RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 2150611 - getnetconfig.c: Improper waiting time on a proper value for getnetconfigent()
Summary: getnetconfig.c: Improper waiting time on a proper value for getnetconfigent()
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: libtirpc
Version: 9.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Steve Dickson
QA Contact: Zhi Li
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-12-04 12:56 UTC by Zhi Li
Modified: 2023-11-07 11:35 UTC (History)
2 users (show)

Fixed In Version: libtirpc-1.3.3-2.el9
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-11-07 08:55:04 UTC
Type: Bug
Target Upstream Version:
Embargoed:
pm-rhel: mirror+

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHELPLAN-141249 0 None None None 2022-12-04 13:40:07 UTC
Red Hat Product Errata RHBA-2023:6656 0 None None None 2023-11-07 08:55:06 UTC

Description Zhi Li 2022-12-04 12:56:04 UTC 
Description of problem:

By adapting CodeChecker for libtirpc related tests, it complains an improper waiting time for function getnetconfigent with a valid input value, either it should be treated as a wrong input or just take it as a proper value without sleeping:

 419 struct netconfig *
 420 getnetconfigent(netid)
 421         const char *netid;
 422 {
 423     FILE *file;         /* NETCONFIG db's file pointer */
 424     char *linep;        /* holds current netconfig line */
 425     char *stringp;      /* temporary string pointer */
 426     struct netconfig *ncp = NULL;   /* returned value */
 427     struct netconfig_list *list;        /* pointer to cache list */
 428 
 429     nc_error = NC_NOTFOUND;     /* default error. */
 430     if (netid == NULL || strlen(netid) == 0) {
 431         return (NULL);
 432     }
 433 
 434     if (strcmp(netid, "unix") == 0) {
 435         fprintf(stderr, "The local transport is called \"unix\" ");
 436         fprintf(stderr, "in /etc/netconfig.\n");
 437         fprintf(stderr, "Please change this to \"local\" manually ");
 438         fprintf(stderr, "or run mergemaster(8).\n");
 439         fprintf(stderr, "See UPDATING entry 20021216 for details.\n");
 440         fprintf(stderr, "Continuing in 10 seconds\n\n");
 441         fprintf(stderr, "This warning will be removed 20030301\n");
 442         sleep(10);
 443 
 444     }

http://git.linux-nfs.org/?p=steved/libtirpc.git;a=blob;f=src/getnetconfig.c;h=cfd33c24523be2f327a1ac1d3b2116556f591b99;hb=HEAD#l442


Version-Release number of selected component (if applicable):
libtirpc-1.3.3-1.el9
Comment 1 Steve Dickson 2023-01-11 16:24:24 UTC 
commit f7f0abdf267698de3f74a0285405b1b01f40893b
Author: Zhi Li <yieli>
Date:   Wed Jan 11 11:19:31 2023 -0500

    getnetconfigent: avoid potential DoS issue by removing unnecessary sleep
Comment 20 errata-xmlrpc 2023-11-07 08:55:04 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (libtirpc bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:6656
Note You need to log in before you can comment on or make changes to this bug.