X-Spam-Status: No, score=-2.8 required=5.0 tests=RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2 autolearn=unavailable autolearn_force=no version=3.4.1 Subject: [PATCH] DHCPd leaks sockets descriptors X-Original-To: dhcp-confidential@bugs.isc.org X-RT-Incoming-Encryption: Not encrypted From pzhukov@redhat.com Mon Dec 4 16:09:57 2017 X-Received: by 10.223.201.2 with SMTP id m2mr12455867wrh.274.1512403764358; Mon, 04 Dec 2017 08:09:24 -0800 (PST) X-Google-Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version; bh=r6/9HgIyWoD1wCSjRiYLlt1N30XwomyyGVcoXJ1zhkw=; b=LaDJ7Rny4urcIJWfosqcJRe6iSe/3/o0blTUwfzzWLTdkf5R97Z/NarN0TOWD1Pwxz eiaBsnn/daIZHp3V0BluKXgOsDk3xEEqJfprvFfm5/0QYwH3wp+jVigiei4iFV52vHKW pk8w/Myfr42YP5qAROjvfQqEXb9quyYPuZuEaKt9TgrXrZksz/SjcLu61rDWdT80e2W1 OY0EDlowCSx6Yw6nziYOslrSbuYmejb8qnGElu1YmVDSR84ADN+lf6Niwgwd4LdWVarD 80NBjt7pYjFEpWa9UgQ38BzKeD714DhrWKjCvqlHCI2ZHOz7CbyBoqx2EYgZpHtaJ04H vrHA== X-Google-SMTP-Source: AGs4zMa1axcgZ452EAJiFY4UId7pDolVw1js5zYG/4a92Y7+ZTsd+w/l045Da5tE1cLIX5AXVbghIg== X-GM-Message-State: AJaThX6n5OulEVfjHfHaCUs3udoTIkQUHUuXMZruXKh6QnoZPLppjZ7z owSFMeqWNTAGCLYLdF70X39WAlgEV4U= Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mx.pao1.isc.org To: dhcp-bugs@isc.org Date: Mon, 04 Dec 2017 17:09:22 +0100 From: "Pavel Zhukov" MIME-Version: 1.0 Message-ID: <87d13ucw5p.fsf@pzhukov-workstation.usersys.redhat.com> Delivered-To: dhcp-confidential@bugs.isc.org content-type: text/plain; charset="utf-8" Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx.pao1.isc.org", Issuer "COMODO RSA Organization Validation Secure Server CA" (not verified)) by bugs.isc.org (Postfix) with ESMTPS id 2CF2AD78B0A for ; Mon, 4 Dec 2017 16:09:57 +0000 (UTC) Received: from mail-wr0-f182.google.com (mail-wr0-f182.google.com [209.85.128.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 2ADF33AF288 for ; Mon, 4 Dec 2017 16:09:26 +0000 (UTC) Received: by mail-wr0-f182.google.com with SMTP id x49so17891666wrb.13 for ; Mon, 04 Dec 2017 08:09:26 -0800 (PST) Received: from pzhukov-workstation.usersys.redhat.com (nat-pool-brq-t.redhat.com. [213.175.37.10]) by smtp.gmail.com with ESMTPSA id m23sm4169000wmc.29.2017.12.04.08.09.23 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 04 Dec 2017 08:09:23 -0800 (PST) X-RT-Original-Encoding: ascii X-RT-Interface: Email Content-Length: 963 commit ce17b1af08f3ea58d56c9168fd06f26a3094e95b Author: Pavel Zhukov Date: Mon Dec 4 16:58:57 2017 +0100 Close the connecion if writer doesn't send data Some network monitoring tool check if service is alive by connect() to the port and close the connection without sending any data (ncat -z or nagios check_tcp are an example). As the result dhcpd leaks sockets and result is DoS. Signed-off: Martin Osvald diff --git a/omapip/dispatch.c b/omapip/dispatch.c index ba99889..d1fb57e 100644 --- a/omapip/dispatch.c +++ b/omapip/dispatch.c @@ -183,6 +183,10 @@ omapi_iscsock_cb(isc_task_t *task, if (status == ISC_R_INPROGRESS) { return (1); } + + /* Writer closes the connection without data sent */ + if (obj->reaper != NULL) + obj->reaper(obj->inner); } /* -- PAVEL ZHUKOV SOFTWARE ENGINEER, RHCE, RHCVA Red Hat pzhukov@redhat.com IM: IRC: landgraf