summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/bind/bind/0006-restore-allowance-for-tcp-clients-interfaces.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-connectivity/bind/bind/0006-restore-allowance-for-tcp-clients-interfaces.patch')
-rw-r--r--meta/recipes-connectivity/bind/bind/0006-restore-allowance-for-tcp-clients-interfaces.patch80
1 files changed, 0 insertions, 80 deletions
diff --git a/meta/recipes-connectivity/bind/bind/0006-restore-allowance-for-tcp-clients-interfaces.patch b/meta/recipes-connectivity/bind/bind/0006-restore-allowance-for-tcp-clients-interfaces.patch
deleted file mode 100644
index 3821d18501..0000000000
--- a/meta/recipes-connectivity/bind/bind/0006-restore-allowance-for-tcp-clients-interfaces.patch
+++ /dev/null
@@ -1,80 +0,0 @@
1Backport patch to fix CVE-2018-5743.
2
3Ref:
4https://security-tracker.debian.org/tracker/CVE-2018-5743
5
6CVE: CVE-2018-5743
7Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/59434b9]
8
9Signed-off-by: Kai Kang <kai.kang@windriver.com>
10
11From 59434b987e8eb436b08c24e559ee094c4e939daa Mon Sep 17 00:00:00 2001
12From: Evan Hunt <each@isc.org>
13Date: Fri, 5 Apr 2019 16:26:19 -0700
14Subject: [PATCH 6/6] restore allowance for tcp-clients < interfaces
15
16in the "refactor tcpquota and pipeline refs" commit, the counting
17of active interfaces was tightened in such a way that named could
18fail to listen on an interface if there were more interfaces than
19tcp-clients. when checking the quota to start accepting on an
20interface, if the number of active clients was above zero, then
21it was presumed that some other client was able to handle accepting
22new connections. this, however, ignored the fact that the current client
23could be included in that count, so if the quota was already exceeded
24before all the interfaces were listening, some interfaces would never
25listen.
26
27we now check whether the current client has been marked active; if so,
28then the number of active clients on the interface must be greater
29than 1, not 0.
30
31(cherry picked from commit 0b4e2cd4c3192ba88569dd344f542a8cc43742b5)
32(cherry picked from commit d01023aaac35543daffbdf48464e320150235d41)
33---
34 bin/named/client.c | 8 +++++---
35 doc/arm/Bv9ARM-book.xml | 3 ++-
36 2 files changed, 7 insertions(+), 4 deletions(-)
37
38diff --git a/bin/named/client.c b/bin/named/client.c
39index d826ab32bf..845326abc0 100644
40--- a/bin/named/client.c
41+++ b/bin/named/client.c
42@@ -3464,8 +3464,9 @@ client_accept(ns_client_t *client) {
43 *
44 * So, we check here to see if any other clients are
45 * already servicing TCP queries on this interface (whether
46- * accepting, reading, or processing). If we find at least
47- * one, then it's okay *not* to call accept - we can let this
48+ * accepting, reading, or processing). If we find that at
49+ * least one client other than this one is active, then
50+ * it's okay *not* to call accept - we can let this
51 * client go inactive and another will take over when it's
52 * done.
53 *
54@@ -3479,7 +3480,8 @@ client_accept(ns_client_t *client) {
55 * quota is tcp-clients plus the number of listening
56 * interfaces plus 1.)
57 */
58- exit = (isc_atomic_xadd(&client->interface->ntcpactive, 0) > 0);
59+ exit = (isc_atomic_xadd(&client->interface->ntcpactive, 0) >
60+ (client->tcpactive ? 1 : 0));
61 if (exit) {
62 client->newstate = NS_CLIENTSTATE_INACTIVE;
63 (void)exit_check(client);
64diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
65index 381768d540..9c76d3cd6f 100644
66--- a/doc/arm/Bv9ARM-book.xml
67+++ b/doc/arm/Bv9ARM-book.xml
68@@ -8493,7 +8493,8 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
69 <para>
70 The number of file descriptors reserved for TCP, stdio,
71 etc. This needs to be big enough to cover the number of
72- interfaces <command>named</command> listens on, <command>tcp-clients</command> as well as
73+ interfaces <command>named</command> listens on plus
74+ <command>tcp-clients</command>, as well as
75 to provide room for outgoing TCP queries and incoming zone
76 transfers. The default is <literal>512</literal>.
77 The minimum value is <literal>128</literal> and the
78--
792.20.1
80