[bug-inetutils] telnetd bug: Busy loop in io

bug-inetutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug-inetutils] telnetd bug: Busy loop in io_drain can be abused for DOS

From:	Petr Malát
Subject:	[bug-inetutils] telnetd bug: Busy loop in io_drain can be abused for DOS attack
Date:	Wed, 22 Aug 2012 12:59:00 +0200

Hello again,
I found a problem in telnet demon in a function, which waits for reply
from client. The problem is that it calls read() on non-blocking
filedescriptor in a loop, until some data comes. If the client is evil
and does not send a reply, but keeps the connection open, then server
is calling read() again and again consuming CPU time. The problem can
be solved by calling select() before reading from filedescriptor.
Patch is attached.
  Petr

PS: I'm not subscribed to the mailing list, please respond also on my address.

io_drain.patch
Description: Binary data

[Prev in Thread]

Current Thread

[Next in Thread]

[bug-inetutils] telnetd bug: Busy loop in io_drain can be abused for DOS attack, Petr Malát <=
- Re: [bug-inetutils] telnetd bug: Busy loop in io_drain can be abused for DOS attack, Simon Josefsson, 2012/08/22
  - Re: [bug-inetutils] telnetd bug: Busy loop in io_drain can be abused for DOS attack, Petr Malát, 2012/08/23
    - Re: [bug-inetutils] telnetd bug: Busy loop in io_drain can be abused for DOS attack, Simon Josefsson, 2012/08/24

Prev by Date: [bug-inetutils] telnet bug: will_wont_resp is not initialized
Next by Date: Re: [bug-inetutils] telnet bug: will_wont_resp is not initialized
Previous by thread: [bug-inetutils] telnet bug: will_wont_resp is not initialized
Next by thread: Re: [bug-inetutils] telnetd bug: Busy loop in io_drain can be abused for DOS attack
Index(es):
- Date
- Thread