In the past, rpc.statd posted SM_NOTIFY requests using the same socket it used for sending downcalls to the kernel. To receive replies from remote hosts, the socket was bound to INADDR_ANY. With commit f113db52 "Remove notify functionality from statd in favour of sm-notify" (Mar 20, 2007), the downcall socket is no longer used for sending requests to remote hosts. However, the downcall socket is still bound to INADDR_ANY. This means that any remote host can inject data on this socket, since it is an unconnected UDP socket listening for RPC replies. To prevent unwanted data injection, bind this socket to loopback instead. BugLink: https://bugzilla.linux-nfs.org/show_bug.cgi?id=177 Signed-off-by: Chuck Lever <chuck.lever@xxxxxxxxxx> --- This proposed fix hasn't yet been thoroughly tested. Comments? utils/statd/rmtcall.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/utils/statd/rmtcall.c b/utils/statd/rmtcall.c index 0e52fe2..4ecb03c 100644 --- a/utils/statd/rmtcall.c +++ b/utils/statd/rmtcall.c @@ -85,7 +85,7 @@ statd_get_socket(void) memset(&sin, 0, sizeof(sin)); sin.sin_family = AF_INET; - sin.sin_addr.s_addr = INADDR_ANY; + sin.sin_addr.s_addr = htonl(INADDR_LOOPBACK); if (bindresvport(sockfd, &sin) < 0) { xlog(D_GENERAL, "%s: can't bind to reserved port", -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
