URL: https://github.com/SSSD/sssd/pull/5688 Author: pbrezina Title: #5688: kcm: terminate client on bad message Action: opened
PR body: """ The debug message clearly says that the original intention was to abort the client, not send an error message. We may end up in a state where we get into an infinit loop, fo example when the client send an message that indicates 0 lenght, but there is actually more data written. In this case, we never read the rest of the message but the file descriptor is still readable so the fd handler gets fired again and again. More information can be seen in relevant FreeIPA ticket: https://pagure.io/freeipa/issue/8877 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5688/head:pr5688 git checkout pr5688
From 325c8e66f7ca4bda2efcbcbc203f6a6a257fef8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com> Date: Wed, 16 Jun 2021 15:28:28 +0200 Subject: [PATCH] kcm: terminate client on bad message The debug message clearly says that the original intention was to abort the client, not send an error message. We may end up in a state where we get into an infinit loop, fo example when the client send an message that indicates 0 lenght, but there is actually more data written. In this case, we never read the rest of the message but the file descriptor is still readable so the fd handler gets fired again and again. More information can be seen in relevant FreeIPA ticket: https://pagure.io/freeipa/issue/8877 --- src/responder/kcm/kcmsrv_cmd.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/responder/kcm/kcmsrv_cmd.c b/src/responder/kcm/kcmsrv_cmd.c index 3ad17ef431..09d99e85ab 100644 --- a/src/responder/kcm/kcmsrv_cmd.c +++ b/src/responder/kcm/kcmsrv_cmd.c @@ -543,7 +543,8 @@ static void kcm_recv(struct cli_ctx *cctx) DEBUG(SSSDBG_FATAL_FAILURE, "Failed to parse data (%d, %s), aborting client\n", ret, sss_strerror(ret)); - goto fail; + talloc_free(cctx); + return; } /* do not read anymore, client is done sending */
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
