fix enforcement of tcp-clients (v1)

tcp-clients settings could be exceeded in some cases by creating more and more active TCP clients that are over the set quota limit, which in the end could lead to a DoS attack by e.g. exhaustion of file descriptors. If TCP client we're closing went over the quota (so it's not attached to a quota) mark it as mortal - so that it will be destroyed and not set up to listen for new connections - unless it's the last client for a specific interface. (cherry picked from commit f97131d21b97381cef72b971b157345c1f9b4115) (cherry picked from commit 9689ffc485)
2026-05-28 04:34:54 -04:00 · 2019-01-03 14:17:43 +01:00 · 2019-01-03 14:17:43 +01:00 · ec2d50da8d
commit ec2d50da8d
parent f7f3b0cd8c
1 changed files with 12 additions and 1 deletions
--- a/bin/named/client.c
+++ b/bin/named/client.c
@ -421,8 +421,19 @@ exit_check(ns_client_t *client) {
 			isc_socket_detach(&client->tcpsocket);
 		}

-		if (client->tcpquota != NULL)
+		if (client->tcpquota != NULL) {
 			isc_quota_detach(&client->tcpquota);
+		} else {
+			/*
+			 * We went over quota with this client, we don't
+			 * want to restart listening unless this is the
+			 * last client on this interface, which is
+			 * checked later.
+			 */
+			if (TCP_CLIENT(client)) {
+				client->mortal = true;
+			}
+		}

 		if (client->timerset) {
 			(void)isc_timer_reset(client->timer,