DOS: Clients can freeze other clients smbd

[Mattias.Gronlund]

Jeremy Allison wrote:
> 
> Mattias.Gronlund wrote:
> 
> > A client may freeze until the keepalive timer expires (hours)
> > by not sending the amount of data that smbd expects.
> 
> I must confess I have worried in the past about this DOS
> attack.
> 
> > This isn't a good thing, I think we should always use
> > read_socket_with_timeout() instead of read_socket so that we
> > never get stuck that long in the first place.
> 
> Ok - that sounds reasonable. Do you want to do the patch ?
> 

Ok, I'll try. There is more to this, I think that I have to 
trace all calls read_socket_with_timeout() that gives a timeout
lesser or equal to zero. If I understand this right we shall
never wait without a timeout when waiting on a socket.

> > If there is any interest for this I would like to reimplement
> > read_socket_with_timeout() with alarms instaed of select.
> 
> Hmmm. Why does this change improve things ? I remember
> debugging one performance problem in the Vantive daemon where
> the cost of doing the system calls to set/unset the alarm and
> attendent signal handler were massively eating CPU.
>

You might be right, I just start with the removal of all blocking
socket-calls.
 
/Mattias