rpms / bind

Clone
Source Code
GIT

Blame SOURCES/bind-9.11-CVE-2018-5743-atomic.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c9 c9-beta c9s-sig-hyperscale
  1.   c2d2c5a1536637ed9999c117d1fd89e6a74b62d6
  2.   SOURCES
  3.   bind-9.11-CVE-2018-5743-atomic.patch
Blob History Raw
c2d2c5 
From 8f02da17a14f5f502bb456b206fd65ecd7d6ca1a Mon Sep 17 00:00:00 2001
c2d2c5 
From: Petr Mensik <pemensik@redhat.com>
c2d2c5 
Date: Wed, 24 Apr 2019 21:10:26 +0200
c2d2c5 
Subject: [PATCH 4/4] Missing atomic fix to original CVE patch
c2d2c5
c2d2c5 
---
c2d2c5 
 bin/named/client.c                     | 18 +++++++-----------
c2d2c5 
 bin/named/include/named/interfacemgr.h |  5 +++--
c2d2c5 
 bin/named/interfacemgr.c               |  7 +++++--
c2d2c5 
 3 files changed, 15 insertions(+), 15 deletions(-)
c2d2c5
c2d2c5 
diff --git a/bin/named/client.c b/bin/named/client.c
c2d2c5 
index a2e1fde9b8..c247f027d9 100644
c2d2c5 
--- a/bin/named/client.c
c2d2c5 
+++ b/bin/named/client.c
c2d2c5 
@@ -389,12 +389,10 @@ tcpconn_detach(ns_client_t *client) {
c2d2c5 
 static void
c2d2c5 
 mark_tcp_active(ns_client_t *client, isc_boolean_t active) {
c2d2c5 
 	if (active && !client->tcpactive) {
c2d2c5 
-		isc_atomic_xadd(&client->interface->ntcpactive, 1);
c2d2c5 
+		isc_refcount_increment0(&client->interface->ntcpactive, NULL);
c2d2c5 
 		client->tcpactive = active;
c2d2c5 
 	} else if (!active && client->tcpactive) {
c2d2c5 
-		uint32_t old =
c2d2c5 
-			isc_atomic_xadd(&client->interface->ntcpactive, -1);
c2d2c5 
-		INSIST(old > 0);
c2d2c5 
+		isc_refcount_decrement(&client->interface->ntcpactive, NULL);
c2d2c5 
 		client->tcpactive = active;
c2d2c5 
 	}
c2d2c5 
 }
c2d2c5 
@@ -540,7 +538,7 @@ exit_check(ns_client_t *client) {
c2d2c5 
 		if (client->mortal && TCP_CLIENT(client) &&
c2d2c5 
 		    client->newstate != NS_CLIENTSTATE_FREED &&
c2d2c5 
 		    !ns_g_clienttest &&
c2d2c5 
-		    isc_atomic_xadd(&client->interface->ntcpaccepting, 0) == 0)
c2d2c5 
+		    isc_refcount_current(&client->interface->ntcpaccepting) == 0)
c2d2c5 
 		{
c2d2c5 
 			/* Nobody else is accepting */
c2d2c5 
 			client->mortal = ISC_FALSE;
c2d2c5 
@@ -2433,7 +2431,6 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
c2d2c5 
 	isc_result_t result;
c2d2c5 
 	ns_client_t *client = event->ev_arg;
c2d2c5 
 	isc_socket_newconnev_t *nevent = (isc_socket_newconnev_t *)event;
c2d2c5 
-	uint32_t old;
c2d2c5
c2d2c5 
 	REQUIRE(event->ev_type == ISC_SOCKEVENT_NEWCONN);
c2d2c5 
 	REQUIRE(NS_CLIENT_VALID(client));
c2d2c5 
@@ -2453,8 +2450,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
c2d2c5 
 	INSIST(client->naccepts == 1);
c2d2c5 
 	client->naccepts--;
c2d2c5
c2d2c5 
-	old = isc_atomic_xadd(&client->interface->ntcpaccepting, -1);
c2d2c5 
-	INSIST(old > 0);
c2d2c5 
+	isc_refcount_decrement(&client->interface->ntcpaccepting, NULL);
c2d2c5
c2d2c5 
 	/*
c2d2c5 
 	 * We must take ownership of the new socket before the exit
c2d2c5 
@@ -2585,8 +2581,8 @@ client_accept(ns_client_t *client) {
