From krb5-bugs-incoming-bounces@PCH.mit.edu Sat May 14 19:27:04 2005
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.9.3p2) with ESMTP
id TAA11230; Sat, 14 May 2005 19:27:04 -0400 (EDT)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id j4ENQWWn007627
for <krb5-send-pr@krbdev.mit.edu>; Sat, 14 May 2005 19:26:32 -0400
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU
[18.7.21.83])
by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id j4DMv8Wn021485
for <krb5-bugs-incoming@PCH.mit.edu>; Fri, 13 May 2005 18:57:08 -0400
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
j4DMv25E028799
for <krb5-bugs@mit.edu>; Fri, 13 May 2005 18:57:02 -0400 (EDT)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com
[172.16.52.254])
by mx1.redhat.com (8.12.11/8.12.11) with ESMTP id j4DMv1XX026658
for <krb5-bugs@mit.edu>; Fri, 13 May 2005 18:57:01 -0400
Received: from devserv.devel.redhat.com (devserv.devel.redhat.com
[172.16.58.1])
by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id j4DMv1O28024
for <krb5-bugs@mit.edu>; Fri, 13 May 2005 18:57:01 -0400
Received: from blade.boston.redhat.com (blade.boston.redhat.com
[172.16.80.50])j4DMv1JK023772
for <krb5-bugs@mit.edu>; Fri, 13 May 2005 18:57:01 -0400
Received: from blade.boston.redhat.com (localhost.localdomain [127.0.0.1])
j4DMv0HN022990
for <krb5-bugs@mit.edu>; Fri, 13 May 2005 18:57:01 -0400
Received: (from nalin@localhost)
by blade.boston.redhat.com (8.13.4/8.13.4/Submit) id j4DMv0T4022989;
Fri, 13 May 2005 18:57:00 -0400
Date: Fri, 13 May 2005 18:57:00 -0400
Message-Id: <200505132257.j4DMv0T4022989@blade.boston.redhat.com>
To: krb5-bugs@mit.edu
From: Nalin Dahyabhai <nalin@redhat.com>
X-send-pr-version: 3.99
X-Spam-Score: -4.9
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.42
X-Mailman-Approved-At: Sat, 14 May 2005 19:26:31 -0400
Subject: spurious EBADF in krshd
X-BeenThere: krb5-bugs-incoming@mailman.mit.edu
X-Mailman-Version: 2.1
Precedence: list
Reply-To: Nalin Dahyabhai <nalin@redhat.com>
Sender: krb5-bugs-incoming-bounces@PCH.mit.edu
Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu
Architecture: i686
stdin stream, it does not remove the descriptor from write_to, the
list of descriptors which are checked for writability. The next
call to select() will return EBADF and krshd will exit prematurely.
redirect input from /dev/null:
rsh -x myhost ls < /dev/null
--- src/appl/bsd/krshd.c 2005-05-13 18:49:58.000000000 -0400
+++ src/appl/bsd/krshd.c 2005-05-13 18:49:53.000000000 -0400
@@ -1296,6 +1296,7 @@
cc = rcmd_stream_read(f, buf, sizeof(buf), 0);
if (cc <= 0) {
(void) close(px[1]);
+ FD_CLR(px[1], write_to);
FD_CLR(f, &readfrom);
} else {
int wcc;
@@ -1304,6 +1305,7 @@
/* pipe closed, don't read any more */
/* might check for EPIPE */
(void) close(px[1]);
+ FD_CLR(px[1], write_to);
FD_CLR(f, &readfrom);
} else if (wcc != cc) {
syslog(LOG_INFO, "only wrote %d/%d to child",
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.9.3p2) with ESMTP
id TAA11230; Sat, 14 May 2005 19:27:04 -0400 (EDT)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id j4ENQWWn007627
for <krb5-send-pr@krbdev.mit.edu>; Sat, 14 May 2005 19:26:32 -0400
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU
[18.7.21.83])
by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id j4DMv8Wn021485
