Resolve event-driven programming flaw in pmcd
authorKen McDonell <kenj@kenj.com.au>
Mon, 13 Aug 2012 01:28:46 +0000 (11:28 +1000)
committerNathan Scott <nathans@redhat.com>
Mon, 13 Aug 2012 01:28:46 +0000 (11:28 +1000)
commit9ba85dca940de976176ce196fd5e3c4170936354
tree7b9697ae23f22465baec2d662b07c6cc4477b46c
parent68fb968b4ee635bb301dc9ab64e633b0d66d27b4
Resolve event-driven programming flaw in pmcd

Fix an issue where a misbehaving client could prevent pmcd from
responding to other legitimate requests.  Now uses a dead-hand
timer to ensure a client does not feed tiny pieces of PDUs into
pmcd, preventing service to genuine clients.

Original report and fixes reviewed by Florian Weimer of the Red Hat
Security team.  Red Hat bugzilla bug #841706.

Security advisory CVE-2012-3421.
man/man1/pmcd.1
src/libpcp/src/pdu.c