Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 240550 - vsftpd has a create/lock race condition which corrupts uploads
vsftpd has a create/lock race condition which corrupts uploads
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: vsftpd (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Martin Nagy
: Patch
Depends On:
  Show dependency treegraph
Reported: 2007-05-18 08:55 EDT by Martin Poole
Modified: 2016-07-26 19:46 EDT (History)
5 users (show)

See Also:
Fixed In Version: RHSA-2008-0680
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-07-24 15:34:52 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
patch to handle write race condition on simultaneous upload (1.55 KB, patch)
2007-05-18 08:55 EDT, Martin Poole
no flags Details | Diff
new patch to handle write race condition (2.20 KB, patch)
2007-11-29 03:33 EST, Martin Nagy
no flags Details | Diff

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2008:0680 normal SHIPPED_LIVE Moderate: vsftpd security and bug fix update 2008-07-24 12:38:54 EDT

  None (edit)
Description Martin Poole 2007-05-18 08:55:17 EDT
Description of problem:

There is a race condition in the open/lock code which is triggered when two
clients upload to the same file. The lock is only obtained after the file is
opened and in the case of the second client to causes the client to hang until
the first client completes. The problem is that both opens are performed with
O_TRUNC | O_APPEND which in the second client's case truncates the first
client's progress to that point. Once the first client completes and releases
the lock the second client then appends to whatever the first client uploaded
after the second client performed the open.  This results in a file which is
neither one thing nor the other.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Simultaneously upload different files from 2 clients to same file on server
Actual results:

Uploaded file is combination of tail of first client + second file.

Expected results:

One or the other file.

Additional info:

best reproduced by using large files or limiting upload rate.
Comment 1 Martin Poole 2007-05-18 08:55:19 EDT
Created attachment 154992 [details]
patch to handle write race condition on simultaneous upload
Comment 2 RHEL Product and Program Management 2007-11-28 23:20:06 EST
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
Comment 3 Martin Nagy 2007-11-29 03:33:51 EST
Created attachment 272551 [details]
new patch to handle write race condition

This patch also respects read lock on the file that is being overwritten.
Comment 4 Michal Nowak 2007-11-30 04:21:18 EST
Use RHTS test case
for testing.
Comment 5 Martin Nagy 2007-11-30 04:31:05 EST
Forgot that vsftpd-2.0.1 doesn't support locking.
Comment 6 Martin Nagy 2007-12-04 07:32:04 EST
Fixed in fedora/rawhide (vsftpd-2.0.5-21.fc9).
Comment 8 Martin Nagy 2008-02-08 05:50:34 EST
Fix checked in CVS and the new packages were built successfully. This issue
should be resolved in vsftpd-2.0.1-6.el4
Comment 12 errata-xmlrpc 2008-07-24 15:34:52 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.