Bug 19643

Summary: libresolv: Lack of TCP timeout
Product: glibc Reporter: Florian Weimer <fweimer>
Component: networkAssignee: Florian Weimer <fweimer>
Status: ASSIGNED ---    
Severity: normal CC: carlos, ismail
Priority: P2 Flags: fweimer: security-
Version: 2.24   
Target Milestone: ---   
See Also: https://bugzilla.redhat.com/show_bug.cgi?id=1429442
https://bugzilla.redhat.com/show_bug.cgi?id=1825248
Host: Target:
Build: Last reconfirmed:

Description Florian Weimer 2016-02-16 15:37:21 UTC 
If a TCP connection hangs to the configured name server, the name resolution functions in libresolv (and thus the nss_dns NSS service module and getaddrinfo and related functions) will wait indefinitely and never return to the caller.

We should apply the configured timeout to TCP connections as well (perhaps separately for connection establishment and the actual query).

Not flagging as security because I don't see a way to exploit this for an attacker which already has far more potent means to disrupt DNS resolution because they are on the forwarding path for DNS packets.
Comment 1 Florian Weimer 2017-03-06 12:25:23 UTC 
*** Bug 19696 has been marked as a duplicate of this bug. ***