Bug 240550 – vsftpd has a create/lock race condition which corrupts uploads

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 240550 - vsftpd has a create/lock race condition which corrupts uploads

Summary:	vsftpd has a create/lock race condition which corrupts uploads

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 4
Classification:	Red Hat
Component:	vsftpd (Show other bugs)
Sub Component:
Version:	4.5
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Martin Nagy
QA Contact:
Docs Contact:

URL:
Whiteboard:
Keywords:	Patch

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2007-05-18 08:55 EDT by Martin Poole
Modified:	2018-10-19 14:36 EDT (History)
CC List:	4 users (show)

See Also:
Fixed In Version:	RHSA-2008-0680
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2008-07-24 15:34:52 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
patch to handle write race condition on simultaneous upload (1.55 KB, patch) 2007-05-18 08:55 EDT, Martin Poole	no flags	Details \| Diff
new patch to handle write race condition (2.20 KB, patch) 2007-11-29 03:33 EST, Martin Nagy	no flags	Details \| Diff
Show Obsolete (1) Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2008:0680	normal	SHIPPED_LIVE	Moderate: vsftpd security and bug fix update	2008-07-24 12:38:54 EDT

Groups: None (edit)

Description Martin Poole 2007-05-18 08:55:17 EDT

Description of problem:

There is a race condition in the open/lock code which is triggered when two
clients upload to the same file. The lock is only obtained after the file is
opened and in the case of the second client to causes the client to hang until
the first client completes. The problem is that both opens are performed with
O_TRUNC | O_APPEND which in the second client's case truncates the first
client's progress to that point. Once the first client completes and releases
the lock the second client then appends to whatever the first client uploaded
after the second client performed the open.  This results in a file which is
neither one thing nor the other.

Version-Release number of selected component (if applicable):

vsftpd-2.0.1-5.EL4.5

How reproducible:

Always.

Steps to Reproduce:
1. Simultaneously upload different files from 2 clients to same file on server
2.
3.
  
Actual results:

Uploaded file is combination of tail of first client + second file.

Expected results:

One or the other file.

Additional info:

best reproduced by using large files or limiting upload rate.

Comment 1 Martin Poole 2007-05-18 08:55:19 EDT

Created attachment 154992 [details]
patch to handle write race condition on simultaneous upload

Comment 2 RHEL Product and Program Management 2007-11-28 23:20:06 EST

This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.

Comment 3 Martin Nagy 2007-11-29 03:33:51 EST

Created attachment 272551 [details]
new patch to handle write race condition

This patch also respects read lock on the file that is being overwritten.

Comment 4 Michal Nowak 2007-11-30 04:21:18 EST

Use RHTS test case
       /CoreOS/vsftpd/regressions/testbug_para_upload
for testing.

Comment 5 Martin Nagy 2007-11-30 04:31:05 EST

Forgot that vsftpd-2.0.1 doesn't support locking.

Comment 6 Martin Nagy 2007-12-04 07:32:04 EST

Fixed in fedora/rawhide (vsftpd-2.0.5-21.fc9).

Comment 8 Martin Nagy 2008-02-08 05:50:34 EST

Fix checked in CVS and the new packages were built successfully. This issue
should be resolved in vsftpd-2.0.1-6.el4

Comment 12 errata-xmlrpc 2008-07-24 15:34:52 EDT

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2008-0680.html

Note You need to log in before you can comment on or make changes to this bug.