From cperciva@fafnir.daemonology.net  Tue Dec 30 22:52:12 2003
Return-Path: <cperciva@fafnir.daemonology.net>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4D17816A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 30 Dec 2003 22:52:12 -0800 (PST)
Received: from fafnir.daemonology.net (h24-87-233-42.vc.shawcable.net [24.87.233.42])
	by mx1.FreeBSD.org (Postfix) with SMTP id C33A743D31
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 30 Dec 2003 22:52:10 -0800 (PST)
	(envelope-from cperciva@fafnir.daemonology.net)
Received: (qmail 3760 invoked by uid 0); 31 Dec 2003 06:52:19 -0000
Message-Id: <20031231065219.3759.qmail@fafnir.daemonology.net>
Date: 31 Dec 2003 06:52:19 -0000
From: Colin Percival <cperciva@daemonology.net>
Reply-To: Colin Percival <cperciva@daemonology.net>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: cycle-eating endless loop in lock(1)
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         60758
>Category:       bin
>Synopsis:       cycle-eating endless loop in lock(1)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Dec 30 23:00:35 PST 2003
>Closed-Date:    Wed Jan 21 20:42:35 PST 2004
>Last-Modified:  Wed Jan 21 20:42:35 PST 2004
>Originator:     Colin Percival
>Release:        FreeBSD 5.2-RC2 i386
>Organization:
>Environment:
System: FreeBSD fafnir.daemonology.net 5.2-RC2 FreeBSD 5.2-RC2 #0: Mon Dec 22 07:23:48 GMT 2003 root@wv1u.freebsd.org:/usr/obj/usr/src/sys/GENERIC i386

>Description:

If fgets(3) fails, lock(1) will enter an endless loop:
write(1,0x804e000,5)                             ERR#5 'Input/output error'
read(0x0,0x804f000,0x1000)                       = 0 (0x0)
gettimeofday(0xbfbfe2b0,0x0)                     = 0 (0x0)
write(1,0x804e000,31)                            ERR#5 'Input/output error'
[repeat]

>How-To-Repeat:

1. ssh into a machine
2. su
3. lock
4. (with a different terminal) kill the ssh session.

su and lock will continue running, and lock will eat 100% of available cpu 
time.

>Fix:

Insert a sleep(1) call into the endless loop.  This still leaves an orphan 
lying around, but since lock is important for security purposes, this is 
probably safer than exiting.

--- lock.diff begins here ---
Index: lock.c
===================================================================
RCS file: /usr/cvs/src/usr.bin/lock/lock.c,v
retrieving revision 1.17
diff -u -r1.17 lock.c
--- lock.c	1 Sep 2003 04:12:18 -0000	1.17
+++ lock.c	31 Dec 2003 06:23:57 -0000
@@ -211,6 +211,7 @@
 		(void)printf("Key: ");
 		if (!fgets(s, sizeof(s), stdin)) {
 			clearerr(stdin);
+			sleep(1);
 			hi(0);
 			continue;
 		}
--- lock.diff ends here ---
>Release-Note:
>Audit-Trail:

From: David Schultz <das@FreeBSD.ORG>
To: Colin Percival <cperciva@daemonology.net>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: bin/60758: cycle-eating endless loop in lock(1)
Date: Mon, 19 Jan 2004 19:22:41 -0800

 On Wed, Dec 31, 2003, Colin Percival wrote:
 > Insert a sleep(1) call into the endless loop.  This still leaves an orphan 
 > lying around, but since lock is important for security purposes, this is 
 > probably safer than exiting.
 
 As you observe, it's not a good idea to exit the loop.  On the
 other hand, fgets(3) errors are generally not recoverable, so
 calling sleep(1) seems a bit kludgy.  How about just calling
 pause(3) if an error occurs?
State-Changed-From-To: open->closed 
State-Changed-By: cperciva 
State-Changed-When: Wed Jan 21 20:41:51 PST 2004 
State-Changed-Why:  
Fixed. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=60758 
>Unformatted:
