Bug-report:rsync may hung if time jumps backwards
Hello eveyone! According to below reproduce steps,you could observe a rsync hang: 1:configure and startup rsync service and mkdir /root/a mkdir /root/b dd if=/dev/zero of=/root/b/1 bs=1M count=1 dd if=/dev/zero of=/root/b/2 bs=1M count=1 dd if=/dev/zero of=/root/b/3 bs=1M count=1 dd if=/dev/zero of=/root/b/4 bs=1M count=1 dd if=/dev/zero of=/root/b/5 bs=1M count=1 2: start testcase ./change-time-loop.sh /dev/null ./rsync-loop.sh After applying this patch ,this issue went away. --- rsync-2.6.9/BUILD/rsync-2.6.9/util.c2014-11-11 13:02:11.495609639 +0800 +++ rsync-2.6.9/BUILD/rsync-2.6.9/util.c2014-11-11 13:01:37.606569696 +0800 @@ -1174,8 +1174,11 @@ * Always returns TRUE. (In the future it might return FALSE if * interrupted.) **/ + int msleep(int t) { + +#if 0 int tdiff = 0; struct timeval tval, t1, t2; @@ -1192,7 +1195,8 @@ tdiff = (t2.tv_sec - t1.tv_sec)*1000 + (t2.tv_usec - t1.tv_usec)/1000; } - +#endif + usleep(t*1000); return True; } Is it a correct fix? any comments would be appreciated!!! change-time-loop.sh Description: Bourne shell script rsync-loop.sh Description: Bourne shell script -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: Bug-report:rsync may hung if time jumps backwards
Thanks your reply, after test again, both Fixes bug 9789 and rsync 3.1.0 doesn't resolve this bug. when the test script was called as background, I still saw rsync hanged since tdiff variable is used. could you please try it again? while [ 1 ] do date -s 2012-10-30 06:28:04 date -s 2014-11-04 17:13:04 done On 11/19/2014 10:10 PM, devz...@web.de wrote: Hi, it seems that one already has been fixed in 3.1.0, see https://bugzilla.samba.org/show_bug.cgi?id=9789 and https://git.samba.org/?p=rsync.git;a=commit;h=2dc2070992c00ea6625031813f2b6c886ddc3ade you are still using 2.6.9 ? that`s rather old (~ 8yrs?) and may have bugs and security issues already being fixed. regards roland List: rsync Subject:Bug-report:rsync may hung if time jumps backwards From: yhu2 yadi.hu () windriver ! com Date: 2014-11-17 6:44:25 Message-ID: 54699949.1020503 () windriver ! com [Download message RAW] Hello eveyone! According to below reproduce steps,you could observe a rsync hang: 1:configure and startup rsync service and mkdir /root/a mkdir /root/b dd if=/dev/zero of=/root/b/1 bs=1M count=1 dd if=/dev/zero of=/root/b/2 bs=1M count=1 dd if=/dev/zero of=/root/b/3 bs=1M count=1 dd if=/dev/zero of=/root/b/4 bs=1M count=1 dd if=/dev/zero of=/root/b/5 bs=1M count=1 2: start testcase ./change-time-loop.sh /dev/null ./rsync-loop.sh After applying this patch ,this issue went away. --- rsync-2.6.9/BUILD/rsync-2.6.9/util.c2014-11-11 13:02:11.495609639 +0800 +++ rsync-2.6.9/BUILD/rsync-2.6.9/util.c2014-11-11 13:01:37.606569696 +0800 @@ -1174,8 +1174,11 @@ * Always returns TRUE. (In the future it might return FALSE if * interrupted.) **/ + int msleep(int t) { + +#if 0 int tdiff = 0; struct timeval tval, t1, t2; @@ -1192,7 +1195,8 @@ tdiff = (t2.tv_sec - t1.tv_sec)*1000 + (t2.tv_usec - t1.tv_usec)/1000; } - +#endif + usleep(t*1000); return True; } Is it a correct fix? any comments would be appreciated!!! [change-time-loop.sh (application/x-sh)] #!/bin/bash while [ 1 ] do date -s 2012-10-30 06:28:04 #sleep 3 date -s 2014-11-04 17:13:04 #sleep 3 done [rsync-loop.sh (application/x-sh)] #!/bin/bash while [ 1 ] do rsync -avz --password-file=/root/my.secrets /root/b root@127.0.0.1::logs rm /root/a/* -rf done -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: Bug-report:rsync may hung if time jumps backwards
Any progress? On 11/20/2014 09:57 AM, yhu2 wrote: Thanks your reply, after test again, both Fixes bug 9789 and rsync 3.1.0 doesn't resolve this bug. when the test script was called as background, I still saw rsync hanged since tdiff variable is used. could you please try it again? while [ 1 ] do date -s 2012-10-30 06:28:04 date -s 2014-11-04 17:13:04 done On 11/19/2014 10:10 PM, devz...@web.de wrote: Hi, it seems that one already has been fixed in 3.1.0, see https://bugzilla.samba.org/show_bug.cgi?id=9789 and https://git.samba.org/?p=rsync.git;a=commit;h=2dc2070992c00ea6625031813f2b6c886ddc3ade you are still using 2.6.9 ? that`s rather old (~ 8yrs?) and may have bugs and security issues already being fixed. regards roland List: rsync Subject:Bug-report:rsync may hung if time jumps backwards From: yhu2 yadi.hu () windriver ! com Date: 2014-11-17 6:44:25 Message-ID: 54699949.1020503 () windriver ! com [Download message RAW] Hello eveyone! According to below reproduce steps,you could observe a rsync hang: 1:configure and startup rsync service and mkdir /root/a mkdir /root/b dd if=/dev/zero of=/root/b/1 bs=1M count=1 dd if=/dev/zero of=/root/b/2 bs=1M count=1 dd if=/dev/zero of=/root/b/3 bs=1M count=1 dd if=/dev/zero of=/root/b/4 bs=1M count=1 dd if=/dev/zero of=/root/b/5 bs=1M count=1 2: start testcase ./change-time-loop.sh /dev/null ./rsync-loop.sh After applying this patch ,this issue went away. --- rsync-2.6.9/BUILD/rsync-2.6.9/util.c2014-11-11 13:02:11.495609639 +0800 +++ rsync-2.6.9/BUILD/rsync-2.6.9/util.c2014-11-11 13:01:37.606569696 +0800 @@ -1174,8 +1174,11 @@ * Always returns TRUE. (In the future it might return FALSE if * interrupted.) **/ + int msleep(int t) { + +#if 0 int tdiff = 0; struct timeval tval, t1, t2; @@ -1192,7 +1195,8 @@ tdiff = (t2.tv_sec - t1.tv_sec)*1000 + (t2.tv_usec - t1.tv_usec)/1000; } - +#endif + usleep(t*1000); return True; } Is it a correct fix? any comments would be appreciated!!! [change-time-loop.sh (application/x-sh)] #!