Fix nsupdate hang when processing a large update

The root cause is the fix for CVE-2024-0760 (part 3), which resets
the TCP connection on a failed send. Specifically commit
4b7c6138 stops reading on the socket
because the TCP connection is throttling.

When the tcpdns_send_cb callback thinks about restarting reading
on the socket, this fails because the socket is a client socket.
And nsupdate is a client and is using the same netmgr code.

This commit removes the requirement that the socket must be a server
socket, allowing reading on the socket again after being throttled.

(manually picked from commit aa24b77d8ba9ba2c55b71f18f54e19f71a200491)

diff --git a/lib/isc/netmgr/tcpdns.c b/lib/isc/netmgr/tcpdns.c
index de45754443038d198df2c974b76b76aedef1a49e..67e5a95cb4252ba43860e66d4f66a07e605c8921 100644 (file)
--- a/lib/isc/netmgr/tcpdns.c
+++ b/lib/isc/netmgr/tcpdns.c
@@ -1269,12 +1269,18 @@ isc__nm_async_tcpdnssend(isc__networker_t *worker, isc__netievent_t *ev0) {
                goto fail;
        }
 
+       if (!sock->client && sock->reading) {
+               sock->reading_throttled = true;
+               isc__nm_stop_reading(sock);
+       }
+
        isc_log_write(isc_lctx, ISC_LOGCATEGORY_GENERAL, ISC_LOGMODULE_NETMGR,
                      ISC_LOG_DEBUG(3),
-                     "throttling TCP connection, the other side is not "
-                     "reading the data, switching to uv_write()");
-       sock->reading_throttled = true;
-       isc__nm_stop_reading(sock);
+                     "%sthe other side is not "
+                     "reading the data, switching to uv_write()",
+                     !sock->client && sock->reading
+                             ? "throttling TCP connection, "
+                             : "");
 
        r = uv_write(&uvreq->uv_req.write, &sock->uv_handle.stream, bufs, nbufs,
                     tcpdns_send_cb);

diff --git a/lib/isc/netmgr/tlsdns.c b/lib/isc/netmgr/tlsdns.c
index e0517da00847eb564be7fbcc18f3d13144af59d0..127e09a8a733e19aff4ca559cf6f678dd54bffad 100644 (file)
--- a/lib/isc/netmgr/tlsdns.c
+++ b/lib/isc/netmgr/tlsdns.c
@@ -1377,13 +1377,18 @@ tls_cycle_output(isc_nmsocket_t *sock) {
                        break;
                }
 
-               isc_log_write(
-                       isc_lctx, ISC_LOGCATEGORY_GENERAL, ISC_LOGMODULE_NETMGR,
-                       ISC_LOG_DEBUG(3),
-                       "throttling TCP connection, the other side is not "
-                       "reading the data, switching to uv_write()");
-               sock->reading_throttled = true;
-               isc__nm_stop_reading(sock);
+               if (!sock->client && sock->reading) {
+                       sock->reading_throttled = true;
+                       isc__nm_stop_reading(sock);
+               }
+
+               isc_log_write(isc_lctx, ISC_LOGCATEGORY_GENERAL,
+                             ISC_LOGMODULE_NETMGR, ISC_LOG_DEBUG(3),
+                             "%sthe other side is not "
+                             "reading the data, switching to uv_write()",
+                             !sock->client && sock->reading
+                                     ? "throttling TCP connection, "
+                                     : "");
 
                r = uv_write(&req->uv_req.write, &sock->uv_handle.stream,
                             &req->uvbuf, 1, tls_write_cb);