[pkg-remote-commits] [xrdp] 01/19: Fix high CPU load in ssl_tls_accept.
Thorsten Glaser
tg at moszumanska.debian.org
Fri Dec 22 17:07:34 UTC 2017
This is an automated email from the git hooks/post-receive script.
tg pushed a commit to branch master
in repository xrdp.
commit 92e00613eb28dd9eab59330ddc31dc49b637fa09
Author: Dominik George <nik at naturalnet.de>
Date: Fri Dec 15 11:25:40 2017 +0100
Fix high CPU load in ssl_tls_accept.
(cherry picked from commit 8e049539f48257a4a87f448e90804ea849cd66ad)
---
debian/changelog | 6 ++++++
debian/patches/fix-ssl-accept-load.patch | 23 +++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 30 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 4ee181e..f875a77 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+xrdp (0.9.4-4) unstable; urgency=high
+
+ * Fix (possibly exploitable) high CPU load in ssl_tls_accept.
+
+ -- Dominik George <nik at naturalnet.de> Fri, 15 Dec 2017 11:24:55 +0100
+
xrdp (0.9.4-3) unstable; urgency=high
* Fix regression introduced by last upload. (Closes: #884702)
diff --git a/debian/patches/fix-ssl-accept-load.patch b/debian/patches/fix-ssl-accept-load.patch
new file mode 100644
index 0000000..f79e2a7
--- /dev/null
+++ b/debian/patches/fix-ssl-accept-load.patch
@@ -0,0 +1,23 @@
+From: jsorg71
+Subject: Avoid 100% CPU load on ssl_tls_accept
+Origin: https://github.com/neutrinolabs/xrdp/commit/a9eb21e6d73d94989dc0fa221824b0625b37b7aa.diff
+Bug: https://github.com/neutrinolabs/xrdp/issues/954
+Bug-Debian: xxx
+--- a/common/ssl_calls.c
++++ b/common/ssl_calls.c
+@@ -651,6 +651,15 @@ ssl_tls_accept(struct ssl_tls *self, lon
+ * SSL_ERROR_WANT_READ
+ * SSL_ERROR_WANT_WRITE
+ */
++ switch (SSL_get_error(self->ssl, connection_status))
++ {
++ case SSL_ERROR_WANT_READ:
++ g_sck_can_recv(self->trans->sck, SSL_WANT_READ_WRITE_TIMEOUT);
++ break;
++ case SSL_ERROR_WANT_WRITE:
++ g_sck_can_send(self->trans->sck, SSL_WANT_READ_WRITE_TIMEOUT);
++ break;
++ }
+ }
+ else
+ {
diff --git a/debian/patches/series b/debian/patches/series
index 9abfa5d..e9add7d 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,3 +6,4 @@ shutup-daemon.diff
systemd.diff
lfs.diff
cve-2017-16927.patch
+fix-ssl-accept-load.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-remote/xrdp.git
More information about the pkg-remote-commits
mailing list