Debian Bug report logs - #128632
rsyncd doesn't die when the client breaks (easy DOS on rsyncd)

version graph

Package: rsync; Maintainer for rsync is Paul Slootman <paul@debian.org>; Source for rsync is src:rsync.

Reported by: Santiago Garcia Mantinan <manty@debian.org>

Date: Thu, 10 Jan 2002 20:03:03 UTC

Severity: important

Tags: patch

Found in version 2.5.1-0.1

Done: eb@penguinppc.org (Ethan Benson)

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Philip Hands <phil@hands.com>:
Bug#128632; Package rsync. Full text and rfc822 format available.

Acknowledgement sent to Santiago Garcia Mantinan <manty@debian.org>:
New Bug report received and forwarded. Copy sent to Philip Hands <phil@hands.com>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Santiago Garcia Mantinan <manty@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Cc: Colin Walters <walters@debian.org>
Subject: rsyncd doesn't die when the client breaks (easy DOS on rsyncd)
Date: Thu, 10 Jan 2002 20:51:51 +0100
Package: rsync
Version: 2.5.1-0.1
Severity: important

Hi!

I've been testing the last releases of rsync and found that if the client is
broken hitting ^C in the middle of the transmission, then the server keeps
running, this seems to happen on version 2.4.6-1 as well as the new
2.5.1-0.1 As an example to ilustrate this, this is the status of one of the
machines I used to test this, as you can see I have three servers running
but the clients are not connected, I killed them with ^C some minutes before
doing the ps ax.

iesc:~# ps ax|grep rsyncd
 4264 ?        S      0:00 rsyncd --daemon
 4266 ?        S      0:00 rsyncd --daemon
 4273 ?        S      0:00 rsyncd --daemon
 4282 pts/0    S      0:00 grep rsyncd
iesc:~# netstat -puta|grep rsync
tcp        0      0 *:rsync                 *:*                     LISTEN
213/inetd

If you need any more info just ask.

Regards!

-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux man 2.4.17 #1 lun dic 24 16:37:07 CET 2001 i586
Locale: LANG=C, LC_CTYPE=C

Versions of packages rsync depends on:
ii  libc6                         2.2.4-7    GNU C Library: Shared libraries an
ii  libpopt0                      1.6.2-6    lib for parsing cmdline parameters




Information forwarded to debian-bugs-dist@lists.debian.org, Philip Hands <phil@hands.com>:
Bug#128632; Package rsync. Full text and rfc822 format available.

Acknowledgement sent to Colin Walters <walters@debian.org>:
Extra info received and forwarded to list. Copy sent to Philip Hands <phil@hands.com>. Full text and rfc822 format available.

Message #10 received at 128632@bugs.debian.org (full text, mbox):

From: Colin Walters <walters@debian.org>
To: rsync@samba.org
Cc: 128632@bugs.debian.org
Subject: (patch) fix for spinning child processes in daemon mode
Date: 11 Jan 2002 02:32:03 -0500
Hello,

The attached patch should fix Debian bug #128632
(http://bugs.debian.org/128632).  This bug happened because if an error
occurred in writefd_unbuffered (such as the remote end closing the
socket), it would call rprintf, which would call io_multiplexing_write,
which would in turn call writefd_unbuffered, which would then just sit
in a loop trying to write to the broken socket.

Also, we have to ignore SIGPIPE; it is better to handle an EPIPE return
code.  Otherwise we end up calling rprintf inside the sigint handler,
and we're back in the same boat.

Does this look right?  The rsync error handling is...complex, to say the
least.

--- io.c.~1.87.~	Sun Sep  9 00:42:09 2001
+++ io.c	Fri Jan 11 02:20:52 2002
@@ -438,6 +438,8 @@
 			}
 
 			if (ret <= 0) {
+				/* Don't try to write errors back across the stream */
+				io_multiplexing_close();
 				rprintf(FERROR,
 					"error writing %d unbuffered bytes"
 					" - exiting: %s\n", len,
Index: main.c
===================================================================
RCS file: /cvsroot/rsync/main.c,v
retrieving revision 1.135
diff -u -u -r1.135 main.c
--- main.c	11 Jan 2002 07:16:11 -0000	1.135
+++ main.c	11 Jan 2002 07:23:18 -0000
@@ -821,9 +821,11 @@
 	}
 
 	signal(SIGINT,SIGNAL_CAST sig_int);
-	signal(SIGPIPE,SIGNAL_CAST sig_int);
 	signal(SIGHUP,SIGNAL_CAST sig_int);
 	signal(SIGTERM,SIGNAL_CAST sig_int);
+
+	/* Ignore SIGPIPE; we check error codes consistently. */
+	signal(SIGPIPE,SIG_IGN);
 
 	/* Initialize push_dir here because on some old systems getcwd
 	   (implemented by forking "pwd" and reading its output) doesn't



Tags added: patch Request was from Jason Thomas <jason@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Philip Hands <phil@hands.com>, rsync@packages.qa.debian.org:
Bug#128632; Package rsync. Full text and rfc822 format available.

Acknowledgement sent to Martin Pool <mbp@samba.org>:
Extra info received and forwarded to list. Copy sent to Philip Hands <phil@hands.com>, rsync@packages.qa.debian.org. Full text and rfc822 format available.

Message #17 received at 128632@bugs.debian.org (full text, mbox):

From: Martin Pool <mbp@samba.org>
To: 128632@bugs.debian.org
Subject: #128632 - rsync processes hang around
Date: Sat, 16 Mar 2002 00:32:43 -0800
Colins patch is in upstream 2.5.4.  We believe that fixes this
problem.  Thanks.

-- 
Martin 



Reply sent to eb@penguinppc.org (Ethan Benson):
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Santiago Garcia Mantinan <manty@debian.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #22 received at 128632-done@bugs.debian.org (full text, mbox):

From: eb@penguinppc.org (Ethan Benson)
To: 128632-done@bugs.debian.org, 132272-done@bugs.debian.org
Subject: Fixed in upstream 2.5.4 (packaged as 2.5.4-1)
Date: Sat, 16 Mar 2002 16:32:31 -0900
upstream rsync 2.5.4 fixes both the problem of rsync daemon processes
never terminating when the client aborted the transfer, and the
security hole where it failed to drop root's groups.

both of these were problems at my site and ive confirmed that 2.5.4-1
fixes them.





Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 03:34:21 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.