BSD bug found and fixed after 25 years

A Unix developer has discovered a bug in the BSD operating system that has been passed down to all its variants, including OpenBSD and Mac OS X
Written by Matthew Broersma, Contributor

A Unix developer has discovered and fixed a filesystem bug in Berkeley Software Distribution, a widely used, open-source, Unix-like operating system, discovering in the process that the bug was at least 25 years' old.

BSD's variants include OpenBSD, FreeBSD and NetBSD, and it forms the basis of Apple's Mac OS X operating system. All BSD derivatives were found to contain the bug, according to Marc Balmer, a Swiss developer closely involved with OpenBSD.

"Much to my surprise, I not only found this problem in all other BSDs or BSD-derived systems, like Mac OS X, but also in very old BSD versions," Balmer wrote in a website post on the issue. "The bug has been around for roughly 25 years or more."

The discovery of the bug sheds light on the process of maintaining and developing open-source software, which is handled by distributed developers rather than centralised teams, as is usual in the case of proprietary software.

Balmer said he was alerted to the problem by an OpenBSD user who found that Samba, an open source networking protocol, would crash when serving files from a filesystem using Microsoft Disk Operating System (MS-DOS) formatting.

He found that the problem was not with Samba but with OpenBSD itself, and that the bug was known to Samba developers. "Samba... uses a workaround, or replacement code, to access directories on the BSDs, since the directory reading code in all BSDs was flawed," Balmer wrote.

The problem was with the *dir() group of commands, such as telldir() and seekdir(), used to handle, open, read and interpret directories, according to Balmer.

After lengthy experimentation, he found that, if directory entries are deleted at a certain stage, the telldir() command returns errors and can crash programs. "This code will not work as expected when seeking to the second entry of a block where the first has been deleted," Balmer wrote.

He cited an email from Kirk McKusick, the author of the original *dir() library, indicating that the bug may have been in the library from its initial version.

The long delay in fixing the problem is probably due to the fact that it does not surface often and that other programs, such as Samba, have created workarounds, according to Balmer.

After the long discovery time, the fix itself was "surprisingly simple", Balmer wrote, and will now be incorporated into OpenBSD and other operating systems using the same code. 

"Sorry that it took us almost 25 years to fix it," Balmer wrote.

The OpenBSD project released version 4.3 earlier this month, featuring a large number of new drivers, software packages and bug fixes.

Editorial standards