rpms / bind

Clone
Source Code
GIT

Blame SOURCES/bind-9.11-CVE-2018-5743-atomic.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c9 c9-beta
  1.   c7
  2.   SOURCES
  3.   bind-9.11-CVE-2018-5743-atomic.patch
Blob History Raw
3ce7d3 
From 94e08314024c812063bf99bd191a46265a2ba49f Mon Sep 17 00:00:00 2001
3ce7d3 
From: Petr Mensik <pemensik@redhat.com>
3ce7d3 
Date: Wed, 24 Apr 2019 21:10:26 +0200
3ce7d3 
Subject: [PATCH] Missing atomic fix to original CVE patch
3ce7d3
3ce7d3 
---
3ce7d3 
 bin/named/client.c                     | 18 +++++++-----------
3ce7d3 
 bin/named/include/named/interfacemgr.h |  5 +++--
3ce7d3 
 bin/named/interfacemgr.c               |  7 +++++--
3ce7d3 
 3 files changed, 15 insertions(+), 15 deletions(-)
3ce7d3
3ce7d3 
diff --git a/bin/named/client.c b/bin/named/client.c
3ce7d3 
index 3ada6e9..d3bf47d 100644
3ce7d3 
--- a/bin/named/client.c
3ce7d3 
+++ b/bin/named/client.c
3ce7d3 
@@ -405,12 +405,10 @@ tcpconn_detach(ns_client_t *client) {
3ce7d3 
 static void
3ce7d3 
 mark_tcp_active(ns_client_t *client, isc_boolean_t active) {
3ce7d3 
 	if (active && !client->tcpactive) {
3ce7d3 
-		isc_atomic_xadd(&client->interface->ntcpactive, 1);
3ce7d3 
+		isc_refcount_increment0(&client->interface->ntcpactive, NULL);
3ce7d3 
 		client->tcpactive = active;
3ce7d3 
 	} else if (!active && client->tcpactive) {
3ce7d3 
-		uint32_t old =
3ce7d3 
-			isc_atomic_xadd(&client->interface->ntcpactive, -1);
3ce7d3 
-		INSIST(old > 0);
3ce7d3 
+		isc_refcount_decrement(&client->interface->ntcpactive, NULL);
3ce7d3 
 		client->tcpactive = active;
3ce7d3 
 	}
3ce7d3 
 }
3ce7d3 
@@ -557,7 +555,7 @@ exit_check(ns_client_t *client) {
3ce7d3 
 		if (client->mortal && TCP_CLIENT(client) &&
3ce7d3 
 		    client->newstate != NS_CLIENTSTATE_FREED &&
3ce7d3 
 		    !ns_g_clienttest &&
3ce7d3 
-		    isc_atomic_xadd(&client->interface->ntcpaccepting, 0) == 0)
3ce7d3 
+		    isc_refcount_current(&client->interface->ntcpaccepting) == 0)
3ce7d3 
 		{
3ce7d3 
 			/* Nobody else is accepting */
3ce7d3 
 			client->mortal = ISC_FALSE;
3ce7d3 
@@ -3321,7 +3319,6 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
3ce7d3 
 	isc_result_t result;
3ce7d3 
 	ns_client_t *client = event->ev_arg;
3ce7d3 
 	isc_socket_newconnev_t *nevent = (isc_socket_newconnev_t *)event;
3ce7d3 
-	uint32_t old;
3ce7d3
3ce7d3 
 	REQUIRE(event->ev_type == ISC_SOCKEVENT_NEWCONN);
3ce7d3 
 	REQUIRE(NS_CLIENT_VALID(client));
3ce7d3 
@@ -3341,8 +3338,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
3ce7d3 
 	INSIST(client->naccepts == 1);
3ce7d3 
 	client->naccepts--;
3ce7d3
3ce7d3 
-	old = isc_atomic_xadd(&client->interface->ntcpaccepting, -1);
3ce7d3 
-	INSIST(old > 0);
3ce7d3 
+	isc_refcount_decrement(&client->interface->ntcpaccepting, NULL);
3ce7d3
3ce7d3 
 	/*
3ce7d3 
 	 * We must take ownership of the new socket before the exit
3ce7d3 
@@ -3473,8 +3469,8 @@ client_accept(ns_client_t *client) {
3ce7d3 