for <krb5-bugs-incoming@PCH.mit.edu>; Fri, 13 May 2005 18:57:08 -0400
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
j4DMv25E028799
for <krb5-bugs@mit.edu>; Fri, 13 May 2005 18:57:02 -0400 (EDT)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com
[172.16.52.254])
by mx1.redhat.com (8.12.11/8.12.11) with ESMTP id j4DMv1XX026658
for <krb5-bugs@mit.edu>; Fri, 13 May 2005 18:57:01 -0400
Received: from devserv.devel.redhat.com (devserv.devel.redhat.com
[172.16.58.1])
by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id j4DMv1O28024
for <krb5-bugs@mit.edu>; Fri, 13 May 2005 18:57:01 -0400
Received: from blade.boston.redhat.com (blade.boston.redhat.com
[172.16.80.50])j4DMv1JK023772
for <krb5-bugs@mit.edu>; Fri, 13 May 2005 18:57:01 -0400
Received: from blade.boston.redhat.com (localhost.localdomain [127.0.0.1])
j4DMv0HN022990
for <krb5-bugs@mit.edu>; Fri, 13 May 2005 18:57:01 -0400
Received: (from nalin@localhost)
by blade.boston.redhat.com (8.13.4/8.13.4/Submit) id j4DMv0T4022989;
Fri, 13 May 2005 18:57:00 -0400
Date: Fri, 13 May 2005 18:57:00 -0400
Message-Id: <200505132257.j4DMv0T4022989@blade.boston.redhat.com>
To: krb5-bugs@mit.edu
From: Nalin Dahyabhai <nalin@redhat.com>
X-send-pr-version: 3.99
X-Spam-Score: -4.9
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.42
X-Mailman-Approved-At: Sat, 14 May 2005 19:26:31 -0400
Subject: spurious EBADF in krshd
X-BeenThere: krb5-bugs-incoming@mailman.mit.edu
X-Mailman-Version: 2.1
Precedence: list
Reply-To: Nalin Dahyabhai <nalin@redhat.com>
Sender: krb5-bugs-incoming-bounces@PCH.mit.edu
Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu
Show quoted text
>Submitter-Id: net
>Originator: Unnamed developer at Lehman Brothers
>Organization:
>Confidential: no
>Synopsis: spurious EBADF in krshd
>Severity: non-critical
>Priority: low
>Category: krb5-appl
>Class: sw-bug
>Release: 1.4.1
>Environment:
System: Linux blade.boston.redhat.com 2.6.11-1.1267_FC4smp #1 SMP Mon Apr 25 19:38:16 EDT 2005 i686 athlon i386 GNU/Linux>Originator: Unnamed developer at Lehman Brothers
>Organization:
>Confidential: no
>Synopsis: spurious EBADF in krshd
>Severity: non-critical
>Priority: low
>Category: krb5-appl
>Class: sw-bug
>Release: 1.4.1
>Environment:
Architecture: i686
Show quoted text
>Description:
When krshd.c closes px[1], the write end of the running shell'sstdin stream, it does not remove the descriptor from write_to, the
list of descriptors which are checked for writability. The next
call to select() will return EBADF and krshd will exit prematurely.
Show quoted text
>How-To-Repeat:
Use rsh to run a command (such as "ls") which prints output, andredirect input from /dev/null:
rsh -x myhost ls < /dev/null
Show quoted text
>Fix:
Call FD_CLR(px[1], &write_to) after any call to close(px[1]):--- src/appl/bsd/krshd.c 2005-05-13 18:49:58.000000000 -0400
+++ src/appl/bsd/krshd.c 2005-05-13 18:49:53.000000000 -0400
@@ -1296,6 +1296,7 @@
cc = rcmd_stream_read(f, buf, sizeof(buf), 0);
if (cc <= 0) {
(void) close(px[1]);
+ FD_CLR(px[1], write_to);
FD_CLR(f, &readfrom);
} else {
int wcc;
@@ -1304,6 +1305,7 @@
/* pipe closed, don't read any more */
/* might check for EPIPE */
(void) close(px[1]);
+ FD_CLR(px[1], write_to);
FD_CLR(f, &readfrom);
} else if (wcc != cc) {
syslog(LOG_INFO, "only wrote %d/%d to child",