lib/server: Close connection when client app-level handshake fails
This fixes the following security vulnerability:
- CVE-2021-42075 DoS via file descriptor exhaustion
The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
(cherry picked from commit deefecc262
)
This commit is contained in:
parent
45cd2a9f34
commit
ceecc61388
|
@ -0,0 +1,6 @@
|
||||||
|
SECURITY ISSUE
|
||||||
|
|
||||||
|
Barrier will now correctly close connections when the app-level handshake fails (fixes CVE-2021-42075).
|
||||||
|
|
||||||
|
Previously repeated failing connections would leak file descriptors leading to Barrier being unable
|
||||||
|
to receive new connections from clients.
|
|
@ -195,6 +195,11 @@ ClientListener::handleUnknownClient(const Event&, void* vclient)
|
||||||
new TMethodEventJob<ClientListener>(this,
|
new TMethodEventJob<ClientListener>(this,
|
||||||
&ClientListener::handleClientDisconnected,
|
&ClientListener::handleClientDisconnected,
|
||||||
client));
|
client));
|
||||||
|
} else {
|
||||||
|
auto* stream = unknownClient->getStream();
|
||||||
|
if (stream) {
|
||||||
|
stream->close();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// now finished with unknown client
|
// now finished with unknown client
|
||||||
|
|
Loading…
Reference in New Issue