[stunnel-users] Race condition in libwrap_auth can hang threads waiting on libwrap process
Andrew Skalski
askalski at gmail.com
Wed Sep 5 04:09:59 CEST 2012
I ran into an issue with stunnel (verified with the latest version)
where under certain conditions, client connections will hang in the
"Waiting for a libwrap process" state.
The problem is a race condition in src/libwrap.c:
170 --num_busy; /* the child process has been released */
171 if(num_busy==num_processes-1) { /* need to wake up a thread */
172 retval=pthread_cond_signal(&cond); /* signal waiting threads */
173 if(retval) {
174 errno=retval;
175 ioerror("pthread_cond_signal");
176 longjmp(c->err, 1);
177 }
178 }
Removing the statement "if (num_busy==num_processes-1)" is one way to
fix the problem.
The conditions under which the race condition occur are:
- All libwrap processes are busy, and multiple threads are waiting
[num_busy == num_processes]
- One thread releases its libwrap process (this signals one of the
waiting threads)
- Another thread releases its libwrap process before the signaled
thread has a chance to acquire and increment num_busy.
Once that happens, all queued threads are stuck waiting on the
condition variable, until stunnel is hit with enough concurrent
connections to max out num_busy again. (Depending on traffic
patterns, this may not happen for a long time.)
Andy Skalski
More information about the stunnel-users
mailing list