View Issue Details

IDProjectCategoryView StatusLast Update
0000204Main CAcert Websitesource codepublic2013-01-14 03:34
ReporterbluecAssigned To 
Status closedResolutionduplicate 
Fixed in Version2006 
Summary0000204: Bad locking algorithm / DoS possible
DescriptionIn scripts/clientcert.php the following locking algorithm is used:

                $ps = trim(`ps auxww|grep clientcerts.php|grep -v grep|wc -l`);
                $ps += trim(`ps auxww|grep servercerts.php|grep -v grep|wc -l`);
                if($ps > 1)
                        usleep(rand(90000, 100000));
        } while($ps > 1)

If it happens that more than one process ends up in this while loop at the same time, the $ps will always be >1 but none of the processes will be able to leave the loop.
Additional InformationA possible solution would be that the script terminates if it cannot obtain the lock using a special exit code. The wrapping programm runscript.c should look at the exit code, sleep and restart the script.

It might be possible to use this for a denial of service attack against the signing process.
TagsNo tags attached.
Reviewed by
Test Instructions


has duplicate 0000275 closed Race condition 



2006-08-04 00:16

developer   ~0000293

bug 0000275 may solve this bug, closing this bug, feel free to add comments to 275...

Issue History

Date Modified Username Field Change
2006-04-13 08:06 bluec New Issue
2006-07-31 10:45 bluec Relationship added has duplicate 0000275
2006-08-04 00:16 duane Status new => closed
2006-08-04 00:16 duane Note Added: 0000293
2006-08-04 00:16 duane Resolution open => duplicate
2006-08-04 00:17 duane Fixed in Version => production
2013-01-14 03:34 Werner Dworak Fixed in Version => 2006