Mailing List Archive

i can't replicate that, but what does this return for you:

head -c 196481 /dev/zero | cat -u | ssh machine-name 'LANG=C wc'

On Mon, 9 Nov 2009, Matthieu Moy wrote:
> Hi,
>
> I'm having trouble with the sshd on one particular machine. In short:
>
> $ head -c 196481 /dev/zero | ssh machine-name 'LANG=C wc'
> 0 0 65536
>
> (the 65536 here should have been a 196481 ...)
>
> This happens whether I launch the command from the machine, or from
> another remote machine. The OpenSSH version is:
>
> OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
>
> with:
>
> $ cat /etc/redhat-release
> Red Hat Enterprise Linux Server release 5.4 (Tikanga)
> $ uname -a
> Linux machine-name 2.6.18-128.7.1.el5 #1 SMP Wed Aug 19 04:08:13 EDT 2009 ppc64 ppc64 ppc64 GNU/Linux
>
> One surprising thing:
>
> $ head -c 196481 /dev/zero | ssh machine-name 'LANG=C wc'
> 0 0 65536
> $ head -c 196480 /dev/zero | ssh machine-name 'LANG=C wc'
> 0 0 196480
>
> So, the bug is triggered when sending 196481 bytes or more, but the
> consequence is a truncation of the input at 65536=2^16 bytes.
>
> Any idea what's going on?
>
> Thanks,
>
> --
> Matthieu Moy
> http://www-verimag.imag.fr/~moy/
>

Lamont Granquist <lamont@scriptkiddie.org> writes:

> i can't replicate that, but what does this return for you:
>
> head -c 196481 /dev/zero | cat -u | ssh machine-name 'LANG=C wc'

head -c 196481 /dev/zero | cat -u | ssh localhost 'LANG=C wc'
0 0 65536

--
Matthieu Moy
http://www-verimag.imag.fr/~moy/

Matthieu Moy <Matthieu.Moy@grenoble-inp.fr> writes:

> Hmm, even funnier:
>
> (head -c 196480 /dev/zero; sleep 0.25; head -c 196480 /dev/zero) | ssh localhost "wc -c"
> 392960
> (head -c 196480 /dev/zero; sleep 0.2; head -c 196480 /dev/zero) | ssh localhost "wc -c"
> 65536

Actually, just

(sleep 0.1; head -c 196481 /dev/zero) | ssh localhost "wc -c"
65536
(sleep 0.2; head -c 196481 /dev/zero) | ssh localhost "wc -c"
196481

And interestingly, if I do

echo 'sleep 1' > ~/.bashrc

then

(sleep 1.0; head -c 196481 /dev/zero) | ssh localhost "wc -c"
65536
(sleep 1.1; head -c 196481 /dev/zero) | ssh localhost "wc -c"
196481

Also,

ensibm:~>(head -c 196480 /dev/zero; sleep 1.2; echo boom) | ssh localhost "wc -c"
196485
ensibm:~>(head -c 196480 /dev/zero; sleep 1.0; echo boom) | ssh localhost "wc -c"
65536

and,

ensibm:~>rm ~/.bashrc
ensibm:~>(head -c 196480 /dev/zero; sleep 1.0; echo boom) | ssh localhost "sleep 1; wc -c"
65536
ensibm:~>(head -c 196480 /dev/zero; sleep 1.2; echo boom) | ssh localhost "sleep 1; wc -c"
196485

and more precisely,

ensibm:~>(head -c 196480 /dev/zero; sleep 1; echo boom) | ssh localhost "head -c 16383 | wc -c; sleep 2; wc -c"
16383
49153
ensibm:~>(head -c 196480 /dev/zero; sleep 1; echo boom) | ssh localhost "head -c 16384 | wc -c; sleep 2; wc -c"
16384
180101

The last one says that if strictly more than 196480 bytes are sent to
ssh, _and_ if strictly less than 16384 bytes (= 16KiB) are consumed
quickly, then the bug occurs.

--
Matthieu Moy
http://www-verimag.imag.fr/~moy/