From owner-freebsd-bugs@FreeBSD.ORG Sat Dec 6 13:00:39 2003 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F1AD916A4CE for ; Sat, 6 Dec 2003 13:00:39 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1458A43FDF for ; Sat, 6 Dec 2003 13:00:36 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id hB6L0ZFY038947 for ; Sat, 6 Dec 2003 13:00:35 -0800 (PST) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id hB6L