Merge branch 'tcp-do-not-unthrottle-on_isc_nm_read' into 'v9.20.0-release'

[CVE-2024-0760 (part 2)] Do not un-throttle TCP connections on isc_nm_read()

See merge request isc-private/bind9!708

lib/isc/netmgr/netmgr-int.h

@@ -585,6 +585,12 @@ struct isc_nmsocket {
 	 */
 	uint64_t write_timeout;
 
+	/*
+	 * Reading was throttled over TCP as the peer does not read the
+	 * data we are sending back.
+	 */
+	bool reading_throttled;
+
 	/*% outer socket is for 'wrapped' sockets - e.g. tcpdns in tcp */
 	isc_nmsocket_t *outer;
 

lib/isc/netmgr/tcp.c

@@ -697,9 +697,11 @@ isc__nm_tcp_read(isc_nmhandle_t *handle, isc_nm_recv_cb_t cb, void *cbarg) {
 		goto failure;
 	}
 
-	result = isc__nm_start_reading(sock);
-	if (result != ISC_R_SUCCESS) {
-		goto failure;
+	if (!sock->reading_throttled) {
+		result = isc__nm_start_reading(sock);
+		if (result != ISC_R_SUCCESS) {
+			goto failure;
+		}
 	}
 
 	sock->reading = true;
@@ -791,6 +793,7 @@ isc__nm_tcp_read_cb(uv_stream_t *stream, ssize_t nread, const uv_buf_t *buf) {
 				"throttling TCP connection, the other side is "
 				"not reading the data (%zu)",
 				write_queue_size);
+			sock->reading_throttled = true;
 			isc__nm_stop_reading(sock);
 		}
 	} else if (uv_is_active(&sock->uv_handle.handle) &&
@@ -1042,6 +1045,7 @@ tcp_maybe_restart_reading(isc_nmsocket_t *sock) {
 				"is reading the data again (%zu)",
 				write_queue_size);
 			isc__nm_start_reading(sock);
+			sock->reading_throttled = false;
 		}
 	}
 }
@@ -1064,6 +1068,11 @@ tcp_send_cb(uv_write_t *req, int status) {
 		isc__nm_failed_send_cb(sock, uvreq, isc_uverr2result(status),
 				       false);
 		if (!sock->client && sock->reading) {
+			/*
+			 * As we are resuming reading, it is not throttled
+			 * anymore (technically).
+			 */
+			sock->reading_throttled = false;
 			isc__nm_start_reading(sock);
 			isc__nmsocket_reset(sock);
 		}