This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug network/15946] New: getaddrinfo() writes DNS queries to random file descriptors under high load

            Bug ID: 15946
           Summary: getaddrinfo() writes DNS queries to random file
                    descriptors under high load
           Product: glibc
           Version: unspecified
            Status: NEW
          Severity: critical
          Priority: P2
         Component: network
          Assignee: unassigned at sourceware dot org
          Reporter: at gmail dot com

Created attachment 7193
reproducing code

Under high load, getaddrinfo() starts sending DNS queries to random
file descriptors, e.g. some unrelated socket connected to a remote service.

The attached code reproduces the bug on at least the following configurations:

Archlinux libc6 2.18
Debian libc6 2.6.11
Debian libc6 2.13-38
Debian libc6 2.17-92
Ubuntu libc6 2.17-0ubuntu5

What the code does is to fill the file descriptor space, closing and creating
many file descriptors, to maximize the chances of reproducing the bug:

 - a thread listens to a local unix socket
 - a thread connects to the unix socket, never writes to it, dups the
connection as much as possible (fills the fd space), closes the dups, and
dup()ing again
 - lots of threads call getaddrinfo()

Under less than a minute, the listener starts reading garbage.

The garbage received by the listener seems to always be a full, well-formed,
DNS query. It seems to always be an AAAA query, even when hints.ai_family is
AF_INET. All queries are similar, only the id changes.

You are receiving this mail because:
You are on the CC list for the bug.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]