| Summary: | limits on xdr_ requests are too restrictive | ||
|---|---|---|---|
| Product: | glibc | Reporter: | Patsy Franklin <pfrankli> |
| Component: | nis | Assignee: | Not yet assigned to anyone <unassigned> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | kukuk, pfrankli |
| Priority: | P2 | Flags: | fweimer:
security-
|
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Host: | Target: | ||
| Build: | Last reconfirmed: | ||
|
Description
Patsy Franklin
2013-05-30 20:18:02 UTC
A recent patch to set reasonable limits on xdr requests proved to be too restictive for some users, potentially causing ypcat to give rpc errors. How reproducible: Always Steps to reproduce: 1. add a very long group record into /etc/group (longer than 1024B), e.g.: foo:x:10000:bar1,bar2,bar3, ... ,bar999 2. add --no-limit-check option to makedbm command in /var/yp/Makefile, since otherwise lines longer than 1024B are ignored, but we need to add them to map file: -DBLOAD = $(YPBINDIR)/makedbm -c -m `$(YPBINDIR)/yphelper --hostname` +DBLOAD = $(YPBINDIR)/makedbm --no-limit-check -c -m `$(YPBINDIR)/yphelper --hostname` 3. rebuild maps: # cd /var/yp # make 4. # systemctl restart ypserv ypbind (while ypbind is configured to use ypserv running on localhost) 5. # ypcat group.byname Actual results: ... yp_all: clnt_call: RPC: Can't decode result No such map group.byname. Reason: RPC failure on NIS operation Some groups are returned but the list is cut short with the error message above Expected results: All groups are returned. Fixed. commit eca5920cd90093d8921f27bfbf7bcf54807165bb Resolved/Fixed: commit eca5920cd90093d8921f27bfbf7bcf54807165bb |