19643 – libresolv: Lack of TCP timeout

Bug 19643 - libresolv: Lack of TCP timeout

Summary: libresolv: Lack of TCP timeout

Status:	ASSIGNED

Alias:	None

Product:	glibc
Classification:	Unclassified
Component:	network (show other bugs)
Version:	2.24

Importance:	P2 normal
Target Milestone:	---
Assignee:	Florian Weimer

URL:
Keywords:

Duplicates (1):	19696 (view as bug list)
Depends on:
Blocks:

Reported:	2016-02-16 15:37 UTC by Florian Weimer
Modified:	2023-07-30 18:24 UTC (History)
CC List:	2 users (show)

See Also:	https://bugzilla.redhat.com/show_bug.cgi?id=1429442 https://bugzilla.redhat.com/show_bug.cgi?id=1825248
Host:
Target:
Build:
Last reconfirmed:

Flags:	fweimer: security-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Florian Weimer 2016-02-16 15:37:21 UTC

If a TCP connection hangs to the configured name server, the name resolution functions in libresolv (and thus the nss_dns NSS service module and getaddrinfo and related functions) will wait indefinitely and never return to the caller.

We should apply the configured timeout to TCP connections as well (perhaps separately for connection establishment and the actual query).

Not flagging as security because I don't see a way to exploit this for an attacker which already has far more potent means to disrupt DNS resolution because they are on the forwarding path for DNS packets.

Comment 1 Florian Weimer 2017-03-06 12:25:23 UTC

*** Bug 19696 has been marked as a duplicate of this bug. ***