[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug-inetutils] inetd.c patch
From: |
Winston Edmond |
Subject: |
[bug-inetutils] inetd.c patch |
Date: |
Thu, 17 Dec 2009 20:04 EST |
[I submitted this patch last January, after inetutils-1.6 came out, but
never got any sort of ACK back. Since it didn't make it into 1.7, I
guess it got lost. Please acknowledge, so I know it reached you.]
This bug has been around for decades. I'm amazed it hasn't already
been fixed. :)
The bug:
In inetd, in the "server failing (looping), service terminated"
situation, the file descriptor opened by the accept() call for
nowait/SOCK_STREAM services isn't closed.
Consequence:
inetd could run out of free file descriptors, allowing a denial of
service via repeatedly evoking the bug with a flood of requests.
Suggested patch (to inetutils-1.7/inetd/inetd.c):
------------------------------
--- inetd.c~ 2009-12-14 06:36:17.000000000 -0500
+++ inetd.c 2009-12-17 19:48:22.000000000 -0500
@@ -2023,6 +2023,8 @@
"%s/%s server failing (looping), service
terminated",
sep->se_service, sep->se_proto);
close_sep (sep);
+ if (!sep->se_wait && sep->se_socktype == SOCK_STREAM)
+ close (ctrl);
signal_unblock (NULL);
if (!timingout)
{
------------------------------
The same "if() close(ctrl)" code appears at the bottom of the
procedure, but isn't reached from the "service terminated" path because
of the "continue;" statement just below the patch.
If you agree with the patch, please pass it on to the BSD folks, too.
I don't have their bug submission address. HTH,
-WBE
- [bug-inetutils] inetd.c patch,
Winston Edmond <=