From patchwork Mon May 26 16:35:08 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Schwab X-Patchwork-Id: 352575 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 8F96C14009E for ; Tue, 27 May 2014 02:35:22 +1000 (EST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:date:message-id:mime-version :content-type; q=dns; s=default; b=m12SQ+gN97Dvs5/OZhEgQ1IN1Le84 A0ym+D4LI4L9j1wiTCh9e502nSzXgjJx9AF4crDMHLKc4NYbtmI0DNCJH7URu6GV ZJV7E1j/is6paz/BpihsJo9n/EpYA+tIkXiWjXGeUIhZxckIO43AhIqX2sUZg+I+ GmDHTtkEHiVz1w= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:date:message-id:mime-version :content-type; s=default; bh=lMhsfjKUwIdfHyNhWKsBeheMxIk=; b=Sj5 jjQ2chkA9cAB/LEDPSiBQ/0XtEFIP6wDsyXStcxlGYBg9rT7h4pjEwaeS6H6MYJP 4cB9bHOEUqGRMBW6GjMUeBWz9pbeXcdqZ5qTWKwW6z0QgHHMv6fx+S4jHof1gc7r 2Q8syEReb80t/yiDbq5z9vBRaQURdB6Nsmfh6Afs= Received: (qmail 5620 invoked by alias); 26 May 2014 16:35:15 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 5393 invoked by uid 89); 26 May 2014 16:35:13 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-3.2 required=5.0 tests=AWL, BAYES_00, RP_MATCHES_RCVD autolearn=ham version=3.3.2 X-HELO: mx2.suse.de From: Andreas Schwab To: libc-alpha@sourceware.org Subject: [PATCH] Fix invalid file descriptor reuse while sending DNS query X-Yow: This MUST be a good party -- My RIB CAGE is being painfully pressed up against someone's MARTINI!! Date: Mon, 26 May 2014 18:35:08 +0200 Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) MIME-Version: 1.0 When send_dg runs into a timeout it retries with RES_SNGLKUP and then with RES_SNGLKUPREOP enabled. With the latter option the dns socket will be reopend after the first query was sent, but the old file descriptor is reused for sending the query, which can result in sending it to an unrelated file in a multithreaded program. Andreas. [BZ #15946] * resolv/res_send.c (send_dg): Reload file descriptor after calling reopen. --- resolv/res_send.c | 1 + 1 file changed, 1 insertion(+) diff --git a/resolv/res_send.c b/resolv/res_send.c index 3273d55..af42b8a 100644 --- a/resolv/res_send.c +++ b/resolv/res_send.c @@ -1410,6 +1410,7 @@ send_dg(res_state statp, retval = reopen (statp, terrno, ns); if (retval <= 0) return retval; + pfd[0].fd = EXT(statp).nssocks[ns]; } } goto wait;