Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FS#4011 - TCP queries to dnsmasq can cause OOM and DoS attack #9003

Open
openwrt-bot opened this issue Sep 6, 2021 · 0 comments
Open

FS#4011 - TCP queries to dnsmasq can cause OOM and DoS attack #9003

openwrt-bot opened this issue Sep 6, 2021 · 0 comments
Labels
flyspray release/19.07

Comments

@openwrt-bot
Copy link

@openwrt-bot openwrt-bot commented Sep 6, 2021

brianjmurrell:

Supply the following if possible:

  • Device problem occurs on tplink,tl-wdr4300-v1
  • Software versions of OpenWrt/LEDE release, packages, etc. 19.07.8
  • Steps to reproduce
    Use a tool like netcat to open many (i.e 20+) TCP connections to port 53, simulating TCP dns queries
    Observe how dnsmasq forks for each connection
    Observe how at some point enough dnsmasq children are running that the kernel starts OOMing

This is a quick/easy demonstration on how simply an OpenWRT router can be DoS attacked.

There is a hard coded MAX_PROCS which defaults to 20. This clearly is too high for resource constrained systems like OpenWRT routers.

There is a discussion of this problem on the dnsmasq ML @ https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/014907.html which includes a patch to make MAX_PROCS a run-time tunable. This could be used by OpenWRT to scale up/down the MAX_PROCS value based on the size of system it's running on.

It could/should be user-overridable in case he/she knows better what the value should be than any attempt by OpenWRT to scale on a given router.

@aparcar aparcar added the release/19.07 label Feb 22, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
flyspray release/19.07
Projects
None yet
Development

No branches or pull requests

2 participants