Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > gnu.bash.bug > #14711
| Path | csiph.com!xmission!news.snarked.org!news.linkpendium.com!news.linkpendium.com!panix!usenet.stanford.edu!not-for-mail |
|---|---|
| From | Dirk Wetter <dirk+bash@testssl.sh> |
| Newsgroups | gnu.bash.bug |
| Subject | Re: bash sockets: printf \x0a does TCP fragmentation |
| Date | Thu, 11 Oct 2018 18:53:18 +0200 |
| Lines | 87 |
| Approved | bug-bash@gnu.org |
| Message-ID | <mailman.2024.1539276811.1284.bug-bash@gnu.org> (permalink) |
| References | <20180922231240358868037@bob.proulx.com> <20180922111950901701520@bob.proulx.com> <c6de6616-dda0-570d-de56-419e7676be8a@cbii-hh.de> <20180921231101307758654@bob.proulx.com> <714e1ba0-0052-2f2b-676d-778f2b7129c1@testssl.sh> <7769.1537667711@jinx.noi.kre.to> <24434.1537694402@jinx.noi.kre.to> <20180923114607811266911@bob.proulx.com> |
| NNTP-Posting-Host | lists.gnu.org |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset=utf-8 |
| Content-Transfer-Encoding | base64 |
| X-Trace | usenet.stanford.edu 1539276812 8660 208.118.235.17 (11 Oct 2018 16:53:32 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| To | bug-bash@gnu.org |
| Envelope-to | bug-bash@gnu.org |
| Openpgp | preference=signencrypt |
| Autocrypt | addr=dirk+bash@testssl.sh; prefer-encrypt=mutual; keydata= xsFNBFSxqIwBEAClqHueTe+Ro+I4jReXss4DKwfeKhl23yuEZ7wN7GxBwGxslYxY15sJWhJ1 C0eglGwNGd/P3ObGgdNiT/DDvQzKFe8wcpCUnAOuE+ZnylBnqVD6xUmd+mPl6j9B7ByP42mY 81EK2ZSJ84mWjwOjT66pxjvWq7jzWfBA+QEQTlxiF18CFiHnv9XoLAD5yk04x6DyBGQZtobB YmN9uujK+nrbXPO4qQ+h4xWhWZ5U/77O2R0JgvrwvROfa+sS+oaP+9TTAko9BJYr0wfZ1meY C/fqidB0ihgTJjHgR4wjeklA5xvrwMHNSNcCN+fPYzfUcQsrQ+kY+NskkPYNr/3zbAvhPoT4 YXk8XQs1pNFNS9qF33iKWgU+zqKTC4NxqduVZGinpGhDZcACIE2fXrllMB7NW6/9BundIoaf XRchVPxJpujvQE91IAQktSWqVbQb7O8CSJQybDoAPRZvh/9ayIhBRx76oYLNAIrjFElBEhx9 hAloH0wCcXS1DvbvcQL9qz61qF09fuH/T1jB/YRkzk1EMmB3pO4hjC27yNiUuDKZlz5PUZoZ O7SJFdcvDxlAmBK6I3D1TQvldDljbZl/vhcuSmX41rp//ChTVxdE7p7RnK2KxoZLob2m8AYO zva5bokelFHQFjFz28/FPiMLmns/rsnZWRcQA4dCUSyHPnlRTQARAQABzR1EaXJrIFdldHRl ciA8ZGlya0B0ZXN0c3NsLnNoPsLBfQQTAQIAJwIbAwUJCWYBgAIeAQIXgAUCVLGqUAULCQgH AwUVCgkICwUWAgMBAAAKCRDJruzh0KdFadYaD/9EBNSCUOMoGT/2zhW5aUlHaCQcU6vq407M i8VLUPn3Fhnk+NvxH6ALMDjqrEQqDHVWyPQEApC6ULkhto+8LP4e96iKY55bj2glMCNMl+J8 iTHC9zjxe1FveOc1zpnhnqRjdZ8jXJVsg0Mm4biRCH7fp8B/oDZuqYajQeDh+/30VI5pr3TM y5qUe9xrfFrapaziccU36v2b8ZT6ZGXDwspafu9o78jpgaXPUcLCs3svvmjy3J/eXyD3dXbX 