Commit 9689ffc4 authored by Witold Krecicki's avatar Witold Krecicki Committed by Evan Hunt

fix enforcement of tcp-clients (v1)

tcp-clients settings could be exceeded in some cases by
creating more and more active TCP clients that are over
the set quota limit, which in the end could lead to a
DoS attack by e.g. exhaustion of file descriptors.

If TCP client we're closing went over the quota (so it's
not attached to a quota) mark it as mortal - so that it
will be destroyed and not set up to listen for new
connections - unless it's the last client for a specific
interface.

(cherry picked from commit f97131d2)
parent 4c50a8f8
......@@ -421,8 +421,19 @@ exit_check(ns_client_t *client) {
isc_socket_detach(&client->tcpsocket);
}
if (client->tcpquota != NULL)
if (client->tcpquota != NULL) {
isc_quota_detach(&client->tcpquota);
} else {
/*
* We went over quota with this client, we don't
* want to restart listening unless this is the
* last client on this interface, which is
* checked later.
*/
if (TCP_CLIENT(client)) {
client->mortal = true;
}
}
if (client->timerset) {
(void)isc_timer_reset(client->timer,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment