Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP5:Update
bind.26110
bind-CVE-2018-5743.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File bind-CVE-2018-5743.patch of Package bind.26110
From 9689ffc485df8f971f0ad81ab8ab1f5389493776 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Witold=20Kr=C4=99cicki?= <wpk@isc.org> Date: Thu, 3 Jan 2019 14:17:43 +0100 Subject: [PATCH] fix enforcement of tcp-clients (v1) tcp-clients settings could be exceeded in some cases by creating more and more active TCP clients that are over the set quota limit, which in the end could lead to a DoS attack by e.g. exhaustion of file descriptors. If TCP client we're closing went over the quota (so it's not attached to a quota) mark it as mortal - so that it will be destroyed and not set up to listen for new connections - unless it's the last client for a specific interface. (cherry picked from commit f97131d21b97381cef72b971b157345c1f9b4115) --- bin/named/client.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) --- bin/named/client.c.orig +++ bin/named/client.c @@ -398,8 +398,19 @@ exit_check(ns_client_t *client) { isc_socket_detach(&client->tcpsocket); } - if (client->tcpquota != NULL) + if (client->tcpquota != NULL) { isc_quota_detach(&client->tcpquota); + } else { + /* + * We went over quota with this client, we don't + * want to restart listening unless this is the + * last client on this interface, which is + * checked later. + */ + if (TCP_CLIENT(client)) { + client->mortal = ISC_TRUE; + } + } if (client->timerset) { (void)isc_timer_reset(client->timer,
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor