diff options
Diffstat (limited to 'meta/recipes-connectivity/bind/bind/0006-restore-allowance-for-tcp-clients-interfaces.patch')
-rw-r--r-- | meta/recipes-connectivity/bind/bind/0006-restore-allowance-for-tcp-clients-interfaces.patch | 80 |
1 files changed, 0 insertions, 80 deletions
diff --git a/meta/recipes-connectivity/bind/bind/0006-restore-allowance-for-tcp-clients-interfaces.patch b/meta/recipes-connectivity/bind/bind/0006-restore-allowance-for-tcp-clients-interfaces.patch deleted file mode 100644 index 3821d18501..0000000000 --- a/meta/recipes-connectivity/bind/bind/0006-restore-allowance-for-tcp-clients-interfaces.patch +++ /dev/null | |||
@@ -1,80 +0,0 @@ | |||
1 | Backport patch to fix CVE-2018-5743. | ||
2 | |||
3 | Ref: | ||
4 | https://security-tracker.debian.org/tracker/CVE-2018-5743 | ||
5 | |||
6 | CVE: CVE-2018-5743 | ||
7 | Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/59434b9] | ||
8 | |||
9 | Signed-off-by: Kai Kang <kai.kang@windriver.com> | ||
10 | |||
11 | From 59434b987e8eb436b08c24e559ee094c4e939daa Mon Sep 17 00:00:00 2001 | ||
12 | From: Evan Hunt <each@isc.org> | ||
13 | Date: Fri, 5 Apr 2019 16:26:19 -0700 | ||
14 | Subject: [PATCH 6/6] restore allowance for tcp-clients < interfaces | ||
15 | |||
16 | in the "refactor tcpquota and pipeline refs" commit, the counting | ||
17 | of active interfaces was tightened in such a way that named could | ||
18 | fail to listen on an interface if there were more interfaces than | ||
19 | tcp-clients. when checking the quota to start accepting on an | ||
20 | interface, if the number of active clients was above zero, then | ||
21 | it was presumed that some other client was able to handle accepting | ||
22 | new connections. this, however, ignored the fact that the current client | ||
23 | could be included in that count, so if the quota was already exceeded | ||
24 | before all the interfaces were listening, some interfaces would never | ||
25 | listen. | ||
26 | |||
27 | we now check whether the current client has been marked active; if so, | ||
28 | then the number of active clients on the interface must be greater | ||
29 | than 1, not 0. | ||
30 | |||
31 | (cherry picked from commit 0b4e2cd4c3192ba88569dd344f542a8cc43742b5) | ||
32 | (cherry picked from commit d01023aaac35543daffbdf48464e320150235d41) | ||
33 | --- | ||
34 | bin/named/client.c | 8 +++++--- | ||
35 | doc/arm/Bv9ARM-book.xml | 3 ++- | ||
36 | 2 files changed, 7 insertions(+), 4 deletions(-) | ||
37 | |||
38 | diff --git a/bin/named/client.c b/bin/named/client.c | ||
39 | index d826ab32bf..845326abc0 100644 | ||
40 | --- a/bin/named/client.c | ||
41 | +++ b/bin/named/client.c | ||
42 | @@ -3464,8 +3464,9 @@ client_accept(ns_client_t *client) { | ||
43 | * | ||
44 | * So, we check here to see if any other clients are | ||
45 | * already servicing TCP queries on this interface (whether | ||
46 | - * accepting, reading, or processing). If we find at least | ||
47 | - * one, then it's okay *not* to call accept - we can let this | ||
48 | + * accepting, reading, or processing). If we find that at | ||
49 | + * least one client other than this one is active, then | ||
50 | + * it's okay *not* to call accept - we can let this | ||
51 | * client go inactive and another will take over when it's | ||
52 | * done. | ||
53 | * | ||
54 | @@ -3479,7 +3480,8 @@ client_accept(ns_client_t *client) { | ||
55 | * quota is tcp-clients plus the number of listening | ||
56 | * interfaces plus 1.) | ||
57 | */ | ||
58 | - exit = (isc_atomic_xadd(&client->interface->ntcpactive, 0) > 0); | ||
59 | + exit = (isc_atomic_xadd(&client->interface->ntcpactive, 0) > | ||
60 | + (client->tcpactive ? 1 : 0)); | ||
61 | if (exit) { | ||
62 | client->newstate = NS_CLIENTSTATE_INACTIVE; | ||
63 | (void)exit_check(client); | ||
64 | diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml | ||
65 | index 381768d540..9c76d3cd6f 100644 | ||
66 | --- a/doc/arm/Bv9ARM-book.xml | ||
67 | +++ b/doc/arm/Bv9ARM-book.xml | ||
68 | @@ -8493,7 +8493,8 @@ avoid-v6-udp-ports { 40000; range 50000 60000; }; | ||
69 | <para> | ||
70 | The number of file descriptors reserved for TCP, stdio, | ||
71 | etc. This needs to be big enough to cover the number of | ||
72 | - interfaces <command>named</command> listens on, <command>tcp-clients</command> as well as | ||
73 | + interfaces <command>named</command> listens on plus | ||
74 | + <command>tcp-clients</command>, as well as | ||
75 | to provide room for outgoing TCP queries and incoming zone | ||
76 | transfers. The default is <literal>512</literal>. | ||
77 | The minimum value is <literal>128</literal> and the | ||
78 | -- | ||
79 | 2.20.1 | ||
80 | |||