| Subject: | Race condition in Net::SSH 0.09 |
Hello,
I've found a race condition in Net::SSH.
In ssh_cmd, waitpid is called with the WNOHANG bit set after all file
descriptors have been closed.
If the process is terminated after the file descriptors get closed
then this creates a race condition.
I have not thoroughly investigated, but I wrote a trivial script to
test my theory; it simply logs into localhost 1000 times, running a
trivial command which is known to return true each time. If the result
in ($?>>8) is not 0, then the error count is incremented.
Running this script results in 25 errors with waitpid($pid, WNOHANG),
and 0 errors with waitpid($pid, 0).
It is also not clear to me why there is a need for setting WNOHANG at
all, since we know that the SSH process is about to exit.
Both my (trivial) patch and the example script are concatenated to the
end of this email.
Cheers,
Colin
#!/usr/bin/perl
use Net::SSH qw(ssh_cmd);
my $opts = {
'user' => 'colin',
'command' => ":",
'host' => 'localhost'
};
my $errs = 0;
for (my $i=0; $i<1000; $i++) {
ssh_cmd($opts);
$errs++ if $?>>8;
}
print "Number of errors: $errs\n";
--------------------------------------------------
--- SSH.pm 2010-05-27 17:21:28.000000000 +0100
+++ SSH.pm 2010-05-27 17:15:09.000000000 +0100
@@ -147,7 +147,7 @@
}
- waitpid($pid, WNOHANG);
+ waitpid($pid, 0);
die "$error_stream" if length($error_stream);