[illumos-Advocates] RTI for bug 323: Need fix for glob() resource exhaustion

[Gordon Ross]

I approve.

On Tue, Jun 7, 2011 at 11:24 PM, Gary Mills <mills at cc.umanitoba.ca> wrote:
> I'm attaching the `hg export' output and mail_msg from a nightly run
> with lint, as well as a tar file of my test program.  This is for the
> FTP server portion of the bug report only.
>
> Here's outgoing:
>
>    $ hg outgoing -v
>    running ssh anonhg at hg.illumos.org "hg -R illumos-gate serve --stdio"
>    remote: Not trusting file /export/illumos/hgrepos/illumos-gate/.hg/hgrc from untrusted user hg, group hg
>    comparing with ssh://anonhg@hg.illumos.org/illumos-gate
>    searching for changes
>
>    changeset:   13384:72d00dd92134
>    tag:         tip
>    user:        Gary Mills <mills at cc.umanitoba.ca>
>    date:        Tue Jun 07 21:38:05 2011 -0500
>
>    description:
>        323 Need fix for glob() resource exhaustion
>        Reviewed by: Garrett D'Amore
>        Reviewed by: Dan McDonald
>
>    modified:
>       usr/src/cmd/cmd-inet/usr.sbin/in.ftpd/glob.c
>
>    remote: Not trusting file /export/illumos/hgrepos/illumos-gate/.hg/hgrc from untrusted user hg, group hg
>
> And pbchk.  Note that the original file contained hundreds of style
> violations.  I didn't have the nerve to fix them, but I do recommend
> that the entire FTP server product be replaced with something more
> modern and more maintainable:
>
>    $ hg pbchk | pg
>    remote: Not trusting file /export/illumos/hgrepos/illumos-gate/.hg/hgrc from untrusted user hg, group hg
>    remote: Not trusting file /export/illumos/hgrepos/illumos-gate/.hg/hgrc from untrusted user hg, group hg
>    Copyright check:
>
>    C style check:
>    usr/src/cmd/cmd-inet/usr.sbin/in.ftpd/glob.c: 7: line > 80 characters
>    usr/src/cmd/cmd-inet/usr.sbin/in.ftpd/glob.c: 7: space or tab at end of line
>    usr/src/cmd/cmd-inet/usr.sbin/in.ftpd/glob.c: 7: improper first line of block comment
>    usr/src/cmd/cmd-inet/usr.sbin/in.ftpd/glob.c: 7: missing blank after open comment
>    ...
>    usr/src/cmd/cmd-inet/usr.sbin/in.ftpd/glob.c: 693: indent by spaces instead of tabs
>    usr/src/cmd/cmd-inet/usr.sbin/in.ftpd/glob.c: 693: non-continuation indented 4 spaces
>
>    Header format check:
>
>    Java style check:
>
>    Mapfile comment check:
>
>    File permission check:
>
>    Keywords check:
>
>    Comments check:
>
>    Checking for new tags:
>
>    Checking for multiple heads (or branches):
>
>    Checking for branch changes:
>
>    Checking for uncommitted changes:
>
>    Checking for merges:
>
> Most of my testing was done under Solaris 11 Express with my test
> program and the modified glob.c.  I also tested the complete FTP
> server under oi_148b after I built it on that release.
>
> Here's a demo of the DOS with no changes to glob.c:
>
>    $ ./tglob {..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*cx
>    /* Keeps running */
>
>    $ prstat
>       PID USERNAME  SIZE   RSS STATE  PRI NICE      TIME  CPU PROCESS/NLWP
>     18110 mills    1864K 1220K cpu1    20    0   0:01:29  25% tglob/1
>      1254 mills    1713M 1457M sleep   59    0 171:14:27 0.3% Xorg/3
>     27681 mills     704M  439M sleep   59    0  12:46:06 0.2% firefox-bin/10
>      1083 root       21M   13M sleep   59    0  14:54:52 0.1% webserver/15
>
> Once limits were added, it behaved like this:
>
>    $ ./tglob '{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*'
>    Debug: expr={..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*
>    Error in server: Out of memory
>    $ ./tglob {..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*cx
>    Debug: expr={..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*cx
>    Error: Arguments too long
>
> The entire FTP server now behaves this way:
>
>    ftp> mls {..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*cx lfile3output to local-file: lfile3? y
>    200 PORT command successful.
>    550 Arguments too long
>    ftp> quit
>
> --
> -Gary Mills-        -Unix Group-        -Computer and Network Services-
>
> _______________________________________________
> Advocates mailing list
> Advocates at lists.illumos.org
> http://lists.illumos.org/m/listinfo/advocates
>
>