diff options
Diffstat (limited to 'meta/recipes-connectivity/bind/bind/0001-fix-enforcement-of-tcp-clients-v1.patch')
-rw-r--r-- | meta/recipes-connectivity/bind/bind/0001-fix-enforcement-of-tcp-clients-v1.patch | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind/0001-fix-enforcement-of-tcp-clients-v1.patch b/meta/recipes-connectivity/bind/bind/0001-fix-enforcement-of-tcp-clients-v1.patch new file mode 100644 index 0000000000..48ae125f84 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/0001-fix-enforcement-of-tcp-clients-v1.patch | |||
@@ -0,0 +1,60 @@ | |||
1 | Backport patch to fix CVE-2018-5743. | ||
2 | |||
3 | Ref: | ||
4 | https://security-tracker.debian.org/tracker/CVE-2018-5743 | ||
5 | |||
6 | CVE: CVE-2018-5743 | ||
7 | Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/ec2d50d] | ||
8 | |||
9 | Signed-off-by: Kai Kang <kai.kang@windriver.com> | ||
10 | |||
11 | From ec2d50da8d81814640e28593d912f4b96c7efece Mon Sep 17 00:00:00 2001 | ||
12 | From: =?UTF-8?q?Witold=20Kr=C4=99cicki?= <wpk@isc.org> | ||
13 | Date: Thu, 3 Jan 2019 14:17:43 +0100 | ||
14 | Subject: [PATCH 1/6] fix enforcement of tcp-clients (v1) | ||
15 | |||
16 | tcp-clients settings could be exceeded in some cases by | ||
17 | creating more and more active TCP clients that are over | ||
18 | the set quota limit, which in the end could lead to a | ||
19 | DoS attack by e.g. exhaustion of file descriptors. | ||
20 | |||
21 | If TCP client we're closing went over the quota (so it's | ||
22 | not attached to a quota) mark it as mortal - so that it | ||
23 | will be destroyed and not set up to listen for new | ||
24 | connections - unless it's the last client for a specific | ||
25 | interface. | ||
26 | |||
27 | (cherry picked from commit f97131d21b97381cef72b971b157345c1f9b4115) | ||
28 | (cherry picked from commit 9689ffc485df8f971f0ad81ab8ab1f5389493776) | ||
29 | --- | ||
30 | bin/named/client.c | 13 ++++++++++++- | ||
31 | 1 file changed, 12 insertions(+), 1 deletion(-) | ||
32 | |||
33 | diff --git a/bin/named/client.c b/bin/named/client.c | ||
34 | index d482da7121..0739dd48af 100644 | ||
35 | --- a/bin/named/client.c | ||
36 | +++ b/bin/named/client.c | ||
37 | @@ -421,8 +421,19 @@ exit_check(ns_client_t *client) { | ||
38 | isc_socket_detach(&client->tcpsocket); | ||
39 | } | ||
40 | |||
41 | - if (client->tcpquota != NULL) | ||
42 | + if (client->tcpquota != NULL) { | ||
43 | isc_quota_detach(&client->tcpquota); | ||
44 | + } else { | ||
45 | + /* | ||
46 | + * We went over quota with this client, we don't | ||
47 | + * want to restart listening unless this is the | ||
48 | + * last client on this interface, which is | ||
49 | + * checked later. | ||
50 | + */ | ||
51 | + if (TCP_CLIENT(client)) { | ||
52 | + client->mortal = true; | ||
53 | + } | ||
54 | + } | ||
55 | |||
56 | if (client->timerset) { | ||
57 | (void)isc_timer_reset(client->timer, | ||
58 | -- | ||
59 | 2.20.1 | ||
60 | |||