cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: potential TFTP bug

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Mon, 4 Apr 2011 20:00:39 +0200 (CEST)

On Mon, 4 Apr 2011, Garrod, David wrote:

> As far as I can see the "Sorcerer's Apprentice" bug is still in the TFTP
> module (tftp.c) of the latest curl (curl-7.21.4). Given that it has existed
> for so long and is explicitly warned about in the RFC1123 I'm confused as to
> how it has existed in the source for so long.

I would guess this is because it hasn't harmed or annoyed enough people. Or
perhaps the ones that it did harm were too lazy to fix it...

> It looks to me that every time a data packet gets delayed in the network
> there will be a duplication of all subsequent packets.

So can you give us unlightened people a short explanation what the nature of
this problem is?

> I'm trying to work out the best way to fix this in our local curl source.
> Simply never retransmitting the data packet on receipt of an old ACK does
> not really fix it. Because by default the retransmission interval is 15
> seconds which means that every time a packet gets discarded due to
> congestion involves a 15+ second delay. It ends up being longer than 15
> seconds because the the CURL TFTP implementation restarts the 15 second
> timer on receipt of each ACK.

If you need a timer that doesn't restart on each ACK, can't you change the
behavior or introduce a new timer for this?

> So does anybody have a patch for the Sorcerer's Apprentice bug for tftp.c in
> the curl source?

I haven't seen any.

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2011-04-04