netbsd-bugs: kern/1069: misc byte order bugs in nfs_boot.c and krpc

Subject: kern/1069: misc byte order bugs in nfs_boot.c and krpc_subr.c
To: None <gnats-admin@sun-lamp.cs.berkeley.edu>
From: None <jarle@idt.unit.no>
List: netbsd-bugs
Date: 05/19/1995 15:05:06
>Number:         1069
>Category:       kern
>Synopsis:       misc byte order bugs in nfs_boot.c and krpc_subr.c
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    kern-bug-people (Kernel Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri May 19 15:05:02 1995
>Originator:     jarle@idt.unit.no
>Organization:
Free Hardware Foundation, UnLtd.
>Release:        May 19th 1995
>Environment:
	
System: NetBSD ikke.idt.unit.no 1.0A NetBSD 1.0A (TEGGE) #3: Wed May 17 23:27:49 MET DST 1995 root@ikke.idt.unit.no:/usr/src/sys/arch/i386/compile/TEGGE i386


>Description:
When booting a little endian NetBSD kernel in a diskless configuration the
new boot code broadcasts bogus RPC requests to the network servers.  The
kernel code in question lacks a few calls to ntohl() and htonl().  Among
other things, IP-addresses and "forwarding volume" to the portmapper come
out wrong.  Presumably the code was developed and tested on a big endian
machine.... 

As a consequence of this behaviour we took down a whole subnet of Solaris
2.4 machines.  It seems that the rpcbind processes got themselves into a
state where they expected to forward more than 300MB of data to the client,
and they hung hard....

>How-To-Repeat:
Boot a diskless NetBSD kernel for a little endian architecture.  Snoop the
network with tcpdump or snoop, and verify that for each of the 4 words in
the xdr-encoding of an IP-address the bytes are in the wrong order. 
	
>Fix:
There may be more of these in there.  We just caught the ones necessary to
make our kernel boot.
						-jarle
----
we all hack on a broken subroutine, a broken subroutine, a broken subroutine...
					-- Kenneth Stailey

	
diff -c ../../../../nfs/krpc_subr.c ./krpc_subr.c
*** ../../../../nfs/krpc_subr.c	Tue Apr 25 12:22:11 1995
--- ./krpc_subr.c	Fri May 19 22:36:51 1995
***************
*** 522,531 ****
  	xi->atype = htonl(1);
  	ip = xi->addr;
  	cp = (u_char *)&ia->s_addr;
! 	*ip++ = *cp++;
! 	*ip++ = *cp++;
! 	*ip++ = *cp++;
! 	*ip++ = *cp++;
  
  	return (m);
  }
--- 522,531 ----
  	xi->atype = htonl(1);
  	ip = xi->addr;
  	cp = (u_char *)&ia->s_addr;
! 	*ip++ = htonl(*cp++);
! 	*ip++ = htonl(*cp++);
! 	*ip++ = htonl(*cp++);
! 	*ip++ = htonl(*cp++);
  
  	return (m);
  }
***************
*** 551,560 ****
  	}
  	ip = xi->addr;
  	cp = (u_char *)&ia->s_addr;
! 	*cp++ = *ip++;
! 	*cp++ = *ip++;
! 	*cp++ = *ip++;
! 	*cp++ = *ip++;
  
  out:
  	m_adj(m, sizeof(*xi));
--- 551,560 ----
  	}
  	ip = xi->addr;
  	cp = (u_char *)&ia->s_addr;
! 	*cp++ = ntohl(*ip++);
! 	*cp++ = ntohl(*ip++);
! 	*cp++ = ntohl(*ip++);
! 	*cp++ = ntohl(*ip++);
  
  out:
  	m_adj(m, sizeof(*xi));
diff -c ../../../../nfs/nfs_boot.c ./nfs_boot.c
*** ../../../../nfs/nfs_boot.c	Tue Apr 25 12:22:11 1995
--- ./nfs_boot.c	Fri May 19 22:42:46 1995
***************
*** 330,336 ****
  	 * append encapsulated data (client IP address)
  	 */
  	m->m_next = xdr_inaddr_encode(my_ip);
! 	call->call_arglen = m->m_next->m_len;
  
  	/* RPC: portmap/callit */
  	bpsin->sin_port = htons(PMAPPORT);
--- 330,336 ----
  	 * append encapsulated data (client IP address)
  	 */
  	m->m_next = xdr_inaddr_encode(my_ip);
! 	call->call_arglen = htonl(m->m_next->m_len);
  
  	/* RPC: portmap/callit */
  	bpsin->sin_port = htons(PMAPPORT);
>Audit-Trail:
>Unformatted: