|
|
26521d |
From 335f2a35433a949fc30101655a40940bc6ecec12 Mon Sep 17 00:00:00 2001
|
|
|
c04070 |
From: Thierry Bordaz <tbordaz@redhat.com>
|
|
|
c04070 |
Date: Wed, 15 May 2019 17:46:14 +0200
|
|
|
c04070 |
Subject: [PATCH] Ticket 50329 - (2nd) Possible Security Issue: DOS due to
|
|
|
c04070 |
ioblocktimeout not applying to TLS
|
|
|
c04070 |
|
|
|
c04070 |
Bug Description:
|
|
|
c04070 |
A secure socket is configured in blocking mode. If an event
|
|
|
c04070 |
is detected on a secure socket a worker tries to receive the request.
|
|
|
c04070 |
If handshake occurs during the read, it can hang longer than
|
|
|
c04070 |
ioblocktimeout because it takes into account the socket option
|
|
|
c04070 |
rather than the timeout used for the ssl_Recv
|
|
|
c04070 |
|
|
|
c04070 |
Fix Description:
|
|
|
c04070 |
The fix is specific to secure socket and set this socket option
|
|
|
c04070 |
to do non blocking IO.
|
|
|
c04070 |
|
|
|
c04070 |
https://pagure.io/389-ds-base/issue/50329
|
|
|
c04070 |
|
|
|
c04070 |
Reviewed by: ?
|
|
|
c04070 |
|
|
|
c04070 |
Platforms tested: F28, RHEL7.6
|
|
|
c04070 |
|
|
|
c04070 |
Flag Day: no
|
|
|
c04070 |
|
|
|
c04070 |
Doc impact: no
|
|
|
c04070 |
---
|
|
|
c04070 |
ldap/servers/slapd/daemon.c | 2 +-
|
|
|
c04070 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
c04070 |
|
|
|
c04070 |
diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c
|
|
|
26521d |
index 4841a8a5c..afe0fb737 100644
|
|
|
c04070 |
--- a/ldap/servers/slapd/daemon.c
|
|
|
c04070 |
+++ b/ldap/servers/slapd/daemon.c
|
|
|
26521d |
@@ -3193,7 +3193,7 @@ configure_pr_socket(PRFileDesc **pr_socket, int secure, int local)
|
|
|
c04070 |
|
|
|
c04070 |
if (secure) {
|
|
|
c04070 |
pr_socketoption.option = PR_SockOpt_Nonblocking;
|
|
|
c04070 |
- pr_socketoption.value.non_blocking = 0;
|
|
|
c04070 |
+ pr_socketoption.value.non_blocking = 1;
|
|
|
c04070 |
if (PR_SetSocketOption(*pr_socket, &pr_socketoption) == PR_FAILURE) {
|
|
|
c04070 |
PRErrorCode prerr = PR_GetError();
|
|
|
c04070 |
slapi_log_err(SLAPI_LOG_ERR,
|
|
|
c04070 |
--
|
|
|
c04070 |
2.21.0
|
|
|
c04070 |
|