Fix for CVE-2017-15133 TCP DOS (#631)

serveTCP calls reader.ReadTCP in the accept loop rather than in the per-connection goroutine. If an attacker opens a connection and leaves it idle, this will block the accept loop until the connection times out (2s by default). During this time no other incoming connections will succeed, preventing legitimate queries from being answered. This commit moves the call to reader.ReadTCP into the per-connection goroutine. It also adds a missing call to Close whose absence allowed file-descirptors to leak in select cases. This attack and fix have no impact on serving UDP queries.
2018-01-25 10:36:19 +00:00 · 2018-01-25 10:36:19 +00:00 · 43913f2f4f
parent 862243b3b1
commit 43913f2f4f
1 changed files with 8 additions and 5 deletions
--- a/server.go
+++ b/server.go
@ -472,11 +472,14 @@ func (srv *Server) serveTCP(l net.Listener) error {
 			}
 			return err
 		}
-		m, err := reader.ReadTCP(rw, rtimeout)
-		if err != nil {
-			continue
-		}
-		go srv.serve(rw.RemoteAddr(), handler, m, nil, nil, rw)
+		go func() {
+			m, err := reader.ReadTCP(rw, rtimeout)
+			if err != nil {
+				rw.Close()
+				return
+			}
+			srv.serve(rw.RemoteAddr(), handler, m, nil, nil, rw)
+		}()
 	}
 }