Package: xtrace Version: 1.4.0-1+b1 Severity: normal Tags: patch Dear Maintainer,
The loop in main.c checks for input on multiple clients, but lines 292-305 should be outside of this loop, and only checked once per invocation of select(). Otherwise when N clients are connected it leads to blocking reads from stdin, typically waiting N times and then allowing N requests through all at once. The patch below also uses STDIN_FILENO instead of 0, for easier readability. --- main.c.orig 2024-03-03 09:40:41.443380046 -0800 +++ main.c 2024-03-03 10:32:13.911321696 -0800 @@ -288,21 +288,21 @@ } continue; } - for( c = connections ; c != NULL ; c = c->next ) { - if( interactive && FD_ISSET(0,&readfds) ) { - char buffer[201]; - ssize_t isread; - isread = read(0,buffer,200); - if( isread == 0 ) - exit(EXIT_SUCCESS); - if( isread > 0 ) { - buffer[isread]='\0'; - int number = atoi(buffer); - if( number <= 0 ) - number = 1; - allowsent += number; - } + if( interactive && FD_ISSET(STDIN_FILENO,&readfds) ) { + char buffer[201]; + ssize_t isread; + isread = read(STDIN_FILENO,buffer,200); + if( isread == 0 ) + exit(EXIT_SUCCESS); + if( isread > 0 ) { + buffer[isread]='\0'; + int number = atoi(buffer); + if( number <= 0 ) + number = 1; + allowsent += number; } + } + for( c = connections ; c != NULL ; c = c->next ) { if( c->client_fd != -1 ) { if( FD_ISSET(c->client_fd,&exceptfds) ) { close(c->client_fd); -- System Information: Debian Release: trixie/sid APT prefers testing-debug APT policy: (500, 'testing-debug'), (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.5.0-2-amd64 (SMP w/48 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages xtrace depends on: ii libc6 2.37-15 xtrace recommends no packages. Versions of packages xtrace suggests: ii xauth 1:1.1.2-1 -- debconf-show failed