From: deraadt <deraadt@openbsd.org>
Date: Sun, 27 Apr 1997 22:23:31 +0000 (+0000)
Subject: re-randomize xid on reuse of a CLIENT *; pointed out by adam@math.tau.ac.il
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=76404e9a11da6ab2eae0ab0e77581010413019eb;p=openbsd

re-randomize xid on reuse of a CLIENT *; pointed out by adam@math.tau.ac.il
---

diff --git a/lib/libc/rpc/clnt_tcp.c b/lib/libc/rpc/clnt_tcp.c
index f23e97afb9b..387521d4063 100644
--- a/lib/libc/rpc/clnt_tcp.c
+++ b/lib/libc/rpc/clnt_tcp.c
@@ -28,7 +28,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-static char *rcsid = "$OpenBSD: clnt_tcp.c,v 1.12 1997/01/02 09:21:01 deraadt Exp $";
+static char *rcsid = "$OpenBSD: clnt_tcp.c,v 1.13 1997/04/27 22:23:31 deraadt Exp $";
 #endif /* LIBC_SCCS and not lint */
  
 /*
@@ -251,7 +251,7 @@ clnttcp_call(h, proc, xdr_args, args_ptr, xdr_results, results_ptr, timeout)
 call_again:
 	xdrs->x_op = XDR_ENCODE;
 	ct->ct_error.re_status = RPC_SUCCESS;
-	x_id = ntohl(--(*msg_x_id));
+	x_id = *msg_x_id = arc4random();
 	if ((! XDR_PUTBYTES(xdrs, ct->ct_mcall, ct->ct_mpos)) ||
 	    (! XDR_PUTLONG(xdrs, (long *)&proc)) ||
 	    (! AUTH_MARSHALL(h->cl_auth, xdrs)) ||
diff --git a/lib/libc/rpc/clnt_udp.c b/lib/libc/rpc/clnt_udp.c
index 5fbd082597d..2cce6a79828 100644
--- a/lib/libc/rpc/clnt_udp.c
+++ b/lib/libc/rpc/clnt_udp.c
@@ -28,7 +28,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-static char *rcsid = "$OpenBSD: clnt_udp.c,v 1.10 1997/01/02 09:21:05 deraadt Exp $";
+static char *rcsid = "$OpenBSD: clnt_udp.c,v 1.11 1997/04/27 22:23:33 deraadt Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 /*
@@ -224,6 +224,7 @@ clntudp_call(cl, proc, xargs, argsp, xresults, resultsp, utimeout)
 	struct rpc_msg reply_msg;
 	XDR reply_xdrs;
 	struct timeval time_waited, start, after, tmp1, tmp2;
+	u_int32_t *msg_x_id = (u_int32_t *)(cu->cu_outbuf);	/* yuk */
 	bool_t ok;
 	int nrefreshes = 2;	/* number of times to refresh cred */
 	struct timeval timeout;
@@ -249,10 +250,7 @@ call_again:
 	xdrs = &(cu->cu_outxdrs);
 	xdrs->x_op = XDR_ENCODE;
 	XDR_SETPOS(xdrs, cu->cu_xdrpos);
-	/*
-	 * the transaction is the first thing in the out buffer
-	 */
-	(*(u_short *)(cu->cu_outbuf))++;
+	*msg_x_id = arc4random();
 	if (!XDR_PUTLONG(xdrs, (long *)&proc) ||
 	    !AUTH_MARSHALL(cl->cl_auth, xdrs) ||
 	    !(*xargs)(xdrs, argsp)) {
@@ -337,7 +335,7 @@ send_again:
 		if (inlen < sizeof(u_int32_t))
 			continue;	
 		/* see if reply transaction id matches sent id */
-		if (*((u_int32_t *)(cu->cu_inbuf)) != *((u_int32_t *)(cu->cu_outbuf)))
+		if (*((u_int32_t *)(cu->cu_inbuf)) != *msg_x_id)
 			continue;	
 		/* we now assume we have the proper reply */
 		break;