Ralf S. Engelschall wrote:
>
> On Sat, Oct 31, 1998, Ben Laurie wrote:
>
> > Ralf S. Engelschall wrote:
> > > Hmmmm??? Do you mean it cannot occur in practice? Or do I misunderstand you
> > > here. As I said: We not even need an attacker: When an I/O read error occurs
> > > for gcache it already falls down. So the DoS attacker is just the worst case.
> >
> > Aha. Now we get down to it. OK, please describe how an I/O error can
> > occur on a locally connected socket.
>
> How it actually can occur I don't know. Depends on the platform, I think. But
> in general I don't think that Unix guarantees that a TCP connection to
> localhost always can be performed without any problems. I've no actual
> scenario of an I/O communication error at hand, but I've at least the code
> parts at hand which then could fail:
>
> | nRead=saferead(nFD,&usLength,sizeof usLength);
> | assert(nRead == sizeof usLength);
>
> Here the assert makes sure that really the requested number of bytes are read.
> But when an I/O error or some other communication problem occurs the actual
> number of read bytes can be different. Then the gcache process falls down.
> And I've seen exactly gcache exits with this assertion on my boxes (Solaris
> 2.6) while I was mostly sure that no personal attacker was involved. Instead
> I really assume it was just some I/O communication error...
This is exactly where it failed when gcache was crashing because of a
bug. Could it be that you assumed there was a network error instead?
Since gcache was fixed I have had no reports of this assertion failing.
I do not believe that an I/O error is possible on a locally connected
socket. I would be most reluctant to fix this without evidence that it
is actually a bug. Since this seems to be the thread for maxims, one of
my favourites is "if you don't understand why it is broken, don't fix
it", and I intend to stick to that.
Cheers,
Ben.
--
Ben Laurie |Phone: +44 (181) 735 0686| Apache Group member
Freelance Consultant |Fax: +44 (181) 735 0689|http://www.apache.org/
and Technical Director|Email: [EMAIL PROTECTED] |
A.L. Digital Ltd, |Apache-SSL author http://www.apache-ssl.org/
London, England. |"Apache: TDG" http://www.ora.com/catalog/apache/
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
