Commit 581ae795 authored by Ondřej Surý's avatar Ondřej Surý

Merge branch '615-tcp-client-crash-v9_11-v9_11_6_patch-v9_11' into 'v9_11'

Resolve "tcp-clients mostly ineffective"

See merge request !1863
parents f7f3b0cd b96a3a0c
Pipeline #13871 passed with stages
in 1 minute
......@@ -31,6 +31,10 @@
5203. [bug] Enforce whether key rdata exists or not in KEY,
DNSKEY, CDNSKEY and RKEY. [GL #899]
5200. [security] tcp-clients settings could be exceeded in some cases,
which could lead to exhaustion of file descriptors.
(CVE-2018-5743) [GL #615]
5197. [bug] dig could die in best effort mode on multiple SIG(0)
records. Similarly on multiple OPT and multiple TSIG
records. [GL #920]
......
This diff is collapsed.
......@@ -9,8 +9,6 @@
* information regarding copyright ownership.
*/
/* $Id: client.h,v 1.96 2012/01/31 23:47:31 tbox Exp $ */
#ifndef NAMED_CLIENT_H
#define NAMED_CLIENT_H 1
......@@ -80,6 +78,13 @@
*** Types
***/
/*% reference-counted TCP connection object */
typedef struct ns_tcpconn {
isc_refcount_t refs;
isc_quota_t *tcpquota;
bool pipelined;
} ns_tcpconn_t;
/*% nameserver client structure */
struct ns_client {
unsigned int magic;
......@@ -94,7 +99,8 @@ struct ns_client {
int nupdates;
int nctls;
int references;
bool needshutdown; /*
bool tcpactive;
bool needshutdown; /*
* Used by clienttest to get
* the client to go from
* inactive to free state
......@@ -130,10 +136,9 @@ struct ns_client {
isc_stdtime_t now;
isc_time_t tnow;
dns_name_t signername; /*%< [T]SIG key name */
dns_name_t * signer; /*%< NULL if not valid sig */
bool mortal; /*%< Die after handling request */
bool pipelined; /*%< TCP queries not in sequence */
isc_quota_t *tcpquota;
dns_name_t *signer; /*%< NULL if not valid sig */
bool mortal; /*%< Die after handling request */
ns_tcpconn_t *tcpconn;
isc_quota_t *recursionquota;
ns_interface_t *interface;
......@@ -143,8 +148,8 @@ struct ns_client {
isc_sockaddr_t destsockaddr;
isc_netaddr_t ecs_addr; /*%< EDNS client subnet */
uint8_t ecs_addrlen;
uint8_t ecs_scope;
uint8_t ecs_addrlen;
uint8_t ecs_scope;
struct in6_pktinfo pktinfo;
isc_dscp_t dscp;
......
......@@ -9,8 +9,6 @@
* information regarding copyright ownership.
*/
/* $Id: interfacemgr.h,v 1.35 2011/07/28 23:47:58 tbox Exp $ */
#ifndef NAMED_INTERFACEMGR_H
#define NAMED_INTERFACEMGR_H 1
......@@ -77,9 +75,14 @@ struct ns_interface {
/*%< UDP dispatchers. */
isc_socket_t * tcpsocket; /*%< TCP socket. */
isc_dscp_t dscp; /*%< "listen-on" DSCP value */
int ntcptarget; /*%< Desired number of concurrent
TCP accepts */
int ntcpcurrent; /*%< Current ditto, locked */
int32_t ntcpaccepting; /*%< Number of clients
ready to accept new
TCP connections on this
interface */
int32_t ntcpactive; /*%< Number of clients
servicing TCP queries
(whether accepting or
connected) */
int nudpdispatch; /*%< Number of UDP dispatches */
ns_clientmgr_t * clientmgr; /*%< Client manager. */
ISC_LINK(ns_interface_t) link;
......
......@@ -386,8 +386,9 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr,
* connections will be handled in parallel even though there is
* only one client initially.
*/
ifp->ntcptarget = 1;
ifp->ntcpcurrent = 0;
ifp->ntcpaccepting = 0;
ifp->ntcpactive = 0;
ifp->nudpdispatch = 0;
ifp->dscp = -1;
......@@ -522,9 +523,7 @@ ns_interface_accepttcp(ns_interface_t *ifp) {
*/
(void)isc_socket_filter(ifp->tcpsocket, "dataready");
result = ns_clientmgr_createclients(ifp->clientmgr,
ifp->ntcptarget, ifp,
true);
result = ns_clientmgr_createclients(ifp->clientmgr, 1, ifp, true);
if (result != ISC_R_SUCCESS) {
UNEXPECTED_ERROR(__FILE__, __LINE__,
"TCP ns_clientmgr_createclients(): %s",
......
......@@ -8493,7 +8493,8 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
<para>
The number of file descriptors reserved for TCP, stdio,
etc. This needs to be big enough to cover the number of
interfaces <command>named</command> listens on, <command>tcp-clients</command> as well as
interfaces <command>named</command> listens on plus
<command>tcp-clients</command>, as well as
to provide room for outgoing TCP queries and incoming zone
transfers. The default is <literal>512</literal>.
The minimum value is <literal>128</literal> and the
......
......@@ -76,6 +76,13 @@
None.
</para>
</listitem>
<listitem>
<para>
The TCP client quota set using the <command>tcp-clients</command>
option could be exceeded in some cases. This could lead to
exhaustion of file descriptors. (CVE-2018-5743) [GL #615]
</para>
</listitem>
</itemizedlist>
</section>
......
......@@ -100,6 +100,13 @@ isc_quota_attach(isc_quota_t *quota, isc_quota_t **p);
* quota if successful (ISC_R_SUCCESS or ISC_R_SOFTQUOTA).
*/
isc_result_t
isc_quota_force(isc_quota_t *quota, isc_quota_t **p);
/*%<
* Like isc_quota_attach, but will attach '*p' to the quota
* even if the hard quota has been exceeded.
*/
void
isc_quota_detach(isc_quota_t **p);
/*%<
......
......@@ -74,20 +74,39 @@ isc_quota_release(isc_quota_t *quota) {
UNLOCK(&quota->lock);
}
isc_result_t
isc_quota_attach(isc_quota_t *quota, isc_quota_t **p)
{
static isc_result_t
doattach(isc_quota_t *quota, isc_quota_t **p, bool force) {
isc_result_t result;
INSIST(p != NULL && *p == NULL);
REQUIRE(p != NULL && *p == NULL);
result = isc_quota_reserve(quota);
if (result == ISC_R_SUCCESS || result == ISC_R_SOFTQUOTA)
if (result == ISC_R_SUCCESS || result == ISC_R_SOFTQUOTA) {
*p = quota;
} else if (result == ISC_R_QUOTA && force) {
/* attach anyway */
LOCK(&quota->lock);
quota->used++;
UNLOCK(&quota->lock);
*p = quota;
result = ISC_R_SUCCESS;
}
return (result);
}
isc_result_t
isc_quota_attach(isc_quota_t *quota, isc_quota_t **p) {
return (doattach(quota, p, false));
}
isc_result_t
isc_quota_force(isc_quota_t *quota, isc_quota_t **p) {
return (doattach(quota, p, true));
}
void
isc_quota_detach(isc_quota_t **p)
{
isc_quota_detach(isc_quota_t **p) {
INSIST(p != NULL && *p != NULL);
isc_quota_release(*p);
*p = NULL;
......
......@@ -519,6 +519,7 @@ isc_portset_removerange
isc_quota_attach
isc_quota_destroy
isc_quota_detach
isc_quota_force
isc_quota_init
isc_quota_max
isc_quota_release
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment