[pkg-remote-commits] [xrdp] 01/19: Fix high CPU load in ssl_tls_accept.

Thorsten Glaser tg at moszumanska.debian.org
Fri Dec 22 17:07:34 UTC 2017


This is an automated email from the git hooks/post-receive script.

tg pushed a commit to branch master
in repository xrdp.

commit 92e00613eb28dd9eab59330ddc31dc49b637fa09
Author: Dominik George <nik at naturalnet.de>
Date:   Fri Dec 15 11:25:40 2017 +0100

    Fix high CPU load in ssl_tls_accept.
    
    (cherry picked from commit 8e049539f48257a4a87f448e90804ea849cd66ad)
---
 debian/changelog                         |  6 ++++++
 debian/patches/fix-ssl-accept-load.patch | 23 +++++++++++++++++++++++
 debian/patches/series                    |  1 +
 3 files changed, 30 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 4ee181e..f875a77 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+xrdp (0.9.4-4) unstable; urgency=high
+
+  * Fix (possibly exploitable) high CPU load in ssl_tls_accept.
+
+ -- Dominik George <nik at naturalnet.de>  Fri, 15 Dec 2017 11:24:55 +0100
+
 xrdp (0.9.4-3) unstable; urgency=high
 
   * Fix regression introduced by last upload. (Closes: #884702)
diff --git a/debian/patches/fix-ssl-accept-load.patch b/debian/patches/fix-ssl-accept-load.patch
new file mode 100644
index 0000000..f79e2a7
--- /dev/null
+++ b/debian/patches/fix-ssl-accept-load.patch
@@ -0,0 +1,23 @@
+From: jsorg71
+Subject: Avoid 100% CPU load on ssl_tls_accept
+Origin: https://github.com/neutrinolabs/xrdp/commit/a9eb21e6d73d94989dc0fa221824b0625b37b7aa.diff
+Bug: https://github.com/neutrinolabs/xrdp/issues/954
+Bug-Debian: xxx
+--- a/common/ssl_calls.c
++++ b/common/ssl_calls.c
+@@ -651,6 +651,15 @@ ssl_tls_accept(struct ssl_tls *self, lon
+              *     SSL_ERROR_WANT_READ
+              *     SSL_ERROR_WANT_WRITE
+              */
++            switch (SSL_get_error(self->ssl, connection_status))
++            {
++                case SSL_ERROR_WANT_READ:
++                    g_sck_can_recv(self->trans->sck, SSL_WANT_READ_WRITE_TIMEOUT);
++                    break;
++                case SSL_ERROR_WANT_WRITE:
++                    g_sck_can_send(self->trans->sck, SSL_WANT_READ_WRITE_TIMEOUT);
++                    break;
++            }
+         }
+         else
+         {
diff --git a/debian/patches/series b/debian/patches/series
index 9abfa5d..e9add7d 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,3 +6,4 @@ shutup-daemon.diff
 systemd.diff
 lfs.diff
 cve-2017-16927.patch
+fix-ssl-accept-load.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-remote/xrdp.git



More information about the pkg-remote-commits mailing list