Skip Menu |

This queue is for tickets about the CGI-Session CPAN distribution.

Report information
The Basics
Id: 17949
Status: resolved
Priority: 0/
Queue: CGI-Session

People
Owner: Nobody in particular
Requestors:
Cc:
AdminCc:

Bug Information
Severity: Important
Broken in: 3.11
Fixed in: (no value)



Subject: Race condition in CGI::Session::File::store
If two writers manage to call sysopen() successfully before either of them flock()s the session file, they end up overwriting each other's session values in the file. The problem occurs when the first writer's session object is longer than the second's. If that happens, since the second writer doesn't truncate() the file *again* after the flock() is acquired, you end up with trailing garbage in the session file. Adding: truncate(FH, 0); ... after the flock() and before the: print FH $self->freeze($data); ... should be enough to fix the problem. This occurs at least on 2.4 linux with perl 5.8.3. Reproduction is a real PITA, but we were able to do it by hacking the File driver to sleep for 2 seconds between file open and flock() and then having each writer write to a unique byte in the file. When we were finished, both writer's bytes were written.
On Thu Mar 02 20:07:40 2006, guest wrote: Show quoted text
> Reproduction is a real PITA, but we were able to do it by hacking the > File driver to sleep for 2 seconds between file open and flock() and > then having each writer write to a unique byte in the file. When we > were finished, both writer's bytes were written.
... or, rather, "writers'". :)