Version 1.8.11 of Mandos is released
Teddy Hogeborn
teddy at recompile.se
Wed Apr 8 21:13:16 CEST 2020
Mandos 1.8.11 is released. It is a minor release with a small but
important bug fix; a file descriptor leak in mandos-client, present ever
since version 1.7.0, released on 2015-08-10.
Background: When the local network has Mandos servers announcing
themselves (via DNS-SD) using real, globally reachable, IPv6 addresses
(i.e. not link-local addresses), but there is no router on the local
network providing IPv6 RA (Router Advertisement) packets, the client
cannot reach the server by normal means, since the client only has an
automatically configured link-local IPv6 address, and therefore has no
usable route to reach the server's global IPv6 address. (This is not a
common situation, and usually only happens when an IPv6 router itself
reboots and runs a Mandos client, since it cannot then give RA packets
to itself.) The client code, since version 1.7.0, has a solution for
this, which consists of (when encountering this situation) adding a
temporary local route to reach the address of the server during
communication, and removing this temporary route afterwards.
This solution with a temporary route works, but had a file descriptor
leak; it leaked one file descriptor for each addition and for each
removal of a route. This leak is slow: If one server requiring an added
route is present on the network, but no servers gives a password, making
the client retry after the default ten seconds, and we furthermore
assume a default open files limit of 1024, the client would run out of
file descriptors only after about 90 minutes, after which time the
client process will be useless and fail to retrieve any passwords,
necessitating manual password entry via the keyboard.
In short: This bug would be nonexistent in most normal situations, and
even when triggered, would not be a problem unless the client was unable
to retrieve a password for quite a long time after booting. Therefore,
most users have probably never seen it.
This release fixes this bug.
Version 1.8.11
* Client
** Fix file descriptor leak when adding or removing local routes to
unreachable hosts on the local network.
There were no Debian package changes from 1.8.10.
/Teddy Hogeborn & Björn Påhlsson
--
The Mandos Project
https://www.recompile.se/mandos
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://mail.recompile.se/pipermail/mandos-dev/attachments/20200408/e38c08c1/attachment.sig>
More information about the Mandos-Dev
mailing list