Bug 2150611

Summary: getnetconfig.c: Improper waiting time on a proper value for getnetconfigent()
Product: Red Hat Enterprise Linux 9 Reporter: Zhi Li <yieli>
Component: libtirpcAssignee: Steve Dickson <steved>
Status: CLOSED ERRATA QA Contact: Zhi Li <yieli>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 9.3CC: xzhou, yoyang
Target Milestone: rcKeywords: Patch, Triaged
Target Release: ---Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libtirpc-1.3.3-2.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-11-07 08:55:04 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Zhi Li 2022-12-04 12:56:04 UTC 
Description of problem:

By adapting CodeChecker for libtirpc related tests, it complains an improper waiting time for function getnetconfigent with a valid input value, either it should be treated as a wrong input or just take it as a proper value without sleeping:

 419 struct netconfig *
 420 getnetconfigent(netid)
 421         const char *netid;
 422 {
 423     FILE *file;         /* NETCONFIG db's file pointer */
 424     char *linep;        /* holds current netconfig line */
 425     char *stringp;      /* temporary string pointer */
 426     struct netconfig *ncp = NULL;   /* returned value */
 427     struct netconfig_list *list;        /* pointer to cache list */
 428 
 429     nc_error = NC_NOTFOUND;     /* default error. */
 430     if (netid == NULL || strlen(netid) == 0) {
 431         return (NULL);
 432     }
 433 
 434     if (strcmp(netid, "unix") == 0) {
 435         fprintf(stderr, "The local transport is called \"unix\" ");
 436         fprintf(stderr, "in /etc/netconfig.\n");
 437         fprintf(stderr, "Please change this to \"local\" manually ");
 438         fprintf(stderr, "or run mergemaster(8).\n");
 439         fprintf(stderr, "See UPDATING entry 20021216 for details.\n");
 440         fprintf(stderr, "Continuing in 10 seconds\n\n");
 441         fprintf(stderr, "This warning will be removed 20030301\n");
 442         sleep(10);
 443 
 444     }

http://git.linux-nfs.org/?p=steved/libtirpc.git;a=blob;f=src/getnetconfig.c;h=cfd33c24523be2f327a1ac1d3b2116556f591b99;hb=HEAD#l442


Version-Release number of selected component (if applicable):
libtirpc-1.3.3-1.el9
Comment 1 Steve Dickson 2023-01-11 16:24:24 UTC 
commit f7f0abdf267698de3f74a0285405b1b01f40893b
Author: Zhi Li <yieli>
Date:   Wed Jan 11 11:19:31 2023 -0500

    getnetconfigent: avoid potential DoS issue by removing unnecessary sleep
Comment 20 errata-xmlrpc 2023-11-07 08:55:04 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (libtirpc bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:6656