DOS: Clients can freeze other clients smbd

[Jeremy Allison]

Mattias.Gronlund wrote:

> A client may freeze until the keepalive timer expires (hours)
> by not sending the amount of data that smbd expects.

I must confess I have worried in the past about this DOS
attack.

> This isn't a good thing, I think we should always use
> read_socket_with_timeout() instead of read_socket so that we
> never get stuck that long in the first place.

Ok - that sounds reasonable. Do you want to do the patch ?

> If there is any interest for this I would like to reimplement
> read_socket_with_timeout() with alarms instaed of select.

Hmmm. Why does this change improve things ? I remember
debugging one performance problem in the Vantive daemon where
the cost of doing the system calls to set/unset the alarm and
attendent signal handler were massively eating CPU.

Jeremy.

-- 
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------