lib/server: Close connection when client app-level handshake fails

This fixes the following security vulnerability:
 - CVE-2021-42075 DoS via file descriptor exhaustion

The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.

(cherry picked from commit deefecc262)
This commit is contained in:
Povilas Kanapickas 2021-11-01 02:53:24 +02:00
parent 45cd2a9f34
commit ceecc61388
2 changed files with 11 additions and 0 deletions

View File

@ -0,0 +1,6 @@
SECURITY ISSUE
Barrier will now correctly close connections when the app-level handshake fails (fixes CVE-2021-42075).
Previously repeated failing connections would leak file descriptors leading to Barrier being unable
to receive new connections from clients.

View File

@ -195,6 +195,11 @@ ClientListener::handleUnknownClient(const Event&, void* vclient)
new TMethodEventJob<ClientListener>(this, new TMethodEventJob<ClientListener>(this,
&ClientListener::handleClientDisconnected, &ClientListener::handleClientDisconnected,
client)); client));
} else {
auto* stream = unknownClient->getStream();
if (stream) {
stream->close();
}
} }
// now finished with unknown client // now finished with unknown client