BIND 10 #1387: timeout on xfrout when sock path too long
BIND 10 Development
do-not-reply at isc.org
Tue Dec 6 02:15:57 UTC 2011
#1387: timeout on xfrout when sock path too long
-------------------------------------+-------------------------------------
Reporter: jelte | Owner: jinmei
Type: | Status: accepted
defect | Milestone:
Priority: major | Sprint-20111206
Component: | Resolution:
Unclassified | Sensitive: 0
Keywords: | Sub-Project: DNS
Defect Severity: N/A | Estimated Difficulty: 5
Feature Depending on Ticket: none | Total Hours: 0
Add Hours to Ticket: 0 |
Internal?: 0 |
-------------------------------------+-------------------------------------
Comment (by jinmei):
trac1387 is ready for review.
I believe the diff (quite short) tells everything. One note: I
suspect what actually happened was that b10-auth was (relatively
gracefully) shut down due to the propagated exception, not just the
AXFR request was timed out. This would also mean it could be a
potential security problem (with a bad local configuration, a remote
attacker could force auth to shut down), but considering the overall
current maturity of BIND 10 and the fact that it happens only with a
bad local config, I think it's okay to treat it as a normal bug.
I added specific test cases for this problem. Although this stuff
should have had more tests, adding some specific tests would be better
than (still) nothing.
Proposed changelog entry:
{{{
338.? [bug] jinmei
libxfr, used by b10-auth to share TCP sockets with b10-xfrout,
incorrectly propagated ASIO specific exceptions to the application
if the given file name was too long. This could lead to
unexpected shut down of b10-auth.
(Trac #1387, git TBD)
}}}
--
Ticket URL: <http://bind10.isc.org/ticket/1387#comment:6>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list