From ceecc6138807b92b6a776c7357ba7ad63fecc910 Mon Sep 17 00:00:00 2001 From: Povilas Kanapickas Date: Mon, 1 Nov 2021 02:53:24 +0200 Subject: [PATCH] lib/server: Close connection when client app-level handshake fails This fixes the following security vulnerability: - CVE-2021-42075 DoS via file descriptor exhaustion The issue has been reported by Matthias Gerstner . (cherry picked from commit deefecc262319fba9b2f2d8b470ebbc52c412575) --- doc/newsfragments/close-failed-handshake-connections.bugfix | 6 ++++++ src/lib/server/ClientListener.cpp | 5 +++++ 2 files changed, 11 insertions(+) create mode 100644 doc/newsfragments/close-failed-handshake-connections.bugfix diff --git a/doc/newsfragments/close-failed-handshake-connections.bugfix b/doc/newsfragments/close-failed-handshake-connections.bugfix new file mode 100644 index 00000000..0dc8c16c --- /dev/null +++ b/doc/newsfragments/close-failed-handshake-connections.bugfix @@ -0,0 +1,6 @@ +SECURITY ISSUE + +Barrier will now correctly close connections when the app-level handshake fails (fixes CVE-2021-42075). + +Previously repeated failing connections would leak file descriptors leading to Barrier being unable +to receive new connections from clients. diff --git a/src/lib/server/ClientListener.cpp b/src/lib/server/ClientListener.cpp index 8f3f7400..a29ae26f 100644 --- a/src/lib/server/ClientListener.cpp +++ b/src/lib/server/ClientListener.cpp @@ -195,6 +195,11 @@ ClientListener::handleUnknownClient(const Event&, void* vclient) new TMethodEventJob(this, &ClientListener::handleClientDisconnected, client)); + } else { + auto* stream = unknownClient->getStream(); + if (stream) { + stream->close(); + } } // now finished with unknown client