diff options
author | Jeremy Allison <jra@samba.org> | 2014-05-28 10:40:27 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2014-06-25 01:33:13 +0200 |
commit | d77a74237e660dd2ce9f1e14b02635f8a2569653 (patch) | |
tree | e65a8c6280300954efecf12e17fa6e201950d996 /source3/lib/system.c | |
parent | d097898020c77c34c99cda17f386d445c7980bed (diff) | |
download | samba-d77a74237e660dd2ce9f1e14b02635f8a2569653.tar.gz |
s3: nmbd: Fix bug 10633 - nmbd denial of service
The Linux kernel has a bug in that it can give spurious
wakeups on a non-blocking UDP socket for a non-deliverable packet.
When nmbd was changed to use non-blocking sockets it
became vulnerable to a spurious wakeup from poll/epoll.
Fix sys_recvfile() to return on EWOULDBLOCK/EAGAIN.
CVE-2014-0244
https://bugzilla.samba.org/show_bug.cgi?id=10633
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'source3/lib/system.c')
-rw-r--r-- | source3/lib/system.c | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/source3/lib/system.c b/source3/lib/system.c index af72b2a8d38..698de1221ce 100644 --- a/source3/lib/system.c +++ b/source3/lib/system.c @@ -169,6 +169,7 @@ ssize_t sys_send(int s, const void *msg, size_t len, int flags) /******************************************************************* A recvfrom wrapper that will deal with EINTR. +NB. As used with non-blocking sockets, return on EAGAIN/EWOULDBLOCK ********************************************************************/ ssize_t sys_recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *from, socklen_t *fromlen) @@ -177,11 +178,7 @@ ssize_t sys_recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *f do { ret = recvfrom(s, buf, len, flags, from, fromlen); -#if defined(EWOULDBLOCK) - } while (ret == -1 && (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK)); -#else - } while (ret == -1 && (errno == EINTR || errno == EAGAIN)); -#endif + } while (ret == -1 && (errno == EINTR)); return ret; } |