Subject: | Race condition in CGI::Session::File::store |
If two writers manage to call sysopen() successfully before either of
them flock()s the session file, they end up overwriting each other's
session values in the file.
The problem occurs when the first writer's session object is longer than
the second's. If that happens, since the second writer doesn't
truncate() the file *again* after the flock() is acquired, you end up
with trailing garbage in the session file.
Adding:
truncate(FH, 0);
... after the flock() and before the:
print FH $self->freeze($data);
... should be enough to fix the problem.
This occurs at least on 2.4 linux with perl 5.8.3.
Reproduction is a real PITA, but we were able to do it by hacking the
File driver to sleep for 2 seconds between file open and flock() and
then having each writer write to a unique byte in the file. When we
were finished, both writer's bytes were written.