CVE-2017-3144.patch 1.45 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47
From: Thomas Markwalder <tmark@isc.org>
Date: Thu, 7 Dec 2017 11:23:36 -0500
Subject: [master] Plugs a socket descriptor leak in OMAPI
Origin: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=1a6b62fe17a42b00fa234d06b6dfde3d03451894
Bug: https://bugs.isc.org/Public/Bug/Display.html?id=46767
Bug-Debian: https://bugs.debian.org/887413
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-3144

    Merges in rt46767.
---

diff --git a/omapip/buffer.c b/omapip/buffer.c
index 6e0621b5..a21f0a80 100644
--- a/omapip/buffer.c
+++ b/omapip/buffer.c
@@ -565,6 +565,15 @@ isc_result_t omapi_connection_writer (omapi_object_t *h)
 			omapi_buffer_dereference (&buffer, MDL);
 		}
 	}
+
+	/* If we had data left to write when we're told to disconnect,
+	* we need recall disconnect, now that we're done writing.
+	* See rt46767. */
+	if (c->out_bytes == 0 && c->state == omapi_connection_disconnecting) {
+		omapi_disconnect (h, 1);
+		return ISC_R_SHUTTINGDOWN;
+	}
+
 	return ISC_R_SUCCESS;
 }
 
diff --git a/omapip/message.c b/omapip/message.c
index ee15d821..37abbd25 100644
--- a/omapip/message.c
+++ b/omapip/message.c
@@ -339,7 +339,7 @@ isc_result_t omapi_message_unregister (omapi_object_t *mo)
 }
 
 #ifdef DEBUG_PROTOCOL
-static const char *omapi_message_op_name(int op) {
+const char *omapi_message_op_name(int op) {
 	switch (op) {
 	case OMAPI_OP_OPEN:    return "OMAPI_OP_OPEN";
 	case OMAPI_OP_REFRESH: return "OMAPI_OP_REFRESH";
-- 
2.16.2