[Bug 160] Race condition in clientloop.c?

Adrian Pronk apronk at csi.co.nz
Sun Mar 17 20:57:37 EST 2002


Not in 3.0.2p1?  What about in the version I originally posted about, 3.1?


>http://bugzilla.mindrot.org/show_bug.cgi?id=160
>
>Nicolas.Williams at ubsw.com changed:
>
>           What    |Removed                     |Added
>
----------------------------------------------------------------------------

>             Status|NEW                         |RESOLVED
>         Resolution|                            |FIXED
>
>
>
>------- Additional Comments From Nicolas.Williams at ubsw.com  2002-03-14
08:25 -------
>Aha!
>
>Yes, there is a race. It's there in 2.9p2, but apparently not in 3.0.2p1.
>
>Essentially the
>
>"if (compat20 && session_closed && !channel_still_open())"
>
>check at the top of the client loop is not close enough to the
>call to select() in client_wait_until_can_do_something(). In fact,
>client_wait_until_can_do_something() calls channel_prepare_select()
>which calls channel_handler() which may well call chan_is_dead()
>which may leave no channels open and yet
>client_wait_until_can_do_something() will still go into the
>select().

On Tue, Mar 12, 2002 at 11:27:19AM +1300, Adrian Pronk wrote:
> I've just built openssh 3.1 for my Redhat 5.1 system (running on a 486
> DX-66) using the latest zlib and openssl libraries.
>
> Connecting to the machine with ssh seems to work fine (although it takes
a
> while to initiate a connection).
>
> But when I transfer a file to the machine with scp, it seems to work fine
> and the scp completes, but an ssh sub-process remains behind on the
client
> and an sshd sub-process remains behind on the host.  When I strace them,
> the client is waiting on a socket and the host is waiting on three
> different fd's (under 5.1, its hard to tell what they are without making
an
> effort :) ).
>
> I did not compile the system on the target machine (which is my
firewall).
> My old development machine was a RH 5.1 box.  I bought a new box recently
> and put RH 7.2 on it.  I copied the development RH 5.1 file system on to
it
> (including /dev).  I then chroot'ed to that directory , mounted a new
/proc
> and had my 5.1 development environment back.  I compiled (make install)
> openSSL, zlib, openSSH on this and copied the likely output files to the
> target machine.  I wouldn't think this development environment would
break
> anything.
>
> Does anyone know off the top of their heads what the problem might be?
If
> not, I'll get stuck in and have a look at the code and see if I can see
> anything.


--
Adrian




More information about the openssh-unix-dev mailing list