bugzilla-daemon at mindrot.org
2005-Oct-12 12:22 UTC
[Bug 1102] C program 'write' with zero length hangs
http://bugzilla.mindrot.org/show_bug.cgi?id=1102 Summary: C program 'write' with zero length hangs Product: Portable OpenSSH Version: 4.1p1 Platform: PPC OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: bitbucket at mindrot.org ReportedBy: timc at datacrown.co.uk A simple 'write( )' system call from a 'C' program with zero as the value of the data length hangs forever. Easily reproducable via a "one-line" program with the statement write(1,"anything",0); It only appears to be an AIX problem with both 5.2 and 5.3 failing but works fine with SCO-Unix. Attached nullout.c will save a little bit of typing. Our client has since tried it with "OpenSSH_4.2p1 and OpenSSL 0.9.8 5-Jul-05" build and reports it still fails. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Oct-12 12:25 UTC
[Bug 1102] C program 'write' with zero length hangs
http://bugzilla.mindrot.org/show_bug.cgi?id=1102 ------- Comment #1 from timc at datacrown.co.uk 2005-10-12 22:25 ------- Created an attachment (id=987) --> (http://bugzilla.mindrot.org/attachment.cgi?id=987&action=view) sample program which fails ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Oct-12 12:27 UTC
[Bug 1102] C program 'write' with zero length hangs
http://bugzilla.mindrot.org/show_bug.cgi?id=1102 ------- Comment #2 from timc at datacrown.co.uk 2005-10-12 22:27 ------- Created an attachment (id=988) --> (http://bugzilla.mindrot.org/attachment.cgi?id=988&action=view) sample program which fails ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Oct-12 12:28 UTC
[Bug 1102] C program 'write' with zero length hangs
http://bugzilla.mindrot.org/show_bug.cgi?id=1102 timc at datacrown.co.uk changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |timc at datacrown.co.uk ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Oct-12 12:34 UTC
[Bug 1102] C program 'write' with zero length hangs
http://bugzilla.mindrot.org/show_bug.cgi?id=1102 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #987 is|0 |1 obsolete| | Attachment #988 is|0 |1 obsolete| | ------- Comment #3 from djm at mindrot.org 2005-10-12 22:34 ------- Created an attachment (id=990) --> (http://bugzilla.mindrot.org/attachment.cgi?id=990&action=view) text version of previous attachment this looks like a kernel bug on your OS - I can't see what it has to do with OpenSSH. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Oct-12 13:07 UTC
[Bug 1102] C program 'write' with zero length hangs
http://bugzilla.mindrot.org/show_bug.cgi?id=1102 ------- Comment #4 from timc at datacrown.co.uk 2005-10-12 23:07 ------- Created an attachment (id=991) --> (http://bugzilla.mindrot.org/attachment.cgi?id=991&action=view) Additional comments That was my initial thought. However the sample program works (without recompilation/relink) when logged in locally and via 'rlogin' or 'telnet' -- to me this would point to the ssh i/o interface and/or driver on the host system. Additionally we have tried both the ETerm and PuTTY clients and they fail identically on AIX only. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Oct-12 13:10 UTC
[Bug 1102] C program 'write' with zero length hangs
http://bugzilla.mindrot.org/show_bug.cgi?id=1102 ------- Comment #5 from dtucker at zip.com.au 2005-10-12 23:10 ------- Which AIX Maintenance Levels do your systems have? Does the problem occur with other pty-using programs such as telnetd? (In reply to comment #3)> this looks like a kernel bug on your OS - I can't see what it has to do with > OpenSSH.I agree. Now some history: way back when dinosaurs roamed the earth (around AIX 4.3.3 ML 3 or so) the pty layer on AIX started returning zero for read() syscalls after zero-length writes to the pty. This was a problem for sshd, since POSIX says that a return code of zero from read() means EOF; this effectively meant that a program performing zero-length writes such as yours would result in sshd closing the session. Since this remained busted for quite a while, sshd was changed to ignore such zero-length reads to work around it (see bug #124 for the gory details). I'm wondering if maybe IBM has attempted to fix this and gone to the other extreme? AFAICT the zero-length write should be a no-op... It's also possible that the the work-around now has a side-effect. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Oct-12 13:56 UTC
