Skip to content

Commit d59b47c

Browse files
djeebusdjeebus
authored
No need to implement portmap's SET (#2524)
* no need to implement set, I think * need to bring this back for setup, but not as an api method * fix test * add documentation
1 parent dad458b commit d59b47c

3 files changed

Lines changed: 13 additions & 7 deletions

File tree

packages/orchestrator/pkg/portmap/main.go

Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -22,9 +22,7 @@ func newHandlers(ctx context.Context) *handlers {
2222

2323
var _ portmap.PMAP_PROG_PMAP_VERS_handler = (*handlers)(nil)
2424

25-
func (h *handlers) PMAPPROC_NULL() {}
26-
27-
func (h *handlers) PMAPPROC_SET(mapping portmap.Mapping) portmap.Xbool {
25+
func (h *handlers) registerPort(mapping portmap.Mapping) {
2826
h.lock.Lock()
2927
defer h.lock.Unlock()
3028

@@ -33,10 +31,18 @@ func (h *handlers) PMAPPROC_SET(mapping portmap.Mapping) portmap.Xbool {
3331
Vers: mapping.Vers,
3432
Prot: mapping.Prot,
3533
}] = portmap.Uint32(mapping.Port)
34+
}
3635

37-
return true
36+
func (h *handlers) PMAPPROC_NULL() {}
37+
38+
// PMAPPROC_SET is not implemented, so we return false. It needs to remain unimplemented, as
39+
// implementing it allows attackers to register and possibly redirect NFS traffic.
40+
func (h *handlers) PMAPPROC_SET(_ portmap.Mapping) portmap.Xbool {
41+
return false
3842
}
3943

44+
// PMAPPROC_UNSET is not implemented, so we return false. It serves no purpose, and implementing it
45+
// would allow attackers to remove port mappings, potentially disrupting services.
4046
func (h *handlers) PMAPPROC_UNSET(_ portmap.Mapping) portmap.Xbool {
4147
return false
4248
}

packages/orchestrator/pkg/portmap/main_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ func TestPortmapRetrieval(t *testing.T) {
1111
t.Parallel()
1212

1313
h := newHandlers(t.Context())
14-
h.PMAPPROC_SET(portmap.Mapping{
14+
h.registerPort(portmap.Mapping{
1515
Prog: 100003,
1616
Vers: 2,
1717
Prot: 1,

packages/orchestrator/pkg/portmap/server.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -46,14 +46,14 @@ func NewPortMap(ctx context.Context) *Server {
4646
func (pm *Server) RegisterPort(ctx context.Context, port uint32) {
4747
logger.L().Info(ctx, "registering port", zap.Uint32("port", port))
4848

49-
pm.h.PMAPPROC_SET(rfc1057.Mapping{
49+
pm.h.registerPort(rfc1057.Mapping{
5050
Prog: nfs.Nfs3Prog,
5151
Vers: nfs.Nfs3Vers,
5252
Prot: rfc1057.IPPROTO_TCP,
5353
Port: port,
5454
})
5555

56-
pm.h.PMAPPROC_SET(rfc1057.Mapping{
56+
pm.h.registerPort(rfc1057.Mapping{
5757
Prog: 100005, // mountd
5858
Vers: nfs.Nfs3Vers,
5959
Prot: rfc1057.IPPROTO_TCP,

0 commit comments

Comments
 (0)