From a6e5d53a358f3871d8ae646b252250d215d09883 Mon Sep 17 00:00:00 2001

From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>

Date: Wed, 16 Jun 2021 15:28:28 +0200

Subject: [PATCH] kcm: terminate client on bad message

The debug message clearly says that the original intention was to

abort the client, not send an error message.

We may end up in a state where we get into an infinit loop, fo example

when the client send an message that indicates 0 lenght, but there is

actually more data written. In this case, we never read the rest of the

message but the file descriptor is still readable so the fd handler gets

fired again and again.

More information can be seen in relevant FreeIPA ticket:

https://pagure.io/freeipa/issue/8877

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>

Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>

---

 src/responder/kcm/kcmsrv_cmd.c | 11 +++++------

 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/src/responder/kcm/kcmsrv_cmd.c b/src/responder/kcm/kcmsrv_cmd.c

index 49518920b..9b27bbdcc 100644

--- a/src/responder/kcm/kcmsrv_cmd.c

+++ b/src/responder/kcm/kcmsrv_cmd.c

@@ -548,7 +548,8 @@ static void kcm_recv(struct cli_ctx *cctx)

         DEBUG(SSSDBG_FATAL_FAILURE,

             "Failed to parse data (%d, %s), aborting client\n",

             ret, sss_strerror(ret));

-        goto fail;

+        talloc_free(cctx);

+        return;

     }

     /* do not read anymore, client is done sending */

@@ -559,15 +560,13 @@ static void kcm_recv(struct cli_ctx *cctx)

         DEBUG(SSSDBG_FATAL_FAILURE,

               "Failed to dispatch KCM operation [%d]: %s\n",

               ret, sss_strerror(ret));

-        goto fail;

+        /* Fail with reply */

+        kcm_reply_error(cctx, ret, &req->repbuf);

+        return;

     }

     /* Dispatched request resumes in kcm_cmd_request_done */

     return;

-

-fail:

-    /* Fail with reply */

-    kcm_reply_error(cctx, ret, &req->repbuf);

 }

 static int kcm_send_data(struct cli_ctx *cctx)

-- 

2.26.3