|
 |
c2d2c5 |
From 8f02da17a14f5f502bb456b206fd65ecd7d6ca1a Mon Sep 17 00:00:00 2001
|
|
|
c2d2c5 |
From: Petr Mensik <pemensik@redhat.com>
|
|
|
c2d2c5 |
Date: Wed, 24 Apr 2019 21:10:26 +0200
|
|
|
c2d2c5 |
Subject: [PATCH 4/4] Missing atomic fix to original CVE patch
|
|
|
c2d2c5 |
|
|
|
c2d2c5 |
---
|
|
|
c2d2c5 |
bin/named/client.c | 18 +++++++-----------
|
|
|
c2d2c5 |
bin/named/include/named/interfacemgr.h | 5 +++--
|
|
|
c2d2c5 |
bin/named/interfacemgr.c | 7 +++++--
|
|
|
c2d2c5 |
3 files changed, 15 insertions(+), 15 deletions(-)
|
|
|
c2d2c5 |
|
|
|
c2d2c5 |
diff --git a/bin/named/client.c b/bin/named/client.c
|
|
|
c2d2c5 |
index a2e1fde9b8..c247f027d9 100644
|
|
|
c2d2c5 |
--- a/bin/named/client.c
|
|
|
c2d2c5 |
+++ b/bin/named/client.c
|
|
|
c2d2c5 |
@@ -389,12 +389,10 @@ tcpconn_detach(ns_client_t *client) {
|
|
|
c2d2c5 |
static void
|
|
|
c2d2c5 |
mark_tcp_active(ns_client_t *client, isc_boolean_t active) {
|
|
|
c2d2c5 |
if (active && !client->tcpactive) {
|
|
|
c2d2c5 |
- isc_atomic_xadd(&client->interface->ntcpactive, 1);
|
|
|
c2d2c5 |
+ isc_refcount_increment0(&client->interface->ntcpactive, NULL);
|
|
|
c2d2c5 |
client->tcpactive = active;
|
|
|
c2d2c5 |
} else if (!active && client->tcpactive) {
|
|
|
c2d2c5 |
- uint32_t old =
|
|
|
c2d2c5 |
- isc_atomic_xadd(&client->interface->ntcpactive, -1);
|
|
|
c2d2c5 |
- INSIST(old > 0);
|
|
|
c2d2c5 |
+ isc_refcount_decrement(&client->interface->ntcpactive, NULL);
|
|
|
c2d2c5 |
client->tcpactive = active;
|
|
|
c2d2c5 |
}
|
|
|
c2d2c5 |
}
|
|
|
c2d2c5 |
@@ -540,7 +538,7 @@ exit_check(ns_client_t *client) {
|
|
|
c2d2c5 |
if (client->mortal && TCP_CLIENT(client) &&
|
|
|
c2d2c5 |
client->newstate != NS_CLIENTSTATE_FREED &&
|
|
|
c2d2c5 |
!ns_g_clienttest &&
|
|
|
c2d2c5 |
- isc_atomic_xadd(&client->interface->ntcpaccepting, 0) == 0)
|
|
|
c2d2c5 |
+ isc_refcount_current(&client->interface->ntcpaccepting) == 0)
|
|
|
c2d2c5 |
{
|
|
|
c2d2c5 |
/* Nobody else is accepting */
|
|
|
c2d2c5 |
client->mortal = ISC_FALSE;
|
|
|
c2d2c5 |
@@ -2433,7 +2431,6 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
|
|
|
c2d2c5 |
isc_result_t result;
|
|
|
c2d2c5 |
ns_client_t *client = event->ev_arg;
|
|
|
c2d2c5 |
isc_socket_newconnev_t *nevent = (isc_socket_newconnev_t *)event;
|
|
|
c2d2c5 |
- uint32_t old;
|
|
|
c2d2c5 |
|
|
|
c2d2c5 |
REQUIRE(event->ev_type == ISC_SOCKEVENT_NEWCONN);
|
|
|
c2d2c5 |
REQUIRE(NS_CLIENT_VALID(client));
|
|
|
c2d2c5 |
@@ -2453,8 +2450,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
|
|
|
c2d2c5 |
INSIST(client->naccepts == 1);
|
|
|
c2d2c5 |
client->naccepts--;
|
|
|
c2d2c5 |
|
|
|
c2d2c5 |
- old = isc_atomic_xadd(&client->interface->ntcpaccepting, -1);
|
|
|
c2d2c5 |
- INSIST(old > 0);
|
|
|
c2d2c5 |
+ isc_refcount_decrement(&client->interface->ntcpaccepting, NULL);
|
|
|
c2d2c5 |
|
|
|
c2d2c5 |
/*
|
|
|
c2d2c5 |
* We must take ownership of the new socket before the exit
|
|
|
c2d2c5 |
@@ -2585,8 +2581,8 @@ client_accept(ns_client_t *client) {
|
|
|
c2d2c5 |
* quota is tcp-clients plus the number of listening
|
|
|
c2d2c5 |
* interfaces plus 1.)
