#572 Hangs in Netatalk which causes it to stop responding to connections

None
closed
nobody
None
1
2014-08-11
2014-07-10
Ralph Böhme
No

Summary

Hangs in Netatalk which causes it to stop responding to connections. The master afpd process gets stuck in a poll loop, being repeatedly notified that there are connections on its socket, but never actually doesn anything with them.

Analysis

Analysis with gdb revealed that the dat astructure dealing with the main AFP socket and the IPC client sockets was smashed. This could happen because the function fdset_add_fd() doesn't do bound checking itself but relied on other parts of the code that enforce a connection limit.

Unfortunately, for low-level AFP connections that don't result in a full AFP login these checks come too late resulting in a buffer overflow.

Fix

Add a bound check. While we're at it, rewrite the fdset code to use a full blown data structure encapsultating the implementation details.

Discussion

  • Ralph Böhme
    Ralph Böhme
    2014-07-10

    • status: open --> closed
    • Group: -->