From patchwork Mon May 26 16:35:08 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Schwab X-Patchwork-Id: 1151 X-Patchwork-Delegate: carlos@redhat.com Received: (qmail 5620 invoked by alias); 26 May 2014 16:35:15 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 5393 invoked by uid 89); 26 May 2014 16:35:13 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-3.2 required=5.0 tests=AWL, BAYES_00, RP_MATCHES_RCVD autolearn=ham version=3.3.2 X-HELO: mx2.suse.de From: Andreas Schwab To: libc-alpha@sourceware.org Subject: [PATCH] Fix invalid file descriptor reuse while sending DNS query X-Yow: This MUST be a good party -- My RIB CAGE is being painfully pressed up against someone's MARTINI!! Date: Mon, 26 May 2014 18:35:08 +0200 Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) MIME-Version: 1.0 When send_dg runs into a timeout it retries with RES_SNGLKUP and then with RES_SNGLKUPREOP enabled. With the latter option the dns socket will be reopend after the first query was sent, but the old file descriptor is reused for sending the query, which can result in sending it to an unrelated file in a multithreaded program. Andreas. [BZ #15946] * resolv/res_send.c (send_dg): Reload file descriptor after calling reopen. --- resolv/res_send.c | 1 + 1 file changed, 1 insertion(+) diff --git a/resolv/res_send.c b/resolv/res_send.c index 3273d55..af42b8a 100644 --- a/resolv/res_send.c +++ b/resolv/res_send.c @@ -1410,6 +1410,7 @@ send_dg(res_state statp, retval = reopen (statp, terrno, ns); if (retval <= 0) return retval; + pfd[0].fd = EXT(statp).nssocks[ns]; } } goto wait;