[Bug 1102] C program 'write' with zero length hangs
http://bugzilla.mindrot.org/show_bug.cgi?id=1102 ------- Comment #6 from dtucker at zip.com.au 2005-10-12 23:56 ------- Could you please attach (as an attachment not in the comment field) the output from the server debugging when you run your program? (ie "/path/to/sshd -ddde -p 2022" then connect to the server on port 2022 and run your program)? BTW, I had a look for the changes mention in bug #124 but didn't find the zero-length fix where I expected. I'll need to look closer at that when I get a chance. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Oct-13 08:49 UTC
[Bug 1102] C program 'write' with zero length hangs
http://bugzilla.mindrot.org/show_bug.cgi?id=1102 ------- Comment #7 from timc at datacrown.co.uk 2005-10-13 18:49 ------- Created an attachment (id=992) --> (http://bugzilla.mindrot.org/attachment.cgi?id=992&action=view) Debug log files ZIPped up These are the debug files you asked for. I did it with both E-Term32 and PuTTY. Ihave included the debug output from the AIX server (aix-*.log files) and from the PC client (pc-*.log files) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Oct-13 10:03 UTC
[Bug 1102] C program 'write' with zero length hangs
http://bugzilla.mindrot.org/show_bug.cgi?id=1102 ------- Comment #8 from dtucker at zip.com.au 2005-10-13 20:03 ------- Did this line appear in the sshd debug output immediately after you ran your program? debug2: channel 0: rcvd adjust 2 debug2: channel 0: read<=0 rfd 10 len 0 debug2: channel 0: read failed BTW, you didn't mention which AIX Maintenance Level and/or PTF you have on your systems. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Oct-13 11:03 UTC
[Bug 1102] C program 'write' with zero length hangs
http://bugzilla.mindrot.org/show_bug.cgi?id=1102 ------- Comment #9 from timc at datacrown.co.uk 2005-10-13 21:03 ------- Created an attachment (id=993) --> (http://bugzilla.mindrot.org/attachment.cgi?id=993&action=view) Log file extract Simple answer to your questin is YES but for completeness I have extracted the part of the logfile that occurs for the duration of the test program. I'm still waiting for the maint/patch level info from our client. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Oct-13 11:31 UTC
[Bug 1102] C program 'write' with zero length hangs
http://bugzilla.mindrot.org/show_bug.cgi?id=1102 ------- Comment #10 from dtucker at zip.com.au 2005-10-13 21:31 ------- Created an attachment (id=994) --> (http://bugzilla.mindrot.org/attachment.cgi?id=994&action=view) only close connection for zero-length stdin reads when errno set I don't think that your program isn't really hanging, although it looks that way. What I think is happening is that your zero-length write results in a zero length read in sshd, which results in the channel being shut down. sshd is waiting for all of the file descriptors to close, while your program (or the shell) is waiting for its stdin to be read. With them deadlocked, it would appear that the sshd session hung. I just read the SuSv3 specs for read(2) (http://www.opengroup.org/onlinepubs/000095399/functions/read.html). It's not clear but it appears that returning a zero-length read is permitted for STREAMS sockets (although I didn't think AIX's pty layer was STREAMS based). So, AIX's behaviour might be compliant, although quite unusual. Anyway, please try the attached patch (against -current but should apply to 4.1p1 or 4.2p1). It's a bit ugly but it seems to be the only way to handle the zero-length case, assuming the above is correct. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Oct-17 13:47 UTC
[Bug 1102] C program 'write' with zero length hangs
http://bugzilla.mindrot.org/show_bug.cgi?id=1102 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #994 is|0 |1 obsolete| | ------- Comment #11 from dtucker at zip.com.au 2005-10-17 23:47 ------- Created an attachment (id=1002) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1002&action=view) Handle zero-length reads on AIX ptys I don't think the change to the control socket code is not necessary so I've removed it. Hopefully this will still resolve the problem. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.