Subject: | sendto_kdc() not signal safe, doesn't respond well to staggered TCP responses. |
From code inspection sendto_kdc() is fundamentally flawed insofar as
it assumes that when select(2) returns, it has consumed all of the
time that it was allotted. This is incorrect in two cases:
1. if the process catches signals then select(2) will return
EINTR, and
2. while processing a TCP connexion, select(2) can return true
but the subsequent read will not contain enough data to
complete the request.
In both cases, it appears from code inspection that sendto_kdc() will
proceed to either send a new UDP packet or start a new TCP connexion
assuming that the specified delay was entirely consumed. In a worst
case scenario, e.g. a process that spawns and catches lots of kids,
the loop might exit prematurely with an error.
Actually, it looks like if select(2) returns EINTR then the entire
loop punts returning an error. In short, this means that processes
cannot both process signals and reliably use Kerberos...
it assumes that when select(2) returns, it has consumed all of the
time that it was allotted. This is incorrect in two cases:
1. if the process catches signals then select(2) will return
EINTR, and
2. while processing a TCP connexion, select(2) can return true
but the subsequent read will not contain enough data to
complete the request.
In both cases, it appears from code inspection that sendto_kdc() will
proceed to either send a new UDP packet or start a new TCP connexion
assuming that the specified delay was entirely consumed. In a worst
case scenario, e.g. a process that spawns and catches lots of kids,
the loop might exit prematurely with an error.
Actually, it looks like if select(2) returns EINTR then the entire
loop punts returning an error. In short, this means that processes
cannot both process signals and reliably use Kerberos...