PATCH: Prevening DoS attacks in recv.
Mattias.Gronlund at sa.erisoft.se
Mon Sep 20 20:01:07 GMT 1999
This first test-version of the DoS-preventing patch that I promised
is now available as: "http://www.sdf.se/~eldmgr/samba.dos.a1".
The patch is against Samba 2.0.5a.
This version of the patch make sure that recv() is never called
without a select checking for timeouts before. The patch has
implements a new parameter to some functions so that they can
skip the select() call if the caller knows that there is data
to read (has called select).
Future things that I will try to implement:
Implement flags for storing results from setsockopt(). This would
make us skip lots of select calls on platforms that supports
setting SO_SNDTIMEO and SO_RCVTIMEO.
Implement the same checks for the send() side. One problem here
is that not all platforms understands MSG_DONTWAIT so we may
just get stuck anyway :-(...
One solution would be to make the socket non-blocking. And to
call select() and sleep if the recv/send calls returns EAGAIN.
This might be a much cleaner solution to the whole problem.
But there is one thing I would like someone more into SMB to
explain: These timeouts, they reset between calls as of Posix, but
will not reset on Linux (strange select()). But the questionis
what does the spec tell us to do (or what do MS do)?
More information about the samba-technical