bin/60758: cycle-eating endless loop in lock(1)

Tue Dec 30 23:00:39 PST 2003

>Number:         60758
>Category:       bin
>Synopsis:       cycle-eating endless loop in lock(1)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Dec 30 23:00:35 PST 2003
>Closed-Date:
>Last-Modified:
>Originator:     Colin Percival
>Release:        FreeBSD 5.2-RC2 i386
>Organization:
>Environment:
System: FreeBSD fafnir.daemonology.net 5.2-RC2 FreeBSD 5.2-RC2 #0: Mon Dec 22 07:23:48 GMT 2003 root at wv1u.freebsd.org:/usr/obj/usr/src/sys/GENERIC i386

>Description:

If fgets(3) fails, lock(1) will enter an endless loop:
write(1,0x804e000,5)                             ERR#5 'Input/output error'
read(0x0,0x804f000,0x1000)                       = 0 (0x0)
gettimeofday(0xbfbfe2b0,0x0)                     = 0 (0x0)
write(1,0x804e000,31)                            ERR#5 'Input/output error'
[repeat]

>How-To-Repeat:

1. ssh into a machine
2. su
3. lock
4. (with a different terminal) kill the ssh session.

su and lock will continue running, and lock will eat 100% of available cpu 
time.

>Fix:

Insert a sleep(1) call into the endless loop.  This still leaves an orphan 
lying around, but since lock is important for security purposes, this is 
probably safer than exiting.

--- lock.diff begins here ---
Index: lock.c
===================================================================
RCS file: /usr/cvs/src/usr.bin/lock/lock.c,v
retrieving revision 1.17
diff -u -r1.17 lock.c
--- lock.c	1 Sep 2003 04:12:18 -0000	1.17
+++ lock.c	31 Dec 2003 06:23:57 -0000
@@ -211,6 +211,7 @@
 		(void)printf("Key: ");
 		if (!fgets(s, sizeof(s), stdin)) {
 			clearerr(stdin);
+			sleep(1);
 			hi(0);
 			continue;
 		}
--- lock.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
