Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 602593 Details for
Bug 841314
pcp: malicious client can stop all pmcd server activity
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Resolve an event-driven programming flaw in pmcd
pmcd_timeout (text/plain), 2.44 KB, created by
Nathan Scott
on 2012-08-06 22:18:30 UTC
(
hide
)
Description:
Resolve an event-driven programming flaw in pmcd
Filename:
MIME Type:
Creator:
Nathan Scott
Created:
2012-08-06 22:18:30 UTC
Size:
2.44 KB
patch
obsolete
>Resolve event-driven programming flaw in pmcd > >Fix an issue where a misbehaving client could prevent pmcd from >responding to other legitimate requests. Now uses a dead-hand >timer to ensure a client does not feed tiny pieces of PDUs into >pmcd, preventing service to genuine clients. > >Original report and fixes reviewed by Florian Weimer of the Red Hat >Security team. Red Hat bugzilla bug #841706. > >Security advisory CVE-2012-3421. > >Index: pcp/man/man1/pmcd.1 >=================================================================== >--- pcp.orig/man/man1/pmcd.1 2012-08-01 12:34:21.030931402 +1000 >+++ pcp/man/man1/pmcd.1 2012-08-01 14:53:44.745930036 +1000 >@@ -164,10 +164,10 @@ option allows an alternative timeout int > zero) to be specified. The unit of time is seconds. > .TP > \f3\-t\f1 \f2timeout\f1 >-To prevent misbehaving agents from hanging the entire Performance Metrics >+To prevent misbehaving clients or agents from hanging the entire Performance Metrics > Collection System (PMCS), > .B pmcd >-uses timeouts on PDU exchanges with agents running as processes. >+uses timeouts on PDU exchanges with clients and agents running as processes. > By > default the timeout interval is five seconds. > The >Index: pcp/src/libpcp/src/pdu.c >=================================================================== >--- pcp.orig/src/libpcp/src/pdu.c 2012-08-01 14:53:44.278938667 +1000 >+++ pcp/src/libpcp/src/pdu.c 2012-08-01 14:53:44.745930036 +1000 >@@ -96,6 +96,9 @@ pduread(int fd, char *buf, int len, int > int status = 0; > int have = 0; > int size; >+ int onetrip = 1; >+ struct timeval dead_hand; >+ struct timeval now; > fd_set onefd; > > while (len) { >@@ -168,9 +171,27 @@ pduread(int fd, char *buf, int len, int > } > else > wait = def_wait; >+ if (onetrip) { >+ /* >+ * Need all parts of the PDU to be received by dead_hand >+ */ >+ gettimeofday(&dead_hand, NULL); >+ dead_hand.tv_sec += wait.tv_sec; >+ dead_hand.tv_usec += wait.tv_usec; >+ if (dead_hand.tv_usec > 1000000) >+ dead_hand.tv_sec++; >+ onetrip = 0; >+ } > FD_ZERO(&onefd); > FD_SET(fd, &onefd); > status = select(fd+1, &onefd, NULL, NULL, &wait); >+ if (status > 0) { >+ gettimeofday(&now, NULL); >+ if (now.tv_sec > dead_hand.tv_sec || >+ (now.tv_sec == dead_hand.tv_sec && >+ now.tv_usec > dead_hand.tv_usec)) >+ status = 0; >+ } > if (status == 0) { > if (__pmGetInternalState() != PM_STATE_APPL) { > /* special for PMCD and friends
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=602593">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 841314
:
602593
|
602904