[Bug 160] Race condition in clientloop.c?

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Mar 14 08:25:26 EST 2002


http://bugzilla.mindrot.org/show_bug.cgi?id=160

Nicolas.Williams at ubsw.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED



------- Additional Comments From Nicolas.Williams at ubsw.com  2002-03-14 08:25 -------
Aha!

Yes, there is a race. It's there in 2.9p2, but apparently not in 3.0.2p1.

Essentially the

"if (compat20 && session_closed && !channel_still_open())"

check at the top of the client loop is not close enough to the
call to select() in client_wait_until_can_do_something(). In fact,
client_wait_until_can_do_something() calls channel_prepare_select()
which calls channel_handler() which may well call chan_is_dead()
which may leave no channels open and yet
client_wait_until_can_do_something() will still go into the
select().



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the openssh-unix-dev mailing list