c2d2c5 
 		 * quota is tcp-clients plus the number of listening
c2d2c5 
 		 * interfaces plus 1.)
c2d2c5 
 		 */
c2d2c5 
-		exit = (isc_atomic_xadd(&client->interface->ntcpactive, 0) >
c2d2c5 
-			(client->tcpactive ? 1 : 0));
c2d2c5 
+		exit = (isc_refcount_current(&client->interface->ntcpactive) >
c2d2c5 
+			(client->tcpactive ? 1U : 0U));
c2d2c5 
 		if (exit) {
c2d2c5 
 			client->newstate = NS_CLIENTSTATE_INACTIVE;
c2d2c5 
 			(void)exit_check(client);
c2d2c5 
@@ -2644,7 +2640,7 @@ client_accept(ns_client_t *client) {
c2d2c5 
 	 * listening for connections itself to prevent the interface
c2d2c5 
 	 * going dead.
c2d2c5 
 	 */
c2d2c5 
-	isc_atomic_xadd(&client->interface->ntcpaccepting, 1);
c2d2c5 
+	isc_refcount_increment0(&client->interface->ntcpaccepting, NULL);
c2d2c5 
 }
c2d2c5
c2d2c5 
 static void
c2d2c5 
diff --git a/bin/named/include/named/interfacemgr.h b/bin/named/include/named/interfacemgr.h
c2d2c5 
index a34286698b..28d1b79027 100644
c2d2c5 
--- a/bin/named/include/named/interfacemgr.h
c2d2c5 
+++ b/bin/named/include/named/interfacemgr.h
c2d2c5 
@@ -49,6 +49,7 @@
c2d2c5 
 #include <isc/magic.h>
c2d2c5 
 #include <isc/mem.h>
c2d2c5 
 #include <isc/socket.h>
c2d2c5 
+#include <isc/refcount.h>
c2d2c5
c2d2c5 
 #include <dns/result.h>
c2d2c5
c2d2c5 
@@ -78,11 +79,11 @@ struct ns_interface {
c2d2c5 
 	dns_dispatch_t *	udpdispatch[MAX_UDP_DISPATCH];
c2d2c5 
 						/*%< UDP dispatchers. */
c2d2c5 
 	isc_socket_t *		tcpsocket;	/*%< TCP socket. */
c2d2c5 
-	int32_t			ntcpaccepting;	/*%< Number of clients
c2d2c5 
+	isc_refcount_t		ntcpaccepting;	/*%< Number of clients
c2d2c5 
 						     ready to accept new
c2d2c5 
 						     TCP connections on this
c2d2c5 
 						     interface */
c2d2c5 
-	int32_t			ntcpactive;	/*%< Number of clients
c2d2c5 
+	isc_refcount_t		ntcpactive;	/*%< Number of clients
c2d2c5 
 						     servicing TCP queries
c2d2c5 
 						     (whether accepting or
c2d2c5 
 						     connected) */
c2d2c5 
diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c
c2d2c5 
index ebec0c4059..a59e9afd58 100644
c2d2c5 
--- a/bin/named/interfacemgr.c
c2d2c5 
+++ b/bin/named/interfacemgr.c
c2d2c5 
@@ -380,8 +380,8 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr,
c2d2c5 
 	 * connections will be handled in parallel even though there is
c2d2c5 
 	 * only one client initially.
c2d2c5 
 	 */
c2d2c5 
-	ifp->ntcpaccepting = 0;
c2d2c5 
-	ifp->ntcpactive = 0;
c2d2c5 
+	isc_refcount_init(&ifp->ntcpaccepting, 0);
c2d2c5 
+	isc_refcount_init(&ifp->ntcpactive, 0);
c2d2c5
c2d2c5 
 	ifp->nudpdispatch = 0;
c2d2c5
c2d2c5 
@@ -595,6 +595,9 @@ ns_interface_destroy(ns_interface_t *ifp) {
c2d2c5
c2d2c5 
 	ns_interfacemgr_detach(&ifp->mgr);
c2d2c5
c2d2c5 
+	isc_refcount_destroy(&ifp->ntcpactive);
c2d2c5 
+	isc_refcount_destroy(&ifp->ntcpaccepting);
c2d2c5 
+
c2d2c5 
 	ifp->magic = 0;
c2d2c5 
 	isc_mem_put(mctx, ifp, sizeof(*ifp));
c2d2c5 
 }
c2d2c5 
--
c2d2c5 
2.20.1
c2d2c5

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation