[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug-inetutils] telnetd bug: Busy loop in io_drain can be abused for
|
From: |
Petr Malát |
|
Subject: |
Re: [bug-inetutils] telnetd bug: Busy loop in io_drain can be abused for DOS attack |
|
Date: |
Thu, 23 Aug 2012 20:33:50 +0200 |
I have a customer using this patch and he will probably complain in
the case the patch is causing problems. So it is tested, somehow :-)
BR,
Petr
2012/8/22 Simon Josefsson <address@hidden>:
> Petr Malát <address@hidden> writes:
>
>> Hello again,
>> I found a problem in telnet demon in a function, which waits for reply
>> from client. The problem is that it calls read() on non-blocking
>> filedescriptor in a loop, until some data comes. If the client is evil
>> and does not send a reply, but keeps the connection open, then server
>> is calling read() again and again consuming CPU time. The problem can
>> be solved by calling select() before reading from filedescriptor.
>> Patch is attached.
>> Petr
>
> Thanks -- I have noticed this problem as well, and while I haven't
> tested your patch, I think we should apply it.
>
> /Simon
>
>> PS: I'm not subscribed to the mailing list, please respond also on my
>> address.