6eHhNkATfLqT7Jm+d8Cq4gjsjxfsnsKkvknbvgGPEOfUPVpLFUPRxUdd7MzEfmOpwXDoBXyQ Of9mSukMxCW7+I8k7xioGarILIBeLX6vBM50WSvTDonq6DNnI/SY72GYuXJkbfiFw+cp1yPg FHTyLI4KO9SZMXh6g7xDqwkKCRFK19eFtvNzevdCHBkOT54ggaD2U/oc64KBAkdxVTjGIRgW /BAJmrhMS1fggMX6lE2ZYzefcdxyks54W/ghrZzlbVhojjdVHSVWNbYtw5HDmCdCWhuelUbJ 5Ot+ZjMoiGnFT71+Oq99flg9rIcvVezqyiiISwEBJYtYXhbrHsTxMe5XaaOtpIhPyCaauL18 JEpJ0vJCyTaR9kz7vHIKabfAkmV+LTpoW27y+Dqji4yqwFwGbfME2X+LZQhj4gNKqVpjBiuk FM7BTQRUsaiMARAArdzf1/h1XlkzSN18jAX6gldmvaZ+h/uMwMW9ko6aNvZLp+pCdWLjuuvy f2RwbGVaZ+wFU456RVroEI4m8lVj53NqokD1jSH/REYKZWqAjH91KBQW1FD8edZ5DZWjqGk4 GET5c0uppllI+5n6SmOmlczEyHQZnIalRZSADccU9tmXdhxmTeEBTRmUln2rLY1lhjJXpZDK U7ywJIn6tvikGIcAT4GwgzphtT0IRHXMa3Lmx31BahLff9hatte4Ll1KIXrFudytUTjvhwa+ R77PdV7BJPxLtL7HLReyH6puAU4r7qpZAmYrGPX38n//4mgM6hNM9bWLMlzk1LG472hOWzhM P6eMDYkr8DQmeW977+9bzeWRt3iImGvWEMM9F7KXkIiR2Vpcmy7R72PvvB6fqp+BFGwCO9WA T+SjHbfluazowtweAfa2I7rXcjyK77B4vfGwElelQHRXx4fC6wD0k64wYt5atAW312GCV96g 4s3O3V4Dbe/SdwccXuR0vnI5NuQu2vJbHrO2OeZYpXX7MqHRnc1Hbm3Sz6BHwyPPT2ZCn18p WxNAJyWhC5OX9noPA5EySG3ERqbf05K+shuNAXe0HioQpLFq5f6kyjeXy0QDHsWhPYXEI8qS v45fcJVIFEX9o/UgStz2vzYl0SsyZo8z/fks8TsClJpFF9zxx08AEQEAAcLBZQQYAQIADwUC VLGojAIbDAUJCWYBgAAKCRDJruzh0KdFabWLD/0TXt5nZV8WVN3lWeHp7aerFE7dnviki8Aq 4oTajYuYm+dxkM1SBWS1oKIDsffbxudRJ3X4fH47/RSyFypBt5IYGrgE7nWZSdt0FVVe0XU/ qHslzHC/n9QRZDWDbWNQB+VmdBMAVIse9Y/izzRKGyPm/OWMU3bC61lcc3uZ0xkGrEh3wctS fkQIKEdQHlrq6oeiynhSkxAlNOZtoDnopyqAVEbfpMpi16Y2aeG9diEbFH7TZw+YmzWpoxtu Q0EBBYsmNvaLHmg+YBxwOV4R0vFlVgI1fgKrkgGKp0b3zy92ryTKNNwWPDviZPjA0FLGGvo/ qjH565uVhGJg/YwccRofrimWPRchehpcRQrukHTYBOC4Nz6IyroZQFtIXecTG0sZVSQh3deN Wgl2rPVcnbnPcyE8ECevTt4D09QjOlYYmkIEGSpXisIvbpVlmDIPMWgSzr1/c/OyNmtypUhp eaUPL+KPU5jSkTExP2pr8BdE3U9IuA69irORzAzVej0NjJwlrW+JJqA+st2ZgEZAFozEWZM0 e4lhtPBdpkLXxiRclKVduxRrOiSL7hYtQX8M9jbIvt9282F7VI/NY9IpCym/ZvjncocD8QlG AcSipURhKb/PIsP2hdxLnQqXCCCEM+cUunTKn+ihEU/LjBDePTGn2llVXZXtv6LTzWYD+Gqj t8LB8wQYAQgAJhYhBDMuMVo63aruahE5V8mu7OHQp0VpBQJZQ/nCAhsCBQkC5jyAAIEJEMmu 7OHQp0VpdiAEGRYIAB0WIQS77jjFhXpE3D8w7mrMVe4VIWR6GQUCWUP5wgAKCRDMVe4VIWR6 GWcWAQDMwxqG6XpodOIwrUQ+8EmSpS1leGkI81bvXcbnwOSicQEArFpEUi1HF/+nUT71oAg2 F9cs/UO9K5Y/8YWIB1r6wQ8f8w//VjlBr5YGzgBY1fIXsM+xzjnPQTZHfyThUL36G97acRq/ 8mhrSipAmUkAwT9uBdfVhD07qL+QDMht4Wn5YxMxT90/8rY9OHQTy0f9szVG/2gMug71MUnH /eugG/Kb2hMm5ZViB93/nskAGfVUqLI/rRkQp1OV6Ufm6iGSEQnzsbWQA44oAT+QN/HpRlbx K8woRI3IdK+D4ftikmG4wGgyGPmuNiNPBszaBwfvdzxA9qfZPfng3BQtCxDUhKNPVH6ePQQO