projects / 389-ds-base.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0a8b13b) | patch
Ticket 50329 - Possible Security Issue: DOS due to ioblocktimeout not applying to TLS
authorThierry Bordaz <tbordaz@redhat.com>
Mon, 15 Apr 2019 16:11:37 +0000 (16:11 +0000)
committerAnton Gladky <gladk@debian.org>
Mon, 24 Apr 2023 04:08:15 +0000 (05:08 +0100)
commit9eb3ffce4abd15f415c32a4ef3a0d22b3e0a084e
tree469036c759449c7998bb01a572e6e17d46e57ecbtree | snapshot
parent0a8b13b9c6ceb77b0171fe3355b2f0ec145f8491commit | diff
Ticket 50329 - Possible Security Issue: DOS due to ioblocktimeout not applying to TLS

Bug Description:
A secure socket is configured in blocking mode. If an event
is detected on a secure socket a worker, tries to read the request.
The read can hang indefinitely if there is nothing to read.
As a consequence ioblocktimeout is not enforced when reading secure socket

Fix Description:
The fix is specific to secure socket read.
Before reading it polls the socket for a read. The socket is poll
(with a 0.1s timeout) until read is possible or sum of poll timeout
is greater than ioblocktimeout.

https://pagure.io/389-ds-base/issue/50329

Reviewed by: Mark Reynolds

Platforms tested: F28

Flag Day: no

Doc impact: no

Gbp-Pq: Name CVE-2019-3883.patch
ldap/servers/slapd/connection.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.