Commit e01f1925 authored by Baptiste Jonglez's avatar Baptiste Jonglez Committed by Juliusz Chroboczek

Prevent a DoS by making the local interface non-blocking

This prevents a DoS from the local interface, which could be performed
by any user on the system running babeld.

A malicious attacker could connect to the local interface, and then
wait without reading any data.  When the send buffer eventually fills
up, babeld would block; as a result, it would become completely
inoperative.

Note that 'local_server_socket' is already non-blocking, but the
sockets spawned by accept() don't inherit this flag.  From accept(2):

  On Linux, the new socket returned by accept() does not inherit file
  status flags such as O_NONBLOCK and O_ASYNC from the listening socket.
parent 186a40f3
......@@ -827,6 +827,8 @@ main(int argc, char **argv)
static int
accept_local_connections(fd_set *readfds)
{
int rc;
if(local_server_socket < 0 || !FD_ISSET(local_server_socket, readfds))
return 0;
......@@ -849,6 +851,20 @@ accept_local_connections(fd_set *readfds)
return -1;
}
rc = fcntl(s, F_GETFL, 0);
if(rc < 0) {
fprintf(stderr, "Unable to get flags of local socket.\n");
close(s);
return -1;
}
rc = fcntl(s, F_SETFL, (rc | O_NONBLOCK));
if(rc < 0) {
fprintf(stderr, "Unable to set flags of local socket.\n");
close(s);
return -1;
}
local_sockets[num_local_sockets++] = s;
local_notify_all_1(s);
return 1;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment