[PATCH] Limit size of the iovect passed to writev in packet.c
Matt Johnston
matt at ucc.asn.au
Tue May 20 21:23:30 WST 2014
Hi Ronny,
Thanks for those patches, I've applied them. Definitely a
nasty bug.
Cheers,
Matt
On Mon, May 19, 2014 at 08:22:19AM +0200, ronny.meeus at gmail.com wrote:
> The writev allows only a limited number of entries to be present in the
> iovector. This number depends on the OS. If more entries are passed, the
> writev operation fails and the connection is closed.
>
> This patch limits the size of the vector to the maximum number accepted
> by the OS. On some operating systems IOV_MAX is not defined, if this is
> the case UIO_MAXIOV is being used as the maximum value.
>
> In the problematic scenario the Linux box, running dropbear, has a slow
> uplink. If an ssh is done to the box and a command is executed that
> generates a lot of small fragments (for example a 'find .' in the root),
> a lot of small interactions are seen between dropbear and the shell process.
> The observation was that the amount of entries pending in the queue could
> go up to 7500. Since all entries present in the queue will be passed to
> writev an error will be returned since Linux only accepts 1024 entries to
> be present in the vector. The result is that the connection is being closed.
More information about the Dropbear
mailing list