|
|
|
c2d2c5 |
*/
|
|
|
c2d2c5 |
- exit = (isc_atomic_xadd(&client->interface->ntcpactive, 0) >
|
|
|
c2d2c5 |
- (client->tcpactive ? 1 : 0));
|
|
|
c2d2c5 |
+ exit = (isc_refcount_current(&client->interface->ntcpactive) >
|
|
|
c2d2c5 |
+ (client->tcpactive ? 1U : 0U));
|
|
|
c2d2c5 |
if (exit) {
|
|
|
c2d2c5 |
client->newstate = NS_CLIENTSTATE_INACTIVE;
|
|
|
c2d2c5 |
(void)exit_check(client);
|
|
|
c2d2c5 |
@@ -2644,7 +2640,7 @@ client_accept(ns_client_t *client) {
|
|
|
c2d2c5 |
* listening for connections itself to prevent the interface
|
|
|
c2d2c5 |
* going dead.
|
|
|
c2d2c5 |
*/
|
|
|
c2d2c5 |
- isc_atomic_xadd(&client->interface->ntcpaccepting, 1);
|
|
|
c2d2c5 |
+ isc_refcount_increment0(&client->interface->ntcpaccepting, NULL);
|
|
|
c2d2c5 |
}
|
|
|
c2d2c5 |
|
|
|
c2d2c5 |
static void
|
|
|
c2d2c5 |
diff --git a/bin/named/include/named/interfacemgr.h b/bin/named/include/named/interfacemgr.h
|
|
|
c2d2c5 |
index a34286698b..28d1b79027 100644
|
|
|
c2d2c5 |
--- a/bin/named/include/named/interfacemgr.h
|
|
|
c2d2c5 |
+++ b/bin/named/include/named/interfacemgr.h
|
|
|
c2d2c5 |
@@ -49,6 +49,7 @@
|
|
|
c2d2c5 |
#include <isc/magic.h>
|
|
|
c2d2c5 |
#include <isc/mem.h>
|
|
|
c2d2c5 |
#include <isc/socket.h>
|
|
|
c2d2c5 |
+#include <isc/refcount.h>
|
|
|
c2d2c5 |
|
|
|
c2d2c5 |
#include <dns/result.h>
|
|
|
c2d2c5 |
|
|
|
c2d2c5 |
@@ -78,11 +79,11 @@ struct ns_interface {
|
|
|
c2d2c5 |
dns_dispatch_t * udpdispatch[MAX_UDP_DISPATCH];
|
|
|
c2d2c5 |
/*%< UDP dispatchers. */
|
|
|
c2d2c5 |
isc_socket_t * tcpsocket; /*%< TCP socket. */
|
|
|
c2d2c5 |
- int32_t ntcpaccepting; /*%< Number of clients
|
|
|
c2d2c5 |
+ isc_refcount_t ntcpaccepting; /*%< Number of clients
|
|
|
c2d2c5 |
ready to accept new
|
|
|
c2d2c5 |
TCP connections on this
|
|
|
c2d2c5 |
interface */
|
|
|
c2d2c5 |
- int32_t ntcpactive; /*%< Number of clients
|
|
|
c2d2c5 |
+ isc_refcount_t ntcpactive; /*%< Number of clients
|
|
|
c2d2c5 |
servicing TCP queries
|
|
|
c2d2c5 |
(whether accepting or
|
|
|
c2d2c5 |
connected) */
|
|
|
c2d2c5 |
diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c
|
|
|
c2d2c5 |
index ebec0c4059..a59e9afd58 100644
|
|
|
c2d2c5 |
--- a/bin/named/interfacemgr.c
|
|
|
c2d2c5 |
+++ b/bin/named/interfacemgr.c
|
|
|
c2d2c5 |
@@ -380,8 +380,8 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr,
|
|
|
c2d2c5 |
* connections will be handled in parallel even though there is
|
|
|
c2d2c5 |
* only one client initially.
|
|
|
c2d2c5 |
*/
|
|
|
c2d2c5 |
- ifp->ntcpaccepting = 0;
|
|
|
c2d2c5 |
- ifp->ntcpactive = 0;
|
|
|
c2d2c5 |
+ isc_refcount_init(&ifp->ntcpaccepting, 0);
|
|
|
c2d2c5 |
+ isc_refcount_init(&ifp->ntcpactive, 0);
|
|
|
c2d2c5 |
|
|
|
c2d2c5 |
ifp->nudpdispatch = 0;
|
|
|
c2d2c5 |
|
|
|
c2d2c5 |
@@ -595,6 +595,9 @@ ns_interface_destroy(ns_interface_t *ifp) {
|
|
|
c2d2c5 |
|
|
|
c2d2c5 |
ns_interfacemgr_detach(&ifp->mgr);
|
|
|
c2d2c5 |
|
|
|
c2d2c5 |
+ isc_refcount_destroy(&ifp->ntcpactive);
|
|
|
c2d2c5 |
+ isc_refcount_destroy(&ifp->ntcpaccepting);
|
|
|
c2d2c5 |
+
|
|
|
c2d2c5 |
ifp->magic = 0;
|
|
|
c2d2c5 |
isc_mem_put(mctx, ifp, sizeof(*ifp));
|
|
|
c2d2c5 |
}
|
|
|
c2d2c5 |
--
|
|
|
c2d2c5 |
2.20.1
|
|
|
c2d2c5 |
|