This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] Increase limits on xdr_ requests

From: "Carlos O'Donell" <carlos at redhat dot com>
To: pfrankli at redhat dot com
Cc: libc-alpha at sourceware dot org, "Carlos O'Donell" <codonell at redhat dot com>
Date: Thu, 30 May 2013 16:14:41 -0400
Subject: Re: [PATCH] Increase limits on xdr_ requests
References: <51A7AD72 dot 5070201 at redhat dot com>

On 05/30/2013 03:50 PM, Patsy Franklin wrote:
> A previous patch to set reasonable limits on xdr_
> requests proved too restrictive for some users.
> 
> This patch increases limits on xdr_ requests based on
> user feedback.

It was in 2.17 when we reduced the limits down to the YP* values.
Therefore this is a publicly visible change in behaviour and
as such requires you to:

(a) File a bug in sourceware.org/bugzilla against the glibc component.

> 2013-05-30  Patsy Franklin  <pfrankli@redhat.com>

(b) Add "\t[BZ #XXXX]" here.

(c) Close the bug once you check this, and make sure to update NEWS
    with the fixed bug number.
 
>     * nis/yp_xdr.c (XDRMAXNAME): Define.
>     (XDRMAXRECORD): Define.
>     (xdr_domainname): Use XDRMAXNAME.
>     (xdr_mapname): Likewise.
>     (xdr_peername): Likewise.
>     (xdr_keydat): Use XDRMAXRECORD.
>     (xdr_valdat): Likewise.

The rest of the patch looks good to me.

> yp_xdr.patch
> 
> 
> diff --git a/nis/yp_xdr.c b/nis/yp_xdr.c
> index 4188506..e67652f 100644
> --- a/nis/yp_xdr.c
> +++ b/nis/yp_xdr.c
> @@ -32,6 +32,14 @@
>  #include <rpcsvc/yp.h>
>  #include <rpcsvc/ypclnt.h>
>  
> +/* The NIS v2 protocol suggests 1024 bytes as a maximum length of all fields. 
> +   Current Linux systems don't use this limit. To remain compatible with
> +   recent Linux systems we choose limits large enough to load large key and 
> +   data values, but small enough to not pose a DoS threat. */
> +
> +#define XDRMAXNAME 1024
> +#define XDRMAXRECORD (16 * 1024 * 1024)
> +
>  bool_t
>  xdr_ypstat (XDR *xdrs, ypstat *objp)
>  {
> @@ -49,21 +57,21 @@ libnsl_hidden_def (xdr_ypxfrstat)
>  bool_t
>  xdr_domainname (XDR *xdrs, domainname *objp)
>  {
> -  return xdr_string (xdrs, objp, YPMAXDOMAIN);
> +  return xdr_string (xdrs, objp, XDRMAXNAME);
>  }
>  libnsl_hidden_def (xdr_domainname)
>  
>  bool_t
>  xdr_mapname (XDR *xdrs, mapname *objp)
>  {
> -  return xdr_string (xdrs, objp, YPMAXMAP);
> +  return xdr_string (xdrs, objp, XDRMAXNAME);
>  }
>  libnsl_hidden_def (xdr_mapname)
>  
>  bool_t
>  xdr_peername (XDR *xdrs, peername *objp)
>  {
> -  return xdr_string (xdrs, objp, YPMAXPEER);
> +  return xdr_string (xdrs, objp, XDRMAXNAME);
>  }
>  libnsl_hidden_def (xdr_peername)
>  
> @@ -71,7 +79,7 @@ bool_t
>  xdr_keydat (XDR *xdrs, keydat *objp)
>  {
>    return xdr_bytes (xdrs, (char **) &objp->keydat_val,
> -		    (u_int *) &objp->keydat_len, YPMAXRECORD);
> +		    (u_int *) &objp->keydat_len, XDRMAXRECORD);
>  }
>  libnsl_hidden_def (xdr_keydat)
>  
> @@ -79,7 +87,7 @@ bool_t
>  xdr_valdat (XDR *xdrs, valdat *objp)
>  {
>    return xdr_bytes (xdrs, (char **) &objp->valdat_val,
> -		    (u_int *) &objp->valdat_len, YPMAXRECORD);
> +		    (u_int *) &objp->valdat_len, XDRMAXRECORD);
>  }
>  libnsl_hidden_def (xdr_valdat)
>  

Cheers,
CArlos.

References:
- [PATCH] Increase limits on xdr_ requests
  - From: Patsy Franklin

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]