfdmMsIHdyaXRlX3ZjKTsNCkBAIC0yODMs
MTIgKzI4NCwxNSBAQAogCXhwcnQtPnhwX2ZkID0gZmQ7DQogCWlmIChfX3JwY19mZDJzb2NraW5m
byhmZCwgJnNpKSAmJiBfX3JwY19zb2NraW5mbzJuZXRpZCgmc2ksICZuZXRpZCkpDQogCQlpZiAo
KHhwcnQtPnhwX25ldGlkID0gc3RyZHVwKG5ldGlkKSkgPT0gTlVMTCkNCi0JCQlnb3RvIG91dDsN
CisJCQlnb3RvIG91dG9mbWVtOw0KIA0KLQl4cHJ0X3JlZ2lzdGVyKHhwcnQpOw0KKwlpZiAoIXhw
cnRfcmVnaXN0ZXIoeHBydCkpDQorCQlnb3RvIG91dDsNCiAJcmV0dXJuIHhwcnQ7DQotb3V0Og0K
Kw0KK291dG9mbWVtOg0KIAl3YXJuKCJzdmNfdGNwOiBtYWtlZmRfeHBydCIpOw0KK291dDoNCiAJ
aWYgKHhwcnQpDQogCQltZW1fZnJlZSh4cHJ0LCBzaXplb2YoU1ZDWFBSVCkpOw0KIAlyZXR1cm4g
TlVMTDsNCg==
--_002_C8EE0F1FA402474893651B07DA446721EDC3F6C4Exchange2010dsp_--
From: Thorsten Brehm <tbrehm@dspace.de>
To: "gnats-bugs@NetBSD.org" <gnats-bugs@NetBSD.org>
Cc:
Subject: RE: lib/47617: Memory and socket leak in librpc
Date: Mon, 4 Mar 2013 15:31:49 +0000
Ah, sorry, my inferior mail client is messing things up again. It should ha=
ve been a plain-text attachment... ;-)
Hopefully this works out ok:
diff -ru original/include/rpc/svc.h src/include/rpc/svc.h
--- original/include/rpc/svc.h Tue Aug 30 20:06:20 2011
+++ src/include/rpc/svc.h Mon Mar 4 12:05:13 2013
@@ -221,7 +221,7 @@
* SVCXPRT *xprt;
*/
__BEGIN_DECLS
-extern void xprt_register (SVCXPRT *);
+extern bool_t xprt_register (SVCXPRT *);
__END_DECLS
=20
/*
diff -ru original/lib/libc/rpc/rpc_soc.3 src/lib/libc/rpc/rpc_soc.3
--- original/lib/libc/rpc/rpc_soc.3 Sun Jan 11 03:46:30 2009
+++ src/lib/libc/rpc/rpc_soc.3 Mon Mar 4 12:24:34 2013
@@ -221,7 +221,7 @@
.Fn xdr_rejected_reply "XDR *xdrs" "struct rejected_reply *rr"
.Ft int
.Fn xdr_replymsg "XDR *xdrs" "struct rpc_msg *rmsg"
-.Ft void
+.Ft bool_t
.Fn xprt_register "SVCXPRT *xprt"
.Ft void
.Fn xprt_unregister "SVCXPRT *xprt"
diff -ru original/lib/libc/rpc/rpc_svc_reg.3 src/lib/libc/rpc/rpc_svc_reg.3
--- original/lib/libc/rpc/rpc_svc_reg.3 Wed Mar 11 14:36:02 2009
+++ src/lib/libc/rpc/rpc_svc_reg.3 Mon Mar 4 12:26:12 2013
@@ -27,7 +27,7 @@
.Fn svc_unreg "const rpcprog_t prognum" "const rpcvers_t versnum"
.Ft int
.Fn svc_auth_reg "const int cred_flavor" "const enum auth_stat (*handler(s=
truct svc_req *, struct rpc_msg *))"
-.Ft void
+.Ft bool_t
.Fn xprt_register "const SVCXPRT *xprt"
.Ft void
.Fn xprt_unregister "const SVCXPRT *xprt"
diff -ru original/lib/libc/rpc/svc.c src/lib/libc/rpc/svc.c
--- original/lib/libc/rpc/svc.c Tue Mar 20 18:14:50 2012
+++ src/lib/libc/rpc/svc.c Mon Mar 4 14:46:52 2013
@@ -125,7 +125,7 @@
/*
* Activate a transport handle.
