[Bug network/19643] New: Lack of TCP timeout in the resolver
fweimer at redhat dot com
sourceware-bugzilla@sourceware.org
Tue Feb 16 15:37:00 GMT 2016
https://sourceware.org/bugzilla/show_bug.cgi?id=19643
Bug ID: 19643
Summary: Lack of TCP timeout in the resolver
Product: glibc
Version: 2.24
Status: NEW
Severity: normal
Priority: P2
Component: network
Assignee: unassigned at sourceware dot org
Reporter: fweimer at redhat dot com
Target Milestone: ---
Flags: security-
If a TCP connection hangs to the configured name server, the name resolution
functions in libresolv (and thus the nss_dns NSS service module and getaddrinfo
and related functions) will wait indefinitely and never return to the caller.
We should apply the configured timeout to TCP connections as well (perhaps
separately for connection establishment and the actual query).
Not flagging as security because I don't see a way to exploit this for an
attacker which already has far more potent means to disrupt DNS resolution
because they are on the forwarding path for DNS packets.
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the Glibc-bugs
mailing list