r6dAYc5RmcqzaO8Wf6rBXukdIKF3k34PsCQnQ9uRcp+uCnuYM86Qr7TaHSbfmI9SIYNfzbcz /fjaTzXYEIrr1V5cpeZFfovbBOFvgsrOkMowu1WTxTMn4qlv+65r5JOg9bGOeGRai4vrqCop oNB+oTdLcP8K6eg/O3fNloWGp8CIJi6elsceWCqFQJ44Z779+tPb3sMCRL5biAZLCtMcy1Lc Uyzm4uNP57rOLNnqhaOrPvFz0oIa9JtvE5HheHtXvCEOQRWHhG1TH8w5EaeRD/xWWSU+iupl XwWAwH60ytYNyWN2kcnf2VbItBA+bCqGvyG4XrAzp6CxGalhMD62eQA9HM6oRkOx6dPL0WFB WiJbj7JlwwC0EDFWOsXsg/BnxmIL4whS2kJN7M72UDYCZBU68A76sswyZN5Y6MnCwXwEGAEI ACYWIQQzLjFaOt2q7moROVfJruzh0KdFaQUCWUP55gIbDAUJAuY8gAAKCRDJruzh0KdFacm0 D/0WOdVnEnPrRhk5IT2i5Yp1tlpf0zSfmreFa23pggkC9tM28DmVlsHHC+ngy4k+WEs7OQB1 N9V73k7GmcTMAt5Pv9EDyzfyKvrsxBAEr8QQibJ5Ma79QvyRPnuWxb9PXmUUYPfSLEPxbc0F 9RL+iEXwM81G1J5DH1ZR1ddLBH879I21Kjv4zjGqagD3FxiY8ZzyXyfEN+++q1fqct7BaqDi bl8rFVuXUMP/F3Ps/ax5z8F4gnANnEBXDiLy1CWBZjnCdSYdt/ysDvzxo18xOZHDBnPg+2or Lw/1Ys8x/qiCoAJFueokRxWs7fZsd7uOJKjxvgSrR2PqVBIvHH6MEJmMJWgd76SM/QyCwSNb mybAEWPkbHeluTdhp4hDHGjoDDyS2C7I25OamAxvPd/yVRQuqu6KW04jjjYeD/pgHF5lQ80Q pWm22pcgbOL4sdV4sVnt3lpykIBhazKDnJxRRu8z9uluKY7H2XwsmtvK10cCRaWWkEB6oHrg Fa1CuUHBdLnIVg2DOW8lcaxsZoUfMiLkAqNg9s/DwHMXUkp7jzIlCDQ7cv0ck7ACw+DTOcnX i2mJbnoIMAEfZi3vDQVnfYUQWlSI83yNG3lAtDmq4ACW0fr1GTNDa2Eg4IGIR1cEimFAOrrh 6QPZiBuclcKx+WLkA6FzxofvJCc6ZUbotwy6rA== |
| User-Agent | Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1 |
| In-Reply-To | <20180923114607811266911@bob.proulx.com> |
| Content-Language | en-US |
| X-Df-Sender | NDM2MjM5 |
| X-detected-operating-system | by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] |
| X-Received-From | 80.67.31.96 |
| X-BeenThere | bug-bash@gnu.org |
| X-Mailman-Version | 2.1.21 |
| Precedence | list |
| List-Id | Bug reports for the GNU Bourne Again SHell <bug-bash.gnu.org> |
| List-Unsubscribe | <https://lists.gnu.org/mailman/options/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=unsubscribe> |
| List-Archive | <http://lists.gnu.org/archive/html/bug-bash/> |
| List-Post | <mailto:bug-bash@gnu.org> |
| List-Help | <mailto:bug-bash-request@gnu.org?subject=help> |
| List-Subscribe | <https://lists.gnu.org/mailman/listinfo/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=subscribe> |
| Xref | csiph.com gnu.bash.bug:14711 |
Show key headers only | View raw
On 23.09.18 20:29, Bob Proulx wrote:
> Robert Elz wrote:
> $ { command printf "one\n"; sleep 1; command printf "two\n" ;} | strace -v -o /tmp/dd.strace.out -e write,read dd status=none ibs=1M obs=1M ; head /tmp/*.strace.out
> one
> two
> ...
