[PATCH] Was: Re: r19004

Paul Burba <paulb@softlanding.com> wrote on 03/27/2006 11:20:46 AM:

> "Peter N. Lundblad" <peter@famlundblad.se> wrote on 03/24/2006 03:25:36
> PM:
> > This is a deadlock if the stderr pipe fills up while you're writing to
> > the stdin of the hook script. You need to use poll/select to
> > read/write simultaneously.
>
> Sorry I committed this before you caught it. The deadlock scenario you
> describe was easy to create, even if my example was a bit contrived. I'm

> working on this now...more soon.

Hi Peter,

Sorry this took so long, there were a few bumps along the way :-\

This patch uses poll() to avoid the deadlock scenario you described.
Please take a look if you have some time.

And thanks for spotting this problem, it was not readily apparent to me.

Paul B.

[[[
Fix deadlock vulnerability in OS400 hook processing.

This is a follow-up to r19004 which addressed limitations with IBM's
implementation of APR processes. There is a flaw in r19004: A deadlock
occurs if a hook script fills the stderr pipe and then Subversion
attempts to write stdin via a separate pipe. This patch fixes that.

Found By: Peter N. Lundblad" <peter@famlundblad.se>

* subversion/libsvn_repos/hooks.c
   Include sys/poll.h, sys/types.h, unistd.h
   (run_hook_cmd): Reimplemented using poll() to avoid deadlocks when
    multiplexing with a hook process.
]]]

_____________________________________________________________________________
Scanned for SoftLanding Systems, Inc. and SoftLanding Europe Plc by IBM Email Security Management Services powered by MessageLabs.
_____________________________________________________________________________

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org