adamwill / 389-ds-base

Forked from 389-ds-base 4 years ago
Clone

33ac4f5 Ticket 50329 - (2nd) Possible Security Issue: DOS due to ioblocktimeout not applying to TLS

Authored and Committed by tbordaz 4 years ago
    Ticket 50329 - (2nd) Possible Security Issue: DOS due to ioblocktimeout not applying to TLS
    
    Bug Description:
        A secure socket is configured in blocking mode. If an event
        is detected on a secure socket a worker tries to receive the request.
        If handshake occurs during the read, it can hang longer than
        ioblocktimeout because it takes into account the socket option
        rather than the timeout used for the ssl_Recv
    
    Fix Description:
        The fix is specific to secure socket and set this socket option
        to do non blocking IO.
    
    https://pagure.io/389-ds-base/issue/50329
    
    Reviewed by: ?
    
    Platforms tested: F28, RHEL7.6
    
    Flag Day: no
    
    Doc impact: no
    
        
file modified
+1 -1