 		 * quota is tcp-clients plus the number of listening
3ce7d3 
 		 * interfaces plus 1.)
3ce7d3 
 		 */
3ce7d3 
-		exit = (isc_atomic_xadd(&client->interface->ntcpactive, 0) >
3ce7d3 
-			(client->tcpactive ? 1 : 0));
3ce7d3 
+		exit = (isc_refcount_current(&client->interface->ntcpactive) >
3ce7d3 
+			(client->tcpactive ? 1U : 0U));
3ce7d3 
 		if (exit) {
3ce7d3 
 			client->newstate = NS_CLIENTSTATE_INACTIVE;
3ce7d3 
 			(void)exit_check(client);
3ce7d3 
@@ -3532,7 +3528,7 @@ client_accept(ns_client_t *client) {
3ce7d3 
 	 * listening for connections itself to prevent the interface
3ce7d3 
 	 * going dead.
3ce7d3 
 	 */
3ce7d3 
-	isc_atomic_xadd(&client->interface->ntcpaccepting, 1);
3ce7d3 
+	isc_refcount_increment0(&client->interface->ntcpaccepting, NULL);
3ce7d3 
 }
3ce7d3
3ce7d3 
 static void
3ce7d3 
diff --git a/bin/named/include/named/interfacemgr.h b/bin/named/include/named/interfacemgr.h
3ce7d3 
index d9ac90f..aa21049 100644
3ce7d3 
--- a/bin/named/include/named/interfacemgr.h
3ce7d3 
+++ b/bin/named/include/named/interfacemgr.h
3ce7d3 
@@ -43,6 +43,7 @@
3ce7d3 
 #include <isc/magic.h>
3ce7d3 
 #include <isc/mem.h>
3ce7d3 
 #include <isc/socket.h>
3ce7d3 
+#include <isc/refcount.h>
3ce7d3
3ce7d3 
 #include <dns/result.h>
3ce7d3
3ce7d3 
@@ -73,11 +74,11 @@ struct ns_interface {
3ce7d3 
 						/*%< UDP dispatchers. */
3ce7d3 
 	isc_socket_t *		tcpsocket;	/*%< TCP socket. */
3ce7d3 
 	isc_dscp_t		dscp;		/*%< "listen-on" DSCP value */
3ce7d3 
-	int32_t			ntcpaccepting;	/*%< Number of clients
3ce7d3 
+	isc_refcount_t		ntcpaccepting;	/*%< Number of clients
3ce7d3 
 						     ready to accept new
3ce7d3 
 						     TCP connections on this
3ce7d3 
 						     interface */
3ce7d3 
-	int32_t			ntcpactive;	/*%< Number of clients
3ce7d3 
+	isc_refcount_t		ntcpactive;	/*%< Number of clients
3ce7d3 
 						     servicing TCP queries
3ce7d3 
 						     (whether accepting or
3ce7d3 
 						     connected) */
3ce7d3 
diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c
3ce7d3 
index 96c080b..2ce97bb 100644
3ce7d3 
--- a/bin/named/interfacemgr.c
3ce7d3 
+++ b/bin/named/interfacemgr.c
3ce7d3 
@@ -384,8 +384,8 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr,
3ce7d3 
 	 * connections will be handled in parallel even though there is
3ce7d3 
 	 * only one client initially.
3ce7d3 
 	 */
3ce7d3 
-	ifp->ntcpaccepting = 0;
3ce7d3 
-	ifp->ntcpactive = 0;
3ce7d3 
+	isc_refcount_init(&ifp->ntcpaccepting, 0);
3ce7d3 
+	isc_refcount_init(&ifp->ntcpactive, 0);
3ce7d3
3ce7d3 
 	ifp->nudpdispatch = 0;
3ce7d3
3ce7d3 
@@ -616,6 +616,9 @@ ns_interface_destroy(ns_interface_t *ifp) {
3ce7d3
3ce7d3 
 	ns_interfacemgr_detach(&ifp->mgr);
3ce7d3
3ce7d3 
+	isc_refcount_destroy(&ifp->ntcpactive);
3ce7d3 
+	isc_refcount_destroy(&ifp->ntcpaccepting);
3ce7d3 
+
3ce7d3 
 	ifp->magic = 0;
3ce7d3 
 	isc_mem_put(mctx, ifp, sizeof(*ifp));
3ce7d3 
 }
3ce7d3 
--
3ce7d3 
2.20.1
3ce7d3

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation