git.proxmox.com Git - pve-http-server.git/commit

author	Stoiko Ivanov <s.ivanov@proxmox.com>
	Thu, 10 Dec 2020 14:02:49 +0000 (15:02 +0100)
committer	Thomas Lamprecht <t.lamprecht@proxmox.com>
	Thu, 10 Dec 2020 19:23:38 +0000 (20:23 +0100)
commit	c82d1707ed3ba7de58161842d62a2b177308982a
tree	da8f27e896335b044b03c50dd4553371462a8261	tree
parent	26e73e6b9ef9c496ce800b3017a6ddc80cac897c	commit \| diff

accept-phase: fix conn_count "leak"

When handling new connections in 'accept_connections' the number of
active connections (conn_count) got increased before the callback, which
would eventually decrease it got registered in AnyEvent::Handle->new.

Any error/die before registering the callback would skip the
decrement, and leave the process in an endless loop upon exiting in
wait_end_loop.

This can happen e.g. when the call to getpeername fails, or if the
connection is denied by the ALLOW_FROM/DENY_FROM settings in
'/etc/default/pveproxy' (which is also a simple reproducer for that).

Additionally it can cause a denial of service, by attempting to
connect from a denied ip until the connection count exeeds the maximum
connections of all child-processes.

This patch addresses the issue by incrementing the connection count
before attempting to create the handle, and decrementing it again, if
handle creation fails.

A warning is logged if 'conn_count' turns negative when decrementing
during cleanup on error/eof. In case creating a new handle during
initial accept_connection fails, a warning is logged as well, but
'conn_count' is not decremented.

Reported via our community-forum:
https://forum.proxmox.com/threads/pveproxy-eats-available-ram.79617/

Co-Authored-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>