This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug network/19643] New: Lack of TCP timeout in the resolver
- From: "fweimer at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Tue, 16 Feb 2016 15:37:21 +0000
- Subject: [Bug network/19643] New: Lack of TCP timeout in the resolver
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=19643
Bug ID: 19643
Summary: Lack of TCP timeout in the resolver
Product: glibc
Version: 2.24
Status: NEW
Severity: normal
Priority: P2
Component: network
Assignee: unassigned at sourceware dot org
Reporter: fweimer at redhat dot com
Target Milestone: ---
Flags: security-
If a TCP connection hangs to the configured name server, the name resolution
functions in libresolv (and thus the nss_dns NSS service module and getaddrinfo
and related functions) will wait indefinitely and never return to the caller.
We should apply the configured timeout to TCP connections as well (perhaps
separately for connection establishment and the actual query).
Not flagging as security because I don't see a way to exploit this for an
attacker which already has far more potent means to disrupt DNS resolution
because they are on the forwarding path for DNS packets.
--
You are receiving this mail because:
You are on the CC list for the bug.