Red Hat Bugzilla – Bug 240550
vsftpd has a create/lock race condition which corrupts uploads
Last modified: 2016-07-26 19:46:20 EDT
Description of problem:
There is a race condition in the open/lock code which is triggered when two
clients upload to the same file. The lock is only obtained after the file is
opened and in the case of the second client to causes the client to hang until
the first client completes. The problem is that both opens are performed with
O_TRUNC | O_APPEND which in the second client's case truncates the first
client's progress to that point. Once the first client completes and releases
the lock the second client then appends to whatever the first client uploaded
after the second client performed the open. This results in a file which is
neither one thing nor the other.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Simultaneously upload different files from 2 clients to same file on server
Uploaded file is combination of tail of first client + second file.
One or the other file.
best reproduced by using large files or limiting upload rate.
Created attachment 154992 [details]
patch to handle write race condition on simultaneous upload
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release. Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products. This request is not yet committed for inclusion in an Update
Created attachment 272551 [details]
new patch to handle write race condition
This patch also respects read lock on the file that is being overwritten.
Use RHTS test case
Forgot that vsftpd-2.0.1 doesn't support locking.
Fixed in fedora/rawhide (vsftpd-2.0.5-21.fc9).
Fix checked in CVS and the new packages were built successfully. This issue
should be resolved in vsftpd-2.0.1-6.el4
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.