fix enforcement of tcp-clients (v1)

tcp-clients settings could be exceeded in some cases by creating more and more active TCP clients that are over the set quota limit, which in the end could lead to a DoS attack by e.g. exhaustion of file descriptors. If TCP client we're closing went over the quota (so it's not attached to a quota) mark it as mortal - so that it will be destroyed and not set up to listen for new connections - unless it's the last client for a specific interface. (cherry picked from commit eafcff07c25bdbe038ae1e4b6660602a080b9395) (cherry picked from commit 9e7617cc84)
2025-08-31 06:25:31 +00:00 · 2019-01-03 14:17:43 +01:00
parent 7ef3953085
commit 07c3365b0b
1 changed files with 12 additions and 1 deletions
--- a/lib/ns/client.c
+++ b/lib/ns/client.c
@@ -439,8 +439,19 @@ exit_check(ns_client_t *client) {
 			isc_socket_detach(&client->tcpsocket);
 		}

-		if (client->tcpquota != NULL)
+		if (client->tcpquota != NULL) {
 			isc_quota_detach(&client->tcpquota);
+		} else {
+			/*
+			 * We went over quota with this client, we don't
+			 * want to restart listening unless this is the
+			 * last client on this interface, which is
+			 * checked later.
+			 */
+			if (TCP_CLIENT(client)) {
+				client->mortal = true;
+			}
+		}

 		if (client->timerset) {
 			(void)isc_timer_reset(client->timer,