[v9_18] [CVE-2022-0396] Add system test lingering CLOSE_WAIT TCP sockets (!6103) · Merge requests · ISC Open Source Projects / BIND

Michal Nowak requested to merge 3112-test-lingering-tcp-sockets-in-closewait-v9_18 into v9_18 Apr 07, 2022

Add a test case to check for lingering TCP sockets stuck in the CLOSE_WAIT state. This can happen if a client sends some garbage after its first query.

The system test runs the reproducer script and then sends another TCP query to the resolver. The resolver is configured to allow one TCP client only. If BIND has its TCP socket stuck in CLOSE_WAIT, it does not have the resources available to answer the second query.

Note: A better test would be to check if the named daemon does not have a TCP socket stuck in CLOSE_WAIT for example with netstat. When running this test locally you can examine named with netstat manually. But since netstat is platform specific it is not a good candidate to do this as a system test.

If you, if you could return, don't let it burn. Do you have to let it linger?

Cranberries

(cherry picked from commit b9ebde70)

Closes #3112 (closed)

Edited Apr 08, 2022 by Michal Nowak

[v9_18] [CVE-2022-0396] Add system test lingering CLOSE_WAIT TCP sockets

Merge request reports