Bug 19643 - libresolv: Lack of TCP timeout
Summary: libresolv: Lack of TCP timeout
Alias: None
Product: glibc
Classification: Unclassified
Component: network (show other bugs)
Version: 2.24
: P2 normal
Target Milestone: ---
Assignee: Florian Weimer
: 19696 (view as bug list)
Depends on:
Reported: 2016-02-16 15:37 UTC by Florian Weimer
Modified: 2023-07-30 18:24 UTC (History)
2 users (show)

See Also:
Last reconfirmed:
fweimer: security-


Note You need to log in before you can comment on or make changes to this bug.
Description Florian Weimer 2016-02-16 15:37:21 UTC
If a TCP connection hangs to the configured name server, the name resolution functions in libresolv (and thus the nss_dns NSS service module and getaddrinfo and related functions) will wait indefinitely and never return to the caller.

We should apply the configured timeout to TCP connections as well (perhaps separately for connection establishment and the actual query).

Not flagging as security because I don't see a way to exploit this for an attacker which already has far more potent means to disrupt DNS resolution because they are on the forwarding path for DNS packets.
Comment 1 Florian Weimer 2017-03-06 12:25:23 UTC
*** Bug 19696 has been marked as a duplicate of this bug. ***