This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
[PATCH] Fix infinite loop in check_pf
- From: Jim King <Jim dot King at simplivity dot com>
- To: "libc-alpha at sourceware dot org" <libc-alpha at sourceware dot org>
- Date: Mon, 13 Oct 2014 20:51:28 +0000
- Subject: [PATCH] Fix infinite loop in check_pf
- Authentication-results: sourceware.org; auth=none
getaddrinfo() calls down to check_pf.c:make_request() while holding a lock.
make_request calls __recvmsg, and the documentation for recvmsg states that
a return code of 0 indicates an orderly peer shutdown. Given it is possible
to get a return code of 0 (and presumably once you get 0, subsequent calls
will also get 0), there is an infinite loop. I have a core where this
has happened once; as it enters this loop under lock it is possible to
exhaust other resources (in my case, we exhausted the number of file handles
available to a process as incoming requests were calling getaddrinfo).
line 173 begins the loop
line 182 __recvmsg is called and returns 0
line 191 for loop avoided, as NLMSG_OK (nlmh, 0) is always false
line 283 done is not set, so the loop repeats
ChangeLog:
2014-09-17 Jim King <jim.king@simplivity.com>
* sysdeps/unix/sysv/linux/check_pf.c (make_request): Avoid
infinite loop when __recvmsg returns 0.
Patch:
diff --git a/sysdeps/unix/sysv/linux/check_pf.c b/sysdeps/unix/sysv/linux/check_pf.c
index c7fd9b0..976f249 100644
--- a/sysdeps/unix/sysv/linux/check_pf.c
+++ b/sysdeps/unix/sysv/linux/check_pf.c
@@ -180,7 +180,7 @@ make_request (int fd, pid_t pid)
};
ssize_t read_len = TEMP_FAILURE_RETRY (__recvmsg (fd, &msg, 0));
- if (read_len < 0)
+ if (read_len <= 0)
goto out_fail2;
if (msg.msg_flags & MSG_TRUNC)
---
James E. King, III
Architect
SimpliVity Corporation
8 Technology Drive, 2nd Floor
Westborough, MA 01581-1756
Ph: 855-SVT-INFO