Preview Tool

Cisco Bug: CSCuo28228 - TFTP server may crash

Last Modified

Jun 20, 2016

Products (1)

  • Cisco Network Registrar

Known Affected Releases


Description (partial)

The TFTP server crashes. A (linux) stack trace might look as follows:

#0 0x0089f527 in pthread_mutex_unlock () from /lib/ 
#1 0x0056e6b0 in ay_mutex_unlock (m=0x0) at ay_sync.c:1745 
#2 0x0806296c in TftpSession::scheduleIncomingPacket (this=0xf7495358, pPacket=0xf759aa90) at ../../../local/include/async.inl:134 
#3 0x08062a93 in TftpSession::acquireActiveSession (pPacket=0xf759aa90, pSockAddr=0x14, ppSession=0xf759ab20) at session.cpp:807 
#4 0x08058424 in TftpPacket::processIncomingPacket (this=0xf759aa90) at tftppacket.cpp:1049 
#5 0x0805871c in TftpPacket::readCompleted (this=0xf759aa90) at tftppacket.cpp:942 
#6 0x0806f29f in AWorkUnit::doWork (pWork=0xf759aaa0) at aworkunit.cpp:27 
#7 0x009466cd in fw_work_function_do_work (self=0xf74383b8) at framework_work.c:111 
#8 0x009432b3 in thread_top_level (self=0x14, argc=1, args=0xf76f6c08) at framework.c:1030 

This happens when the TFTP session object is being removed and a packet arrives just before the socket is removed but isn't processed by the server for a bit. This can happen if the newly received packet processing is suspend because of a context switch. This is a race condition where a lock is not held for sufficiently long.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.