Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) Subject: sendto_kdc() not signal safe, doesn't respond well to staggered TCP responses. X-RT-Original-Encoding: iso-8859-1 Content-Length: 956 From code inspection sendto_kdc() is fundamentally flawed insofar as it assumes that when select(2) returns, it has consumed all of the time that it was allotted. This is incorrect in two cases: 1. if the process catches signals then select(2) will return EINTR, and 2. while processing a TCP connexion, select(2) can return true but the subsequent read will not contain enough data to complete the request. In both cases, it appears from code inspection that sendto_kdc() will proceed to either send a new UDP packet or start a new TCP connexion assuming that the specified delay was entirely consumed. In a worst case scenario, e.g. a process that spawns and catches lots of kids, the loop might exit prematurely with an error. Actually, it looks like if select(2) returns EINTR then the entire loop punts returning an error. In short, this means that processes cannot both process signals and reliably use Kerberos...