inetd bug

Wed Nov 5 00:40:31 PST 2008

Cathey, Jim schrieb:
> I _believe_ (and this was done some time ago,
> so my memory is spotty) that it was when the
> value of maxsock was -1 (zero services in table),
> that when casted to an rlim_t it turned into a
> very large positive number, which meant the
> conditional passed when it shouldn't.  My
> solution, for us using MIPS32, was to reverse
> the cast and convert the rlim_t'd doodad to int,
> whereupon the conditional worked as needed.  I
> do not claim that it was a correct fix, merely
> an adequate one for us at the time.

you are right according to specs here:
http://www.opengroup.org/onlinepubs/009695399/functions/xsh_chap02_12.html
rlim_t is a "Unsigned integer type" what make -1 a bad marker.

we need to fix that too.

re,
 wh

> It was an extremely easy problem to provoke,
> all you need is an inetd.conf that has only
> one service in it.  Comment it out, HUP,
> comment it back in, HUP again, and see that
> the service doesn't come back.
> 
> -- Jim
> 
> 
> 
> -----Original Message-----
> From: walter harms [mailto:wharms at bfs.de] 
> Sent: Tuesday, November 04, 2008 10:46 AM
> To: Cathey, Jim
> Cc: busybox at busybox.net
> Subject: Re: inetd bug
> 
> 
> 
> Cathey, Jim schrieb:
>> We've been using BB, and found that when we had an /etc/inetd.conf
>> file with only one service in it, said service being commented in
>> and out as it was enabled/disabled by the system (along with a HUP
>> to inetd), that the lone service could not re-enable.  I tracked it
>> down to a bug where the maxsock variable wasn't being used correctly.
>> (As I recall, we also had some variable typing problems, so I changed
>> two casts as well.  This was with MIPS32.)  Enclosed are the patches.
>> The same problem was in 1.10.2, and 1.11.1 that we're using now.
>>
>> -- Jim Cathey
>>
>> diff -Naur obusybox-1.10.2/networking/inetd.c
>> busybox-1.10.2/networking/inetd.c
>> --- obusybox-1.10.2/networking/inetd.c	2008-04-18
> 23:50:27.000000000
>> -0400
>> +++ busybox-1.10.2/networking/inetd.c	2008-10-16 11:00:25.000000000
>> -0400
>> @@ -341,6 +341,7 @@
>>  #define INIT_G() do { \
>>  	rlim_ofile_cur = OPEN_MAX; \
>>  	global_queuelen = 128; \
>> +	maxsock = prev_maxsock = -1; \
>>  	config_filename = "/etc/inetd.conf"; \
>>  } while (0)
>>  
>> @@ -459,9 +460,9 @@
>>  {
>>  	if (fd >= 0) {
>>  		FD_SET(fd, &allsock);
>> -		if (maxsock >= 0 && fd > maxsock) {
>> +		if (fd > maxsock) {
>>  			prev_maxsock = maxsock = fd;
>> -			if ((rlim_t)maxsock > rlim_ofile_cur -
>> FD_MARGIN)
>> +			if (maxsock > (int)rlim_ofile_cur - FD_MARGIN)
>>  				bump_nofile();
>>  		}
>>  	}
>> @@ -476,7 +477,7 @@
>>  		fd++;
>>  	}
>>  	prev_maxsock = maxsock;
>> -	if ((rlim_t)maxsock > rlim_ofile_cur - FD_MARGIN)
>> +        if (maxsock > (int)rlim_ofile_cur - FD_MARGIN)
>>  		bump_nofile();
>>  }
>>
> 
> you changed (rlim_t) -> (int) this seems dangerous since rlim_t can be
> 64bit.
> what problem does it solve ?
> 
> re,
>  wh
> 
> 
> 