This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug network/19643] New: Lack of TCP timeout in the resolver


https://sourceware.org/bugzilla/show_bug.cgi?id=19643

            Bug ID: 19643
           Summary: Lack of TCP timeout in the resolver
           Product: glibc
           Version: 2.24
            Status: NEW
          Severity: normal
          Priority: P2
         Component: network
          Assignee: unassigned at sourceware dot org
          Reporter: fweimer at redhat dot com
  Target Milestone: ---
             Flags: security-

If a TCP connection hangs to the configured name server, the name resolution
functions in libresolv (and thus the nss_dns NSS service module and getaddrinfo
and related functions) will wait indefinitely and never return to the caller.

We should apply the configured timeout to TCP connections as well (perhaps
separately for connection establishment and the actual query).

Not flagging as security because I don't see a way to exploit this for an
attacker which already has far more potent means to disrupt DNS resolution
because they are on the forwarding path for DNS packets.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]