Currently svc_run does not handle poll timeout and rendezvous_request does not handle EMFILE error returned from accept(2 as it used to. These two missing functionality were removed by commit b2c9430f46c4. The effect of not handling poll timeout allows idle TCP conections to remain ESTABLISHED indefinitely. When the number of connections reaches the limit of the open file descriptors (ulimit -n) then accept(2) fails with EMFILE. Since there is no handling of EMFILE error this causes svc_run() to get in a tight loop calling accept(2). This resulting in the RPC service of svc_run is being down, it's no longer able to service any requests. RPC service rpcbind, statd and mountd are effected by this problem.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=15f37371c962d5d28081841062dcf925c6a0914c commit 15f37371c962d5d28081841062dcf925c6a0914c Author: Mike Gilbert <floppym@gentoo.org> AuthorDate: 2022-07-24 00:36:45 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2022-07-24 00:38:21 +0000 net-libs/libtirpc: backport security fixes Bug: https://bugs.gentoo.org/859634 Signed-off-by: Mike Gilbert <floppym@gentoo.org> net-libs/libtirpc/files/libtirpc-1.3.2-dos.patch | 178 +++++++++++++++++++++ .../files/libtirpc-1.3.2-memory-leak.patch | 52 ++++++ .../files/libtirpc-1.3.2-use-after-free.patch | 31 ++++ net-libs/libtirpc/libtirpc-1.3.2-r1.ebuild | 65 ++++++++ 4 files changed, 326 insertions(+)
Thanks! Please stable when ready
GLSA request filed.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=22ebc6760d7a291af7777ec88b0308d009834988 commit 22ebc6760d7a291af7777ec88b0308d009834988 Author: Mike Gilbert <floppym@gentoo.org> AuthorDate: 2022-10-22 03:00:09 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2022-10-22 03:00:09 +0000 net-libs/libtirpc: drop 1.3.2, 1.3.2-r1 Bug: https://bugs.gentoo.org/859634 Signed-off-by: Mike Gilbert <floppym@gentoo.org> net-libs/libtirpc/Manifest | 1 - net-libs/libtirpc/files/libtirpc-1.3.2-dos.patch | 178 --------------------- .../files/libtirpc-1.3.2-memory-leak.patch | 52 ------ .../files/libtirpc-1.3.2-use-after-free.patch | 31 ---- net-libs/libtirpc/libtirpc-1.3.2-r1.ebuild | 65 -------- net-libs/libtirpc/libtirpc-1.3.2.ebuild | 60 ------- 6 files changed, 387 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=a0617dfad9db92277e77c4ae6d40c06fd18b1314 commit a0617dfad9db92277e77c4ae6d40c06fd18b1314 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-10-31 01:30:06 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-31 01:40:17 +0000 [ GLSA 202210-33 ] Libtirpc: Denial of Service Bug: https://bugs.gentoo.org/859634 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202210-33.xml | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+)
GLSA released, all done!