[krbdev.mit.edu #5440] sendto_kdc() not signal safe, doesn't respond well to staggered TCP responses.
Ken Raeburn via RT
rt-comment at krbdev.mit.edu
Wed Feb 14 20:15:28 EST 2007
On Feb 14, 2007, at 18:53, Public Submitter via RT wrote:
>> From code inspection sendto_kdc() is fundamentally flawed insofar as
> it assumes that when select(2) returns, it has consumed all of the
> time that it was allotted. This is incorrect in two cases:
We should be going back into the select call unless
krb5int_cm_call_select returns zero *and* sets *sret to 0.
> 1. if the process catches signals then select(2) will return
> EINTR, and
It looks like that won't be handled properly, true... probably the
call_select routine should check for that, and just try calling
select again.
> 2. while processing a TCP connexion, select(2) can return true
> but the subsequent read will not contain enough data to
> complete the request.
> In both cases, it appears from code inspection that sendto_kdc() will
> proceed to either send a new UDP packet or start a new TCP connexion
> assuming that the specified delay was entirely consumed.
The while loop in service_fds should continue until:
1) all open file descriptors have been closed (selstate->nfds)
2) krb5int_cm_call_select returns nonzero, which indicates an error
return from gettimeofday or select (including, yes, EINTR)
3) krb5int_cm_call_select returns zero but sets *sret (number of
ready fds) to 0, which should happen only when the specified end time
is reached
4) the fd service routine returns nonzero, which for the TCP sockets
should only be if the full message is received
If an incomplete message is received, and there's still time left, we
should wind up back in the select call.
> In a worst
> case scenario, e.g. a process that spawns and catches lots of kids,
> the loop might exit prematurely with an error.
>
> Actually, it looks like if select(2) returns EINTR then the entire
> loop punts returning an error. In short, this means that processes
> cannot both process signals and reliably use Kerberos...
Yeah, that's a bug...
Ken
More information about the krb5-bugs
mailing list