From - Wed Sep 22 10:15:22 1999 Message-Id: <37E69283.CEA544F6@sa.erisoft.se> Errors-To: listproc-errors@samba.anu.edu.au Reply-To: Mattias.Gronlund@sa.erisoft.se Originator: samba-technical@samba.org Sender: samba-technical@samba.org Precedence: bulk From: "Mattias.Gronlund" To: Multiple recipients of list SAMBA-TECHNICAL Subject: PATCH: Prevening DoS attacks in recv. MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Listprocessor-Version: 6.0d -- ListProcessor by Anastasios Kotsikonas X-URL: http://samba.anu.edu.au/listproc X-Comment: developer discussion of Samba implementation X-Mailer: Mozilla 4.6 [en] (X11; I; Linux 2.2.5-15smp i686) Date: Tue, 21 Sep 1999 05:55:50 +1000 Content-Type: text/plain; charset=us-ascii X-UIDL: ea66a4899a20e95d3ba2c22673fa6826 Status: U Hi, This first test-version of the DoS-preventing patch that I promised is now available as: "http://www.sdf.se/~eldmgr/samba.dos.a1". The patch is against Samba 2.0.5a. This version of the patch make sure that recv() is never called without a select checking for timeouts before. The patch has implements a new parameter to some functions so that they can skip the select() call if the caller knows that there is data to read (has called select). Future things that I will try to implement: Implement flags for storing results from setsockopt(). This would make us skip lots of select calls on platforms that supports setting SO_SNDTIMEO and SO_RCVTIMEO. Implement the same checks for the send() side. One problem here is that not all platforms understands MSG_DONTWAIT so we may just get stuck anyway :-(... One solution would be to make the socket non-blocking. And to call select() and sleep if the recv/send calls returns EAGAIN. This might be a much cleaner solution to the whole problem. But there is one thing I would like someone more into SMB to explain: These timeouts, they reset between calls as of Posix, but will not reset on Linux (strange select()). But the questionis what does the spec tell us to do (or what do MS do)? /Mattias