This is the mail archive of the
libc-alpha@sources.redhat.com
mailing list for the glibc project.
Threading bug in sunrpc/auth_none.c
- From: Zack Weinberg <zack at codesourcery dot com>
- To: libc-alpha at sources dot redhat dot com
- Date: Thu, 11 Apr 2002 15:12:32 -0700
- Subject: Threading bug in sunrpc/auth_none.c
sunrpc/auth_none.c contains static private data, which is initialized
once per calling thread by authnone_create(). authnone_marshal
accesses this data by the per-thread data pointer. Therefore, if
authnone_create() is called (probably by clnt*_create()) in one
thread, and the resulting CLIENT structure is used in a clnt_call()
operation in another thread, authnone_marshal() will fail and you'll
get a spurious RPC_CANTENCODEARGS error.
There are two fixes for the bug.
(1) authnone_create returns a pointer to the private data (cast to
AUTH*) and authnone_marshal receives that pointer as its first
argument. Therefore, it can cast it back to (struct
authnone_private_s *) and use that instead.
(2) There is no reason for each thread to have its own copy of the
private data; it's initialized once, never again modified, and
contains no information that might need to vary across threads.
Therefore, change authnone_create to use __libc_once() instead of
RPC_THREAD_VARIABLES.
Either is sufficient, but I think it's appropriate to do both, so
that's what you get in the appended patch. Also, I made the structure
static data, thus eliminating the possibility of malloc failure.
I have not audited the other rpc_thread_variables members for
analogous problems, but I think that would be worth doing.
I do not know if removing entries from struct rpc_thread_variables
causes binary compatibility problems; I hope not.
zw
* include/rpc/rpc.h (struct rpc_thread_variables): Remove
authnone_private_s.
* sunrpc/auth_none.c: Include bits/libc-lock.h.
Delete #ifdef _RPC_THREAD_SAFE_ block.
(authnone_private): Make a struct, not a pointer to struct.
(authnone_private_guard): New once-control variable.
(authnone_create_once): New function, split out of
authnone_create. No need to allocate memory.
(authnone_create): Just call authnone_create_once via
__libc_once, then return &authnone_private->no_client.
(authnone_marshal): Access private data via CLIENT argument,
not authnone_private pointer.
Fix typo (MAX_MARSHEL_SIZE -> MAX_MARSHAL_SIZE).
* sunrpc/rpc_thread.c (__rpc_thread_destroy): No need to free
authnone_private_s.
===================================================================
Index: include/rpc/rpc.h
--- include/rpc/rpc.h 26 Mar 2001 05:11:32 -0000 1.4
+++ include/rpc/rpc.h 11 Apr 2002 22:11:39 -0000
@@ -16,8 +16,6 @@ struct rpc_thread_variables {
struct pollfd *svc_pollfd_s; /* Global, rpc_common.c */
int svc_max_pollfd_s; /* Global, rpc_common.c */
- void *authnone_private_s; /* auth_none.c */
-
void *clnt_perr_buf_s; /* clnt_perr.c */
void *clntraw_private_s; /* clnt_raw.c */
===================================================================
Index: sunrpc/auth_none.c
--- sunrpc/auth_none.c 26 Feb 2002 01:43:56 -0000 1.7
+++ sunrpc/auth_none.c 11 Apr 2002 22:11:39 -0000
@@ -36,8 +36,9 @@
*/
#include <rpc/rpc.h>
+#include <bits/libc-lock.h>
-#define MAX_MARSHEL_SIZE 20
+#define MAX_MARSHAL_SIZE 20
/*
* Authenticator operations routines
@@ -56,54 +57,54 @@ static struct auth_ops ops = {
authnone_destroy
};
+/* Internal data and routines */
+
struct authnone_private_s {
AUTH no_client;
- char marshalled_client[MAX_MARSHEL_SIZE];
+ char marshalled_client[MAX_MARSHAL_SIZE];
u_int mcnt;
};
-#ifdef _RPC_THREAD_SAFE_
-#define authnone_private ((struct authnone_private_s *)RPC_THREAD_VARIABLE(authnone_private_s))
-#else
-static struct authnone_private_s *authnone_private;
-#endif
-AUTH *
-authnone_create (void)
+static struct authnone_private_s authnone_private;
+__libc_once_define(static, authnone_private_guard);
+
+static void authnone_create_once (void);
+
+static void
+authnone_create_once (void)
{
struct authnone_private_s *ap;
XDR xdr_stream;
XDR *xdrs;
- ap = (struct authnone_private_s *) authnone_private;
- if (ap == NULL)
- {
- ap = (struct authnone_private_s *) calloc (1, sizeof (*ap));
- if (ap == NULL)
- return NULL;
- authnone_private = ap;
- }
- if (!ap->mcnt)
- {
- ap->no_client.ah_cred = ap->no_client.ah_verf = _null_auth;
- ap->no_client.ah_ops = &ops;
- xdrs = &xdr_stream;
- INTUSE(xdrmem_create) (xdrs, ap->marshalled_client,
- (u_int) MAX_MARSHEL_SIZE, XDR_ENCODE);
- (void) INTUSE(xdr_opaque_auth) (xdrs, &ap->no_client.ah_cred);
- (void) INTUSE(xdr_opaque_auth) (xdrs, &ap->no_client.ah_verf);
- ap->mcnt = XDR_GETPOS (xdrs);
- XDR_DESTROY (xdrs);
- }
- return (&ap->no_client);
+ ap = &authnone_private;
+
+ ap->no_client.ah_cred = ap->no_client.ah_verf = _null_auth;
+ ap->no_client.ah_ops = &ops;
+ xdrs = &xdr_stream;
+ INTUSE(xdrmem_create) (xdrs, ap->marshalled_client,
+ (u_int) MAX_MARSHAL_SIZE, XDR_ENCODE);
+ (void) INTUSE(xdr_opaque_auth) (xdrs, &ap->no_client.ah_cred);
+ (void) INTUSE(xdr_opaque_auth) (xdrs, &ap->no_client.ah_verf);
+ ap->mcnt = XDR_GETPOS (xdrs);
+ XDR_DESTROY (xdrs);
+}
+
+AUTH *
+authnone_create (void)
+{
+ __libc_once (authnone_private_guard, authnone_create_once);
+ return &authnone_private.no_client;
}
-/*ARGSUSED */
static bool_t
authnone_marshal (AUTH *client, XDR *xdrs)
{
struct authnone_private_s *ap;
- ap = (struct authnone_private_s *) authnone_private;
+ /* authnone_create returned authnone_private->no_client, which is
+ the first field of struct authnone_private_s. */
+ ap = (struct authnone_private_s *) client;
if (ap == NULL)
return FALSE;
return (*xdrs->x_ops->x_putbytes) (xdrs, ap->marshalled_client, ap->mcnt);
===================================================================
Index: sunrpc/rpc_thread.c
--- sunrpc/rpc_thread.c 17 May 2001 02:00:04 -0000 1.3
+++ sunrpc/rpc_thread.c 11 Apr 2002 22:11:39 -0000
@@ -26,7 +26,6 @@ __rpc_thread_destroy (void)
__rpc_thread_svc_cleanup ();
__rpc_thread_clnt_cleanup ();
__rpc_thread_key_cleanup ();
- free (tvp->authnone_private_s);
free (tvp->clnt_perr_buf_s);
free (tvp->clntraw_private_s);
free (tvp->svcraw_private_s);