Brad Bishop | 64c979e | 2019-11-04 13:55:29 -0500 | [diff] [blame^] | 1 | Backport patch to fix CVE-2018-5743. |
| 2 | |
| 3 | Ref: |
| 4 | https://security-tracker.debian.org/tracker/CVE-2018-5743 |
| 5 | |
| 6 | CVE: CVE-2018-5743 |
| 7 | Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/59434b9] |
| 8 | |
| 9 | Signed-off-by: Kai Kang <kai.kang@windriver.com> |
| 10 | |
| 11 | From 59434b987e8eb436b08c24e559ee094c4e939daa Mon Sep 17 00:00:00 2001 |
| 12 | From: Evan Hunt <each@isc.org> |
| 13 | Date: Fri, 5 Apr 2019 16:26:19 -0700 |
| 14 | Subject: [PATCH 6/6] restore allowance for tcp-clients < interfaces |
| 15 | |
| 16 | in the "refactor tcpquota and pipeline refs" commit, the counting |
| 17 | of active interfaces was tightened in such a way that named could |
| 18 | fail to listen on an interface if there were more interfaces than |
| 19 | tcp-clients. when checking the quota to start accepting on an |
| 20 | interface, if the number of active clients was above zero, then |
| 21 | it was presumed that some other client was able to handle accepting |
| 22 | new connections. this, however, ignored the fact that the current client |
| 23 | could be included in that count, so if the quota was already exceeded |
| 24 | before all the interfaces were listening, some interfaces would never |
| 25 | listen. |
| 26 | |
| 27 | we now check whether the current client has been marked active; if so, |
| 28 | then the number of active clients on the interface must be greater |
| 29 | than 1, not 0. |
| 30 | |
| 31 | (cherry picked from commit 0b4e2cd4c3192ba88569dd344f542a8cc43742b5) |
| 32 | (cherry picked from commit d01023aaac35543daffbdf48464e320150235d41) |
| 33 | --- |
| 34 | bin/named/client.c | 8 +++++--- |
| 35 | doc/arm/Bv9ARM-book.xml | 3 ++- |
| 36 | 2 files changed, 7 insertions(+), 4 deletions(-) |
| 37 | |
| 38 | diff --git a/bin/named/client.c b/bin/named/client.c |
| 39 | index d826ab32bf..845326abc0 100644 |
| 40 | --- a/bin/named/client.c |
| 41 | +++ b/bin/named/client.c |
| 42 | @@ -3464,8 +3464,9 @@ client_accept(ns_client_t *client) { |
| 43 | * |
| 44 | * So, we check here to see if any other clients are |
| 45 | * already servicing TCP queries on this interface (whether |
| 46 | - * accepting, reading, or processing). If we find at least |
| 47 | - * one, then it's okay *not* to call accept - we can let this |
| 48 | + * accepting, reading, or processing). If we find that at |
| 49 | + * least one client other than this one is active, then |
| 50 | + * it's okay *not* to call accept - we can let this |
| 51 | * client go inactive and another will take over when it's |
| 52 | * done. |
| 53 | * |
| 54 | @@ -3479,7 +3480,8 @@ client_accept(ns_client_t *client) { |
| 55 | * quota is tcp-clients plus the number of listening |
| 56 | * interfaces plus 1.) |
| 57 | */ |
| 58 | - exit = (isc_atomic_xadd(&client->interface->ntcpactive, 0) > 0); |
| 59 | + exit = (isc_atomic_xadd(&client->interface->ntcpactive, 0) > |
| 60 | + (client->tcpactive ? 1 : 0)); |
| 61 | if (exit) { |
| 62 | client->newstate = NS_CLIENTSTATE_INACTIVE; |
| 63 | (void)exit_check(client); |
| 64 | diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml |
| 65 | index 381768d540..9c76d3cd6f 100644 |
| 66 | --- a/doc/arm/Bv9ARM-book.xml |
| 67 | +++ b/doc/arm/Bv9ARM-book.xml |
| 68 | @@ -8493,7 +8493,8 @@ avoid-v6-udp-ports { 40000; range 50000 60000; }; |
| 69 | <para> |
| 70 | The number of file descriptors reserved for TCP, stdio, |
| 71 | etc. This needs to be big enough to cover the number of |
| 72 | - interfaces <command>named</command> listens on, <command>tcp-clients</command> as well as |
| 73 | + interfaces <command>named</command> listens on plus |
| 74 | + <command>tcp-clients</command>, as well as |
| 75 | to provide room for outgoing TCP queries and incoming zone |
| 76 | transfers. The default is <literal>512</literal>. |
| 77 | The minimum value is <literal>128</literal> and the |
| 78 | -- |
| 79 | 2.20.1 |
| 80 | |