Bug 211038 - security/xinetd: Broken with dgram udp services (e.g. tftpd, tftp-proxy)
Summary: security/xinetd: Broken with dgram udp services (e.g. tftpd, tftp-proxy)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Renato Botelho
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-07-12 16:23 UTC by Renato Botelho
Modified: 2016-09-06 16:55 UTC (History)
3 users (show)

See Also:
garga: merge-quarterly+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Renato Botelho freebsd_committer freebsd_triage 2016-07-12 16:23:18 UTC 
xinetd is not working on FreeBSD 10.3 and 12.0-CURRENT with dgram UDP services like tftp server or tftp-proxy.

Sample config:

service tftp
{
	disable = no
	port = 69
	socket_time = dgram
	protocol = udp
	wait = yes
	user = root
	group = wheel
	server = /usr/libexec/tftpd
	server_args = -d 15 -l -s /tftpboot
}

xinetd logs:

16/7/12@12:36:10: DEBUG: 15844 {main_loop} select returned 1
16/7/12@12:36:10: DEBUG: 15844 {svc_suspend} Suspended service tftp
16/7/12@12:36:10: DEBUG: 15844 {server_start} Starting service tftp
16/7/12@12:36:10: DEBUG: 15844 {main_loop} active_services = 0
16/7/12@12:36:10: DEBUG: 15845 {exec_server} duping 0
16/7/12@12:36:10: DEBUG: 15844 {main_loop} active_services = 0
16/7/12@12:36:10: DEBUG: 15844 {main_loop} select returned 1
16/7/12@12:36:10: DEBUG: 15844 {check_pipe} Got signal 20 (Child exited)
16/7/12@12:36:10: DEBUG: 15844 {child_exit} waitpid returned = 15845
16/7/12@12:36:10: DEBUG: 15844 {server_end} tftp server 15845 exited
16/7/12@12:36:10: DEBUG: 15844 {drain} UDP socket should be empty
16/7/12@12:36:10: DEBUG: 15844 {svc_resume} Resumed service tftp
16/7/12@12:36:10: DEBUG: 15844 {child_exit} waitpid returned = -1
16/7/12@12:36:10: DEBUG: 15844 {main_loop} active_services = 1

tftpd logs:

Jul 12 12:36:10 tp tftpd[15845]: recvfrom: Resource temporarily unavailable

tftp-proxy logs:

Jul 11 17:12:39 test-ce-23-amd64 tftp-proxy[38884]: setsockopt(IP_RECVDSTADDR): Protocol not available

It was first reported on pfSense, then I reproduced it on stock FreeBSD as well.

Ref: https://redmine.pfsense.org/issues/6315
Comment 1 Renato Botelho freebsd_committer freebsd_triage 2016-07-12 22:38:23 UTC 
More details I find out while investigating.

If xinetd is built WITHOUT option LIBWRAP, it didn't even execute tftpd and its logs says:

16/7/12@18:40:20: DEBUG: 29457 {main_loop} active_services = 1
16/7/12@18:40:24: DEBUG: 29457 {main_loop} select returned 1
16/7/12@18:40:24: DEBUG: 29457 {svc_suspend} Suspended service tftp
16/7/12@18:40:24: DEBUG: 29457 {server_start} Starting service tftp
16/7/12@18:40:24: DEBUG: 29457 {main_loop} active_services = 0
16/7/12@18:40:24: WARNING: 29458 {exec_server} fcntl( 0, clear close-on-exec ) failed: Bad file descriptor (errno = 9)
16/7/12@18:40:24: DEBUG: 29458 {exec_server} duping 0
16/7/12@18:40:24: ERROR: 29458 {exec_server} dup2( 0, 0 ) failed: Bad file descriptor (errno = 9)
16/7/12@18:40:24: DEBUG: 29457 {main_loop} active_services = 0
16/7/12@18:40:24: DEBUG: 29457 {main_loop} select returned 1
16/7/12@18:40:24: DEBUG: 29457 {check_pipe} Got signal 20 (Child exited)

If xinetd is built WITH LIBWRAP option ON, it calls tftpd and here are xinetd log:

Jul 12 17:31:31 cmbfbsd93 xinetd: warning: can't get client address: Bad file descriptor

Followed by tftpd error log:

Jul 12 17:31:31 cmbfbsd93 tftpd[65029]: recvfrom: Resource temporarily unavailable
Comment 2 Renato Botelho freebsd_committer freebsd_triage 2016-07-12 23:08:43 UTC 
More related info:

https://afnog.org/archives/2007-May/003244.html
https://lists.freebsd.org/pipermail/freebsd-hackers/2007-January/019394.html

Looks like it broke between FreeBSD 6.1 and 6.2
Comment 3 Renato Botelho freebsd_committer freebsd_triage 2016-07-13 19:54:11 UTC 
loos@ fixed it in pfSense:

https://github.com/pfsense/FreeBSD-ports/commit/eeb3abaa71905ccaec35b0bee7bc4dcc40cfc306
Comment 4 Luiz Otavio O Souza,+55 (14) 99772-1255 freebsd_committer freebsd_triage 2016-07-13 20:24:40 UTC 
There is also a PR for upstream: https://github.com/xinetd-org/xinetd/pull/22
Comment 5 Rene Ladan freebsd_committer freebsd_triage 2016-08-21 11:20:11 UTC 
maintainer reset
Comment 6 Renato Botelho freebsd_committer freebsd_triage 2016-08-22 11:07:50 UTC 
I'll handle it
Comment 7 commit-hook freebsd_committer freebsd_triage 2016-09-05 17:10:19 UTC 
A commit references this bug:

Author: garga
Date: Mon Sep  5 17:09:18 UTC 2016
New revision: 421378
URL: https://svnweb.freebsd.org/changeset/ports/421378

Log:
  Fix some edge cases in xinetd file descriptor handling

  This change fixes the case where the listening file descriptor is in 0~2
  range (easily reprodutible with a single UDP service)

  PR:		211038
  Obtained from:	pfSense
  MFH:		2016Q3
  Sponsored by:	Rubicon Communications (Netgate)

Changes:
  head/security/xinetd/Makefile
  head/security/xinetd/files/patch-xinetd_child.c
Comment 8 commit-hook freebsd_committer freebsd_triage 2016-09-06 16:49:44 UTC 
A commit references this bug:

Author: garga
Date: Tue Sep  6 16:49:01 UTC 2016
New revision: 421441
URL: https://svnweb.freebsd.org/changeset/ports/421441

Log:
  MFH: r421378

  Fix some edge cases in xinetd file descriptor handling

  This change fixes the case where the listening file descriptor is in 0~2
  range (easily reprodutible with a single UDP service)

  PR:		211038
  Obtained from:	pfSense
  Sponsored by:	Rubicon Communications (Netgate)
  Approved by:	ports-secteam (feld)

Changes:
_U  branches/2016Q3/
  branches/2016Q3/security/xinetd/Makefile
  branches/2016Q3/security/xinetd/files/patch-xinetd_child.c