Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 859634 (CVE-2021-46828)

Summary: <net-libs/libtirpc-1.3.2-r1: infinite loop without accepting new connections causing DoS (CVE-2021-46828)
Product: Gentoo Security Reporter: filip ambroz <filip.ambroz>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: base-system
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=86529758570cef4c73fb9b9c4104fdc510f701ed
Whiteboard: A3 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 872740    
Bug Blocks:    

Description filip ambroz 2022-07-21 08:42:27 UTC 
Currently svc_run does not handle poll timeout and rendezvous_request
does not handle EMFILE error returned from accept(2 as it used to.
These two missing functionality were removed by commit b2c9430f46c4.

The effect of not handling poll timeout allows idle TCP conections
to remain ESTABLISHED indefinitely. When the number of connections
reaches the limit of the open file descriptors (ulimit -n) then
accept(2) fails with EMFILE. Since there is no handling of EMFILE
error this causes svc_run() to get in a tight loop calling accept(2).
This resulting in the RPC service of svc_run is being down, it's
no longer able to service any requests.

RPC service rpcbind, statd and mountd are effected by this
problem.
Comment 1 Larry the Git Cow gentoo-dev 2022-07-24 00:38:34 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=15f37371c962d5d28081841062dcf925c6a0914c

commit 15f37371c962d5d28081841062dcf925c6a0914c
Author:     Mike Gilbert <floppym@gentoo.org>
AuthorDate: 2022-07-24 00:36:45 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2022-07-24 00:38:21 +0000

    net-libs/libtirpc: backport security fixes
    
    Bug: https://bugs.gentoo.org/859634
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 net-libs/libtirpc/files/libtirpc-1.3.2-dos.patch   | 178 +++++++++++++++++++++
 .../files/libtirpc-1.3.2-memory-leak.patch         |  52 ++++++
 .../files/libtirpc-1.3.2-use-after-free.patch      |  31 ++++
 net-libs/libtirpc/libtirpc-1.3.2-r1.ebuild         |  65 ++++++++
 4 files changed, 326 insertions(+)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-07-24 13:38:45 UTC 
Thanks! Please stable when ready
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-10-22 01:46:19 UTC 
GLSA request filed.
Comment 4 Larry the Git Cow gentoo-dev 2022-10-22 03:01:21 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=22ebc6760d7a291af7777ec88b0308d009834988

commit 22ebc6760d7a291af7777ec88b0308d009834988
Author:     Mike Gilbert <floppym@gentoo.org>
AuthorDate: 2022-10-22 03:00:09 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2022-10-22 03:00:09 +0000

    net-libs/libtirpc: drop 1.3.2, 1.3.2-r1
    
    Bug: https://bugs.gentoo.org/859634
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 net-libs/libtirpc/Manifest                         |   1 -
 net-libs/libtirpc/files/libtirpc-1.3.2-dos.patch   | 178 ---------------------
 .../files/libtirpc-1.3.2-memory-leak.patch         |  52 ------
 .../files/libtirpc-1.3.2-use-after-free.patch      |  31 ----
 net-libs/libtirpc/libtirpc-1.3.2-r1.ebuild         |  65 --------
 net-libs/libtirpc/libtirpc-1.3.2.ebuild            |  60 -------
 6 files changed, 387 deletions(-)
Comment 5 Larry the Git Cow gentoo-dev 2022-10-31 01:42:01 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=a0617dfad9db92277e77c4ae6d40c06fd18b1314

commit a0617dfad9db92277e77c4ae6d40c06fd18b1314
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-10-31 01:30:06 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-10-31 01:40:17 +0000

    [ GLSA 202210-33 ] Libtirpc: Denial of Service
    
    Bug: https://bugs.gentoo.org/859634
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202210-33.xml | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)
Comment 6 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-10-31 02:17:42 UTC 
GLSA released, all done!