From owner-freebsd-bugs Thu Jan 10 11:40:16 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 799D237B41C for ; Thu, 10 Jan 2002 11:40:01 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g0AJe1p10175; Thu, 10 Jan 2002 11:40:01 -0800 (PST) (envelope-from gnats) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 79B9637B404 for ; Thu, 10 Jan 2002 11:39:15 -0800 (PST) Received: (from nobody@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g0AJdFc10108; Thu, 10 Jan 2002 11:39:15 -0800 (PST) (envelope-from nobody) Message-Id: <200201101939.g0AJdFc10108@freefall.freebsd.org> Date: Thu, 10 Jan 2002 11:39:15 -0800 (PST) From: Vladislav Shabanov To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-1.0 Subject: bin/33770: ftpd performs an infinite loop after sending >4Gb file via sendfile Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 33770 >Category: bin >Synopsis: ftpd performs an infinite loop after sending >4Gb file via sendfile >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Jan 10 11:40:01 PST 2002 >Closed-Date: >Last-Modified: >Originator: Vladislav Shabanov >Release: RELENG_4 >Organization: Rambler >Environment: FreeBSD index2.park.rambler.ru 4.4-RC FreeBSD 4.4-RC #2: Mon Oct 1 14:27:56 MSD 2001 root@index2.park.rambler.ru:/usr/src/sys/compile/INDEX2 i386 >Description: When ftpd sends a large file it hungs up. The file sent seems to be good (no corruption), but its impossible to retreive next one or do something else with this ftpd. This occures because size_t len; ... off_t filesize; len = filesize; /* len < filesize if filesize > 4 Gb */ sendfile ( ... , len, &cnt, ...) len -= cnt; /* len will be zero */ after second call to sendfile ( ... , len, &cnt, ...) system will send the tail of the file, and we have an infinite loop because always (cnt < filesize) >How-To-Repeat: dd if=/dev/zero of=./mylargefile bs=1M count=8192 fetch -o /dev/null ftp://me:mypassword@127.0.0.1/....mylargefile fetch will retrieve all file but it will infinitely wait for ftpd to send a reply(226, "Transfer complete."); >Fix: --- ftpd.c-old Tue Aug 21 18:14:38 2001 +++ ftpd.c Thu Jan 10 22:10:41 2002 @@ -1753,12 +1753,12 @@ len = filesize; err = cnt = offset = 0; - while (err != -1 && cnt < filesize) { - err = sendfile(filefd, netfd, offset, len, + while (err != -1 && filesize > 0) { + err = sendfile(filefd, netfd, offset, 0, (struct sf_hdtr *) NULL, &cnt, 0); byte_count += cnt; offset += cnt; - len -= cnt; + filesize -= cnt; if (err == -1) { if (!cnt) >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message