/bin/bash while [ 1 ] do date -s 2012-10-30 06:28:04 #sleep 3 date -s 2014-11-04 17:13:04 #sleep 3 done [rsync-loop.sh (application/x-sh)] #!/bin/bash while [ 1 ] do rsync -avz --password-file=/root/my.secrets /root/b root@127.0.0.1::logs rm /root/a/* -rf done -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: Bug-report:rsync may hung if time jumps backwards
thanks your reply, could you please send off official fix? On 11/28/2014 04:05 AM, Wayne Davison wrote: On Sun, Nov 16, 2014 at 10:44 PM, yhu2 yadi...@windriver.com mailto:yadi...@windriver.com wrote: + usleep(t*1000); Is it a correct fix? any comments would be appreciated!!! The hang was not because time went backwards, but because it moved forward by over 2 years (which overflows a variable, making the value negative). I both fixed that issue, and added a configure check for usleep(), which we will use if it is around. Thanks! ..wayne.. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: Bug-report:rsync may hung if time jumps backwards
On 11/28/2014 09:41 AM, yhu2 wrote: thanks your reply, could you please send off official fix? or could you please tell me which release will include this patch. any comments would be appreciated! Yadi On 11/28/2014 04:05 AM, Wayne Davison wrote: On Sun, Nov 16, 2014 at 10:44 PM, yhu2 yadi...@windriver.com mailto:yadi...@windriver.com wrote: + usleep(t*1000); Is it a correct fix? any comments would be appreciated!!! The hang was not because time went backwards, but because it moved forward by over 2 years (which overflows a variable, making the value negative). I both fixed that issue, and added a configure check for usleep(), which we will use if it is around. Thanks! ..wayne.. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
A question about CVE-2014-8242
Hi,everyone here: whether or not CVE-2014-8242 affects rsync? any commnet would be appreciated!! Yadi -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: A question about CVE-2014-8242
wayne. Thanks your explanation, how about MD4 (rsync protocal 30)? any comment would be appreciated!! Thanks again. Yadi On 05/12/2015 05:19 AM, Wayne Davison wrote: On Mon, May 11, 2015 at 12:50 AM, yhu2 yadi...@windriver.com mailto:yadi...@windriver.com wrote: whether or not CVE-2014-8242 affects rsync? any commnet would be appreciated!! Yes. It would be extremely hard for someone to trigger that via indirect means (such as inserting DB data and managing to match a checksum record boundary in contents somehow). So, it has a very small potential to cause a particular file to fail to transfer with a bad file-checksum. I've made a simple change that should avoid the issue: https://git.samba.org/?p=rsync.git;a=commit;h=eac858085e3ac94ec0ab5061d11f52652c90a869 With the seed value moved to the right spot, an attacker can't craft a false-match record that works for any transfer. And the truly paranoid can use the --checksum-seed=NUM option with their own random-for-each-transfer value, should they think that rsync's seed method is too simplistic. I also plan to add a new checksum method, but that shouldn't be needed for thwarting this issue. ..wayne.. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: A question about CVE-2014-8242
Thanks great!!!. Yadi On 05/12/2015 05:19 AM, Wayne Davison wrote: On Mon, May 11, 2015 at 12:50 AM, yhu2 yadi...@windriver.com mailto:yadi...@windriver.com wrote: whether or not CVE-2014-8242 affects rsync? any commnet would be appreciated!! Yes. It would be extremely hard for someone to trigger that via indirect means (such as inserting DB data and managing to match a checksum record boundary in contents somehow). So, it has a very small potential to cause a particular file to fail to transfer with a bad file-checksum. I've made a simple change that should avoid the issue: https://git.samba.org/?p=rsync.git;a=commit;h=eac858085e3ac94ec0ab5061d11f52652c90a869 With the seed value moved to the right spot, an attacker can't craft a false-match record that works for any transfer. And the truly paranoid can use the --checksum-seed=NUM option with their own random-for-each-transfer value, should they think that rsync's seed method is too simplistic. I also plan to add a new checksum method, but that shouldn't be needed for thwarting this issue. ..wayne.. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html