[Bug 773] OpenSSH hangs or silently exits on write failure on stdout/stderr

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Dec 16 12:59:52 EST 2003


http://bugzilla.mindrot.org/show_bug.cgi?id=773

           Summary: OpenSSH hangs or silently exits on write failure on
                    stdout/stderr
           Product: Portable OpenSSH
           Version: -current
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ssh
        AssignedTo: openssh-bugs at mindrot.org
        ReportedBy: geoffk at geoffk.org


If a persistent write error ('disk full') occurs when writing to
stdout of the 'ssh' command, the command can hang and will not produce
an error message.

I can reproduce both problems with OpenSSH 3.7.1p2 on Linux, and the
code affected appears to be common with the current OpenBSD anoncvs
version of OpenSSH.

The write() call that fails is in chan_handle_wfd.  This goes on to
call chan_write_failed, which since the channel is in CHAN_OUTPUT_OPEN
or CHAN_OUTPUT_WAIT_DRAIN (depending on how much output is being sent)
will simply flush the data and then close the file descriptor.
No error message is provided.

[Note that client_process_output does provide an error message in a
similar situation, but it wasn't used since I was using the 2.0
protocol.]

Now, suppose this happens while data is still being sent from a
command running on the SSH server.  When the client gets into
channel_input_data, it will notice that the output channel is no
longer open, and simply return.  This means it won't update
c->local_window.  It also won't call channel_handle_wfd, which would
in any case return directly, which means that c->local_consumed won't
be updated either.  This means that channel_check_window won't ever
send a SSH2_MSG_CHANNEL_WINDOW_ADJUST message, and eventually the
server will stop sending and wait for the client to catch up, which
will never happen.

I could reproduce this easily on Linux by doing

ssh localhost dd if=/dev/zero bs=1024 count=256 > /dev/full

to see the hang, and

ssh localhost dd if=/dev/zero bs=1024 count=1 > /dev/full

to see it terminate with no error message.  If you don't have
/dev/full, just create it as an empty, writable file and then fill up
/dev :-).



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list