Date: Sat, 6 Dec 2003 21:51:54 +0100 (CET) From: Martin Birgmeier <martin@email.aon.at> To: FreeBSD-gnats-submit@FreeBSD.org Subject: bin/59995: various fixes to ppp dumping core Message-ID: <200312062051.hB6KpsTq054845@gandalf.xyzzy> Resent-Message-ID: <200312062100.hB6L0Z71038946@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 59995 >Category: bin >Synopsis: various fixes to ppp dumping core >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Dec 06 13:00:35 PST 2003 >Closed-Date: >Last-Modified: >Originator: Martin Birgmeier >Release: FreeBSD 4.9-RELEASE i386 >Organization: MBi at home >Environment: System: FreeBSD gandalf.xyzzy 4.9-RELEASE FreeBSD 4.9-RELEASE #0: Sat Nov 8 15:57:06 CET 2003 root@gandalf.xyzzy:/d/6s4e/OBJ/FreeBSD/RELENG_4_9_0_RELEASE/src/sys/GANDALF i386 >Description: User ppp likes to dump core, especially when using log substitutions >How-To-Repeat: Start ppp; use logfile (or command) substitutions which expand the string (e.g., "HISADDR", which would be expanded to a string like "192.168.55.245") >Fix: *** usr.sbin/ppp/chap.c.ORIG Sat Dec 6 21:31:03 2003 --- usr.sbin/ppp/chap.c Sat Dec 6 21:34:29 2003 *************** *** 954,960 **** datalink_AuthNotOk(p->dl); break; } ! free(ans); } m_freem(bp); --- 954,966 ---- datalink_AuthNotOk(p->dl); break; } ! switch (chap->auth.in.hdr.code) { ! case CHAP_RESPONSE: ! case CHAP_SUCCESS: ! case CHAP_FAILURE: ! free(ans); ! break; ! } } m_freem(bp); *** usr.sbin/ppp/command.c.ORIG Sat Dec 6 21:31:04 2003 --- usr.sbin/ppp/command.c Sat Dec 6 21:32:06 2003 *************** *** 452,458 **** tgt = ntgt; } if (lnewstr > loldstr) ! bcopy(word + loldstr, word + lnewstr, ltgt - pos - loldstr); bcopy(newstr, word, lnewstr); } while ((word = strstrword(word, oldstr))); --- 452,458 ---- tgt = ntgt; } if (lnewstr > loldstr) ! bcopy(word + loldstr, word + lnewstr, ltgt - pos - lnewstr); bcopy(newstr, word, lnewstr); } while ((word = strstrword(word, oldstr))); *** usr.sbin/ppp/ncp.c.ORIG Sat Dec 6 21:31:05 2003 --- usr.sbin/ppp/ncp.c Sat Dec 6 21:36:30 2003 *************** *** 103,115 **** ncp->route = NULL; ncp->cfg.urgent.tcp.nports = ncp->cfg.urgent.tcp.maxports = NDEFTCPPORTS; ! ncp->cfg.urgent.tcp.port = (u_short *)malloc(NDEFTCPPORTS * sizeof(u_short)); memcpy(ncp->cfg.urgent.tcp.port, default_urgent_tcp_ports, NDEFTCPPORTS * sizeof(u_short)); ncp->cfg.urgent.tos = 1; ncp->cfg.urgent.udp.nports = ncp->cfg.urgent.udp.maxports = NDEFUDPPORTS; ! ncp->cfg.urgent.udp.port = (u_short *)malloc(NDEFUDPPORTS * sizeof(u_short)); memcpy(ncp->cfg.urgent.udp.port, default_urgent_udp_ports, NDEFUDPPORTS * sizeof(u_short)); --- 103,115 ---- ncp->route = NULL; ncp->cfg.urgent.tcp.nports = ncp->cfg.urgent.tcp.maxports = NDEFTCPPORTS; ! ncp->cfg.urgent.tcp.port = (u_short *)malloc((NDEFTCPPORTS ? NDEFTCPPORTS : 1) * sizeof(u_short)); memcpy(ncp->cfg.urgent.tcp.port, default_urgent_tcp_ports, NDEFTCPPORTS * sizeof(u_short)); ncp->cfg.urgent.tos = 1; ncp->cfg.urgent.udp.nports = ncp->cfg.urgent.udp.maxports = NDEFUDPPORTS; ! ncp->cfg.urgent.udp.port = (u_short *)malloc((NDEFUDPPORTS ? NDEFUDPPORTS : 1) * sizeof(u_short)); memcpy(ncp->cfg.urgent.udp.port, default_urgent_udp_ports, NDEFUDPPORTS * sizeof(u_short)); This one was hard to track down... and only succeeded using dmalloc (ports/devel). I got to learn a nice piece of code! -- Martin Birgmeier Vienna Austria >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200312062051.hB6KpsTq054845>