From: Witold Kręcicki <wpk@isc.org>
Date: Thu, 3 Jan 2019 13:17:43 +0000 (+0100)
Subject: fix enforcement of tcp-clients (v1)
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ab43e6ca99d567999190a1384f26e2ed332e4994;p=thirdparty%2Fbind9.git

fix enforcement of tcp-clients (v1)

tcp-clients settings could be exceeded in some cases by
creating more and more active TCP clients that are over
the set quota limit, which in the end could lead to a
DoS attack by e.g. exhaustion of file descriptors.

If TCP client we're closing went over the quota (so it's
not attached to a quota) mark it as mortal - so that it
will be destroyed and not set up to listen for new
connections - unless it's the last client for a specific
interface.

(cherry picked from commit 9ef6eb4c37ed909c8e2a5508c3b3e510b7b13b85)
(cherry picked from commit 264384fbb9e722dff2d78d48bb00b4f6290bc51c)
---

diff --git a/lib/ns/client.c b/lib/ns/client.c
index bc1cf7395a8..595a9b7cb4a 100644
--- a/lib/ns/client.c
+++ b/lib/ns/client.c
@@ -448,8 +448,19 @@ exit_check(ns_client_t *client) {
 			isc_socket_detach(&client->tcpsocket);
 		}
 
-		if (client->tcpquota != NULL)
+		if (client->tcpquota != NULL) {
 			isc_quota_detach(&client->tcpquota);
+		} else {
+			/*
+			 * We went over quota with this client, we don't
+			 * want to restart listening unless this is the
+			 * last client on this interface, which is
+			 * checked later.
+			 */
+			if (TCP_CLIENT(client)) {
+				client->mortal = true;
+			}
+		}
 
 		if (client->timerset) {
 			(void)isc_timer_reset(client->timer,