> read(0, "one\n", 1048576) = 4
> read(0, "two\n", 1048576) = 4
> read(0, "", 1048576) = 0
> write(1, "one\ntwo\n", 8) = 8
> +++ exited with 0 +++
>
> And just for completeness I will show the above with both a large
> input buffer and a large output buffer of the same size and show that
> result too. The required dd option, as you correctly insisted, really
> is obs= in order to set the output block size. I stand corrected. :-)
>
> I had missed the documented dd behavior:
>
> ‘bs=BYTES’
> Set both input and output block sizes to BYTES. This makes ‘dd’
> read and write BYTES per block, overriding any ‘ibs’ and ‘obs’
> settings. In addition, if no data-transforming ‘conv’ option is
> specified, input is copied to the output as soon as it’s read, even
> if it is smaller than the block size.
>
> It is always good to learn something new about fundamental behavior in
> a command one has been using for some decades! :-)
Thanks for the long mails!
This all -- including cat -- sounded reasonable. But it seems using sockets the internal printf
as opposed to the one from coreutils is still causing fragmentation other than expected with
strace PoC:
bash 0$ exec 5<>/dev/tcp/81.169.199.25/443
bash 0$ printf
'\x16\x03\x01\x02\x00\x01\x00\x01\xfc\x03\x03\x54\x51\x1e\x7a\xde\xad\xbe\xef\x31\x33\x07\x00\x00\x00\x00\x00\xcf\xbd\x39\x04\xcc\x16\x0b\x85\x03\x90\x9f\x77\x04\x33\xd4\xde\x20\x44\xb8\x92\x56\xaf\x74\x52\x9e\xd8\xcf\x52\x14\xc8\xaf\xd8\x34\x0b\xe7\x7f\xeb\x86\x01\x84\x50\x5d\xe4\xa1\x6a\x09\x3b\xbf\x6e\x00\x0e\x13\x01\x13\x02\x13\x03\x13\x04\x13\x05\xc0\x30\x00\xff\x01\x00\x01\xa5\x00\x00\x00\x0b\x00\x09\x00\x00\x06\x66\x66\x66\x66\x66\x66\x00\x2b\x00\x17\x16\x03\x04\x7f\x1c\x7f\x1b\x7f\x1a\x7f\x19\x7f\x18\x7f\x17\x03\x03\x03\x02\x03\x01\x03\x00\x00\x23\x00\x00\x33\x74\x00\x00\x00\x0d\x00\x22\x00\x20\x04\x03\x05\x03\x06\x03\x08\x04\x08\x05\x08\x06\x04\x01\x05\x01\x06\x01\x08\x09\x08\x0a\x08\x0b\x08\x07\x08\x08\x02\x01\x02\x03\x00\x0a\x00\x10\x00\x0e\x00\x1d\x00\x17\x00\x1e\x00\x18\x00\x19\x01\x00\x01\x01\x00\x33\x00\x6b\x00\x69\x00\x1d\x00\x20\x4d\xfa\x57\x44\xb7\xf7\x48\xb8\x95\x77\x5a\xc1\xff\x86\xbf\xae\xf7\x3a\x33\x69\x54\xde\x6a\xf5\x2e\x89\x84\x6c\xf2\xd8\xb2\x43\x00\x17\x00\x41\x04\xb4\x24\xef\x11\x99\x9c\xa4\xe8\xce\x88\x25\xc3\x8e\x7c\x0c\x6a\x94\xde\x33\x6d\xff\xcd\x17\xb7\x5c\x65\xdb\xd1\x58\x46\x95\x69\x80\xc8\xbc\xfc\xe6\xd9\x22\x39\xbb\x3f\x63\xab\x3d\x5c\xba\xcc\xeb\x1a\x90\x1b\xd4\x75\xff\x58\xc4\x00\x58\x50\x21\xd0\xaa\xe4\x00\x0b\x00\x02\x01\x00\x00\x0f\x00\x01\x01\x00\x15\x00\xbb\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0^Cx00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
| dd obs=1M ibs=1M >&5
bash 0$
(Excuse the wrapping. The IP is mine from the project. Feel free to use another IP.
The servername encoded in there is anyway nonsense)
If you use wireshark you see in the ClientHello "TCP segment of a reassembled PDU" @ byte
173. That's where the first LF is encountered. The second one doesn't cause an additional
fragment here, other people spotted that.
The fragmentation is independent on the dd options used. Also "| cat" does the same.
stdbuf is not available on all platforms, especially on those who do not have a similar
external printf:
/usr/bin/printf "\xf5\xee\xbe\xe5" | xxd
00000000: 7866 3578 6565 7862 6578 6535 xf5xeexbexe5
like FreeBSD and OS X. OpenBSD's /usr/bin/printf works surprisingly.
Cheers, Dirk
PS + @Bob: fd 5 is not a tty in the program -- but interactively in this PoC you want to make
sure it is not taken yet.
Back to gnu.bash.bug | Previous | Next | Find similar | Unroll thread
Re: bash sockets: printf \x0a does TCP fragmentation Dirk Wetter <dirk+bash@testssl.sh> - 2018-10-11 18:53 +0200
csiph-web