diff options
author | Theo de Raadt <deraadt@cvs.openbsd.org> | 1997-04-27 22:23:34 +0000 |
---|---|---|
committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 1997-04-27 22:23:34 +0000 |
commit | fbce7a126561d050a2c04c38aeb9ab374cc0d565 (patch) | |
tree | 1c63b389391da36c14b1f4223228b085c1eceab7 /lib/libc/rpc | |
parent | e58197bd8638f4f1cb9d8677f759b1b36df27d83 (diff) |
re-randomize xid on reuse of a CLIENT *; pointed out by adam@math.tau.ac.il
Diffstat (limited to 'lib/libc/rpc')
-rw-r--r-- | lib/libc/rpc/clnt_tcp.c | 4 | ||||
-rw-r--r-- | lib/libc/rpc/clnt_udp.c | 10 |
2 files changed, 6 insertions, 8 deletions
diff --git a/lib/libc/rpc/clnt_tcp.c b/lib/libc/rpc/clnt_tcp.c index f23e97afb9b..387521d4063 100644 --- a/lib/libc/rpc/clnt_tcp.c +++ b/lib/libc/rpc/clnt_tcp.c @@ -28,7 +28,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: clnt_tcp.c,v 1.12 1997/01/02 09:21:01 deraadt Exp $"; +static char *rcsid = "$OpenBSD: clnt_tcp.c,v 1.13 1997/04/27 22:23:31 deraadt Exp $"; #endif /* LIBC_SCCS and not lint */ /* @@ -251,7 +251,7 @@ clnttcp_call(h, proc, xdr_args, args_ptr, xdr_results, results_ptr, timeout) call_again: xdrs->x_op = XDR_ENCODE; ct->ct_error.re_status = RPC_SUCCESS; - x_id = ntohl(--(*msg_x_id)); + x_id = *msg_x_id = arc4random(); if ((! XDR_PUTBYTES(xdrs, ct->ct_mcall, ct->ct_mpos)) || (! XDR_PUTLONG(xdrs, (long *)&proc)) || (! AUTH_MARSHALL(h->cl_auth, xdrs)) || diff --git a/lib/libc/rpc/clnt_udp.c b/lib/libc/rpc/clnt_udp.c index 5fbd082597d..2cce6a79828 100644 --- a/lib/libc/rpc/clnt_udp.c +++ b/lib/libc/rpc/clnt_udp.c @@ -28,7 +28,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: clnt_udp.c,v 1.10 1997/01/02 09:21:05 deraadt Exp $"; +static char *rcsid = "$OpenBSD: clnt_udp.c,v 1.11 1997/04/27 22:23:33 deraadt Exp $"; #endif /* LIBC_SCCS and not lint */ /* @@ -224,6 +224,7 @@ clntudp_call(cl, proc, xargs, argsp, xresults, resultsp, utimeout) struct rpc_msg reply_msg; XDR reply_xdrs; struct timeval time_waited, start, after, tmp1, tmp2; + u_int32_t *msg_x_id = (u_int32_t *)(cu->cu_outbuf); /* yuk */ bool_t ok; int nrefreshes = 2; /* number of times to refresh cred */ struct timeval timeout; @@ -249,10 +250,7 @@ call_again: xdrs = &(cu->cu_outxdrs); xdrs->x_op = XDR_ENCODE; XDR_SETPOS(xdrs, cu->cu_xdrpos); - /* - * the transaction is the first thing in the out buffer - */ - (*(u_short *)(cu->cu_outbuf))++; + *msg_x_id = arc4random(); if (!XDR_PUTLONG(xdrs, (long *)&proc) || !AUTH_MARSHALL(cl->cl_auth, xdrs) || !(*xargs)(xdrs, argsp)) { @@ -337,7 +335,7 @@ send_again: if (inlen < sizeof(u_int32_t)) continue; /* see if reply transaction id matches sent id */ - if (*((u_int32_t *)(cu->cu_inbuf)) != *((u_int32_t *)(cu->cu_outbuf))) + if (*((u_int32_t *)(cu->cu_inbuf)) != *msg_x_id) continue; /* we now assume we have the proper reply */ break; |