Your message dated Mon, 18 Oct 2021 10:28:22 +0200
with message-id <[email protected]>
and subject line Re: two regressions in ocserv 1.1.2 regarding udp handling
has caused the Debian Bug report #982844,
regarding two regressions in ocserv 1.1.2 regarding udp handling
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
982844: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982844
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ocserv
Version: 1.1.2-1~bpo10+1
Severity: important

Hi,

two bugs in the UDP handling (both leading to 100% CPU usage of a
worker) have been fixed upstream:

1. "Busyloop on unexpected incoming UDP packet"

If the handshake failed any unexpected UDP packet won't be read, leading
to epoll_wait always reparting EPOLLIN for it.  It will still be able to
handle the TCP connection though.

https://gitlab.com/openconnect/ocserv/-/issues/400
https://gitlab.com/openconnect/ocserv/-/merge_requests/253

2. "dtls connection setup: fix memory corruption, proper watcher setup"

There are two UDP "ev_io" watchers (introduced in 1.1.2) to handle a new
UDP session handshake without breaking the existing connection.

If a watcher gets reused (I'd guess in the 3rd UDP connection) it won't
stop it before clearing it, leaving a "dangling" reference in libev
internals.  Afaict it doesn't break anything apart from leading to an
infinite loop within libev - it won't handle any events at that point
anymore.

https://gitlab.com/openconnect/ocserv/-/merge_requests/255

When backporting those commits to 1.1.2 you'll have to replace
"worker_loop" with "loop" (got renamed).

I have built local packages with those two patches, and haven't seen
further issues so far.

cheers,
Stefan

--- End Message ---
--- Begin Message ---
Version: 1.1.2-2

Hi,

you really should work on your changelogs to mention what you actually 
did; "d/patches: cherry-pick upstream post 1.1.2 bug fixes" is not 
helpful when tracking down whether you included certain fixes or not.

Also should have closed this issue with the 1.1.2-2 upload by writing 
"Closes: #982844".

For reference: the 1.1.2-2 upload is basically this commit:

https://salsa.debian.org/debian/ocserv/-/commit/23fb2185b4f24bde09dce822ab9ca9b947525d73

Which includes (among others) the patches fixing this bug:

0033-Close-fd-and-stop-ev_io-on-failed-handshake.patch
0035-dtls-connection-setup-fix-memory-corruption-proper-w.patch

Upstream 1.1.3 includes the fixes too.

cheers,
Stefan

--- End Message ---

Reply via email to