Re: [bug-inetutils] Bug in tftpd (in multiple revisions including 1.7),

bug-inetutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-inetutils] Bug in tftpd (in multiple revisions including 1.7),

From:	Giuseppe Scrivano
Subject:	Re: [bug-inetutils] Bug in tftpd (in multiple revisions including 1.7), causing tftpd to hang for ever
Date:	Tue, 11 May 2010 22:07:56 +0200
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (gnu/linux)

Hello Hugo,

"Hugo Heutinck" <address@hidden> writes:

> Dear Sir/Madam,
>  
> I believe I have detected and a bug in the inetutils tftpd daemon,
> causing a tftpd daemon to hang forever if no ACK is received.

thanks for your report.

It makes sense to replace setjmp/longjmp with the relative signal safe
versions.

Something against this patch?

Cheers,
Giuseppe



>From 20787168168e0a7bec3e51e0f10192ee633a5078 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <address@hidden>
Date: Tue, 11 May 2010 22:01:25 +0200
Subject: [PATCH] Fix a possible hang in tftpd.

---
 ChangeLog   |    8 ++++++++
 src/tftpd.c |    6 +++---
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 36da17b..0289bf6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,13 @@
 2010-05-11  Giuseppe Scrivano  <address@hidden>
 
+       * src/tftpd.c (timer): Use `siglongjmp' instead of `longjmp'.
+       (send_file): Use `sigsetjmp' instead of `setjmp'.
+       (recvfile): Likewise.
+
+       Reported by Hugo Heutinck <address@hidden>.
+
+2010-05-11  Giuseppe Scrivano  <address@hidden>
+
        * src/rcp.c (main): Change the test to check if the call to
        `asprintf' failed.
 
diff --git a/src/tftpd.c b/src/tftpd.c
index 07a8e34..f343f8a 100644
--- a/src/tftpd.c
+++ b/src/tftpd.c
@@ -508,7 +508,7 @@ timer (int sig)
   timeout += rexmtval;
   if (timeout >= maxtimeout)
     exit (1);
-  longjmp (timeoutbuf, 1);
+  siglongjmp (timeoutbuf, 1);
 }
 
 /*
@@ -537,7 +537,7 @@ send_file (struct formats *pf)
       dp->th_opcode = htons ((u_short) DATA);
       dp->th_block = htons ((u_short) block);
       timeout = 0;
-      setjmp (timeoutbuf);
+      sigsetjmp (timeoutbuf, SIGALRM);
 
     send_data:
       if (send (peer, (const char *) dp, size + 4, 0) != size + 4)
@@ -608,7 +608,7 @@ recvfile (struct formats *pf)
       ap->th_opcode = htons ((u_short) ACK);
       ap->th_block = htons ((u_short) block);
       block++;
-      setjmp (timeoutbuf);
+      sigsetjmp (timeoutbuf, SIGALRM);
     send_ack:
       if (send (peer, ackbuf, 4, 0) != 4)
        {
-- 
1.7.0

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [bug-inetutils] Bug in tftpd (in multiple revisions including 1.7), causing tftpd to hang for ever, Giuseppe Scrivano <=
- Re: [bug-inetutils] Bug in tftpd (in multiple revisions including 1.7), causing tftpd to hang for ever, Alfred M. Szmidt, 2010/05/11
  - Re: [bug-inetutils] Bug in tftpd (in multiple revisions including 1.7), causing tftpd to hang for ever, Alfred M. Szmidt, 2010/05/11

Prev by Date: Re: [bug-inetutils] rcp: memory exhausted
Next by Date: Re: [bug-inetutils] rcp: memory exhausted
Previous by thread: [bug-inetutils] rcp: memory exhausted
Next by thread: Re: [bug-inetutils] Bug in tftpd (in multiple revisions including 1.7), causing tftpd to hang for ever
Index(es):
- Date
- Thread