This may apply to all known versions of inetd.

For a tcp/nowait connection, inetd invokes accept(2) for each pending connection; this call returns a file descriptor associated with the new connection. Twelve years ago, code was added to inetd to detect "failing servers". The heuristic that identifies a failing server is one that has been invoked a large number of times over some specified interval (e.g., more than 128 ftp services started in 60 seconds may flag the ftp service as "failing"). These compile-time constants vary depending on vendor. The problem is that, when a failing server is detected, the code neglects to close the file descriptor returned by the accept(2). Security-Implications: I suppose someone with ample free time could orchestrate an attack buy pummeling services until the inetd process finally runs out of file descriptors thus rendering inetd useless to any new connections that require a new descriptor. PR: 7286 Reviewed by: phk Submitted by: Jeff Forys <jeff@forys.cranbury.nj.us>
svn path=/head/; revision=37816
2024-12-03 21:18:59 +00:00 · 1998-07-22 05:53:53 +00:00 · 1998-07-22 05:53:53 +00:00 · 02c589d9e9 · 2020-12-20 02:59:44 +00:00
commit 02c589d9e9
parent 6f48600e53
1 changed files with 4 additions and 1 deletions
--- a/usr.sbin/inetd/inetd.c
+++ b/usr.sbin/inetd/inetd.c
@ -42,7 +42,7 @@ static const char copyright[] =
 static char sccsid[] = "@(#)from: inetd.c	8.4 (Berkeley) 4/13/94";
 #endif
 static const char rcsid[] =
-	"$Id: inetd.c,v 1.33 1998/05/11 12:11:59 bde Exp $";
+	"$Id: inetd.c,v 1.34 1998/05/14 20:26:16 guido Exp $";
 #endif /* not lint */

 /*
@ -461,6 +461,9 @@ main(argc, argv, envp)
 				    if (errno != EINTR)
 					    syslog(LOG_WARNING,
 						"accept (for %s): %m",
+                                      if (sep->se_accept &&
+                                          sep->se_socktype == SOCK_STREAM)
+                                              close(ctrl);
 						sep->se_service);
 				    continue;
 			    }