The output queue flush can block indefinitely. Permits a client to
hog the thread indefinitely by not reading output.
Broken in commit
08b94556 (v4.3.20) "Reimplement max_idle without a
separate thread". Until then, the idle thread aborted a stuck attempt
to flush output.
Denial of service seems possible.
#include "journal.h"
#include "misc.h"
#include "nat.h"
#include "journal.h"
#include "misc.h"
#include "nat.h"
#include "player.h"
#include "proto.h"
#include "prototypes.h"
#include "player.h"
#include "proto.h"
#include "prototypes.h"
- deadline = (time_t)(player->may_sleep == PLAYER_SLEEP_FREELY ? -1 : 0);
+ deadline = player->curup + minutes(max_idle);
+ if (player->may_sleep != PLAYER_SLEEP_FREELY)
+ deadline = 0;
while (io_output_if_queue_long(player->iop, deadline) > 0)
;
}
while (io_output_if_queue_long(player->iop, deadline) > 0)
;
}