rooneg@gmail.com wrote on 03/30/2006 02:25:47 PM:
> On 3/30/06, Paul Burba <paulb@softlanding.com> wrote:
>
> > [[[
> > Fix deadlock vulnerability in OS400 hook processing.
> >
> > This is a follow-up to r19004 which addressed limitations with IBM's
> > implementation of APR processes. There is a flaw in r19004: A
deadlock
> > occurs if a hook script fills the stderr pipe and then Subversion
> > attempts to write stdin via a separate pipe. This patch fixes that.
> >
> > Found By: Peter N. Lundblad" <peter@famlundblad.se>
> >
> > * subversion/libsvn_repos/hooks.c
> > Include sys/poll.h, sys/types.h, unistd.h
> > (run_hook_cmd): Reimplemented using poll() to avoid deadlocks when
> > multiplexing with a hook process.
> > ]]]
>
> I just looked at this in passing, but it looks like:
>
> + /* Immediate poll to check if we can read stderr from the script.
*/
> + if (poll((struct pollfd *)(&pfds[0]), 1, 0) == -1)
> + {
> + return svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM, NULL,
> + "Error polling stderr of hook "
> + "script '%s'", cmd);
> + }
>
> That cast seems unnecessary. pfds is an array of struct pollfd, so
> &pfds[0] should already be a struct pollfd *.
>
> -garrett
Hi Garrett,
You are correct, thanks for pointing that out. If/when this patch gets
approved I'll remove the cast.
Paul B.
_____________________________________________________________________________
Scanned for SoftLanding Systems, Inc. and SoftLanding Europe Plc by IBM Email Security Management Services powered by MessageLabs.
_____________________________________________________________________________
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Mar 30 21:37:49 2006