*/
-void
+bool_t
xprt_register(SVCXPRT *xprt)
{
int sock;
@@ -143,13 +143,20 @@
}
memset(__svc_xports, '\0', FD_SETSIZE * sizeof(SVCXPRT *));
}
- if (sock < FD_SETSIZE) {
- __svc_xports[sock] =3D xprt;
- FD_SET(sock, &svc_fdset);
- svc_maxfd =3D max(svc_maxfd, sock);
+ if (sock >=3D FD_SETSIZE)
+ {
+ warnx("xprt_register: socket descriptor out of bounds");
+ goto out;
}
+ __svc_xports[sock] =3D xprt;
+ FD_SET(sock, &svc_fdset);
+ svc_maxfd =3D max(svc_maxfd, sock);
+ rwlock_unlock(&svc_fd_lock);
+ return (TRUE);
+
out:
rwlock_unlock(&svc_fd_lock);
+ return (FALSE);
}
=20
void
diff -ru original/lib/libc/rpc/svc_dg.c src/lib/libc/rpc/svc_dg.c
--- original/lib/libc/rpc/svc_dg.c Tue Mar 20 18:14:50 2012
+++ src/lib/libc/rpc/svc_dg.c Mon Mar 4 14:15:24 2013
@@ -128,15 +128,15 @@
=20
xprt =3D mem_alloc(sizeof (SVCXPRT));
if (xprt =3D=3D NULL)
- goto freedata;
+ goto outofmem;
memset(xprt, 0, sizeof (SVCXPRT));
=20
su =3D mem_alloc(sizeof (*su));
if (su =3D=3D NULL)
- goto freedata;
+ goto outofmem;
su->su_iosz =3D ((MAX(sendsize, recvsize) + 3) / 4) * 4;
if ((rpc_buffer(xprt) =3D malloc(su->su_iosz)) =3D=3D NULL)
- goto freedata;
+ goto outofmem;
_DIAGASSERT(__type_fit(u_int, su->su_iosz));
xdrmem_create(&(su->su_xdrs), rpc_buffer(xprt), (u_int)su->su_iosz,
XDR_DECODE);
@@ -149,16 +149,19 @@
=20
slen =3D sizeof ss;
if (getsockname(fd, (struct sockaddr *)(void *)&ss, &slen) < 0)
- goto freedata;
+ goto outofmem;
xprt->xp_ltaddr.buf =3D mem_alloc(sizeof (struct sockaddr_storage));
xprt->xp_ltaddr.maxlen =3D sizeof (struct sockaddr_storage);
xprt->xp_ltaddr.len =3D slen;
memcpy(xprt->xp_ltaddr.buf, &ss, slen);
=20
- xprt_register(xprt);
+ if (!xprt_register(xprt))
+ goto freedata;
return (xprt);
-freedata:
+
+outofmem:
(void) warnx(svc_dg_str, __no_mem_str);
+freedata:
if (xprt) {
if (su)
(void) mem_free(su, sizeof (*su));
diff -ru original/lib/libc/rpc/svc_raw.c src/lib/libc/rpc/svc_raw.c
--- original/lib/libc/rpc/svc_raw.c Tue Mar 20 18:14:50 2012
+++ src/lib/libc/rpc/svc_raw.c Mon Mar 4 12:21:49 2013
@@ -117,7 +117,8 @@
svc_raw_ops(&srp->server);
srp->server.xp_verf.oa_base =3D srp->verf_body;
xdrmem_create(&srp->xdr_stream, srp->raw_buf, UDPMSGSIZE, XDR_DECODE);
- xprt_register(&srp->server);
+ if (!xprt_register(&srp->server))
+ goto out;
mutex_unlock(&svcraw_lock);
return (&srp->server);
out:
diff -ru original/lib/libc/rpc/svc_vc.c src/lib/libc/rpc/svc_vc.c
--- original/lib/libc/rpc/svc_vc.c Tue Feb 26 21:55:26 2013
+++ src/lib/libc/rpc/svc_vc.c Mon Mar 4 14:16:50 2013
@@ -188,7 +188,8 @@
memcpy(xprt->xp_ltaddr.buf, &sslocal, (size_t)sslocal.ss_len);
=20
xprt->xp_rtaddr.maxlen =3D sizeof (struct sockaddr_storage);
- xprt_register(xprt);
+ if (!xprt_register(xprt))
+ goto cleanup_svc_vc_create;
return xprt;
cleanup_svc_vc_create:
if (xprt)
@@ -268,11 +269,11 @@
=20
xprt =3D mem_alloc(sizeof(SVCXPRT));
if (xprt =3D=3D NULL)
- goto out;
+ goto outofmem;
memset(xprt, 0, sizeof *xprt);
cd =3D mem_alloc(sizeof(struct cf_conn));
if (cd =3D=3D NULL)
- goto out;
+ goto outofmem;
cd->strm_stat =3D XPRT_IDLE;
xdrrec_create(&(cd->xdrs), sendsize, recvsize,
(caddr_t)(void *)xprt, read_vc, write_vc);
@@ -283,12 +284,15 @@
xprt->xp_fd =3D fd;
if (__rpc_fd2sockinfo(fd, &si) && __rpc_sockinfo2netid(&si, &netid))
if ((xprt->xp_netid =3D strdup(netid)) =3D=3D NULL)
- goto out;
+ goto outofmem;
=20
- xprt_register(xprt);
+ if (!xprt_register(xprt))
+ goto out;
return xprt;
-out:
+
+outofmem:
warn("svc_tcp: makefd_xprt");
+out:
if (xprt)
mem_free(xprt, sizeof(SVCXPRT));
return NULL;
From: "Christos Zoulas" <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/47617 CVS commit: src
Date: Mon, 4 Mar 2013 12:29:03 -0500
Module Name: src
Committed By: christos
Date: Mon Mar 4 17:29:03 UTC 2013
Modified Files:
src/include/rpc: svc.h
src/lib/libc/rpc: rpc_soc.3 rpc_svc_reg.3 svc.c svc_dg.c svc_raw.c
svc_vc.c
Log Message:
PR/47617: Thorsten Brehm: Memory and socket leak in librpc
To generate a diff of this commit:
cvs rdiff -u -r1.24 -r1.25 src/include/rpc/svc.h
cvs rdiff -u -r1.13 -r1.14 src/lib/libc/rpc/rpc_soc.3
cvs rdiff -u -r1.9 -r1.10 src/lib/libc/rpc/rpc_svc_reg.3
cvs rdiff -u -r1.31 -r1.32 src/lib/libc/rpc/svc.c
cvs rdiff -u -r1.14 -r1.15 src/lib/libc/rpc/svc_dg.c
cvs rdiff -u -r1.22 -r1.23 src/lib/libc/rpc/svc_raw.c
cvs rdiff -u -r1.27 -r1.28 src/lib/libc/rpc/svc_vc.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->feedback
State-Changed-By: wiz@NetBSD.org
State-Changed-When: Mon, 04 Mar 2013 22:05:53 +0000
State-Changed-Why:
Christos committed your fix, fine now?
From: Thorsten Brehm <tbrehm@dspace.de>
To: "gnats-bugs@NetBSD.org" <gnats-bugs@NetBSD.org>
Cc:
Subject: RE: lib/47617 (Memory and socket leak in librpc)
Date: Tue, 5 Mar 2013 15:34:12 +0000
I can confirm it's working with latest trunk now, including the new error m=
essage, i.e.
xprt_register: socket descriptor 256 too large for setsize 256
Thanks for taking care of this!
Thorsten
State-Changed-From-To: feedback->closed
State-Changed-By: christos@NetBSD.org
State-Changed-When: Tue, 05 Mar 2013 11:31:34 -0500
State-Changed-Why:
submitter verified it is fixed.
From: Takahiro Kambe <taca@back-street.net>
To: gnats-bugs@NetBSD.org, christos@NetBSD.org
Cc:
Subject: Re: lib/47617 (Memory and socket leak in librpc)
Date: Wed, 06 Mar 2013 09:24:53 +0900 (JST)
In message <20130305163138.B091E63EDA0@www.NetBSD.org>
on Tue, 5 Mar 2013 16:31:38 +0000 (UTC),
christos@NetBSD.org wrote:
> Synopsis: Memory and socket leak in librpc
>
> State-Changed-From-To: feedback->closed
> State-Changed-By: christos@NetBSD.org
> State-Changed-When: Tue, 05 Mar 2013 11:31:34 -0500
> State-Changed-Why:
> submitter verified it is fixed.
Shouldn't it be pulled up to netbsd-6* branches?
--
Takahiro Kambe <taca@back-street.net>
From: christos@zoulas.com (Christos Zoulas)
To: Takahiro Kambe <taca@back-street.net>, gnats-bugs@NetBSD.org
Cc:
Subject: Re: lib/47617 (Memory and socket leak in librpc)
Date: Tue, 5 Mar 2013 20:09:50 -0500
On Mar 6, 9:24am, taca@back-street.net (Takahiro Kambe) wrote:
-- Subject: Re: lib/47617 (Memory and socket leak in librpc)
| Shouldn't it be pulled up to netbsd-6* branches?
It's a little complicated, but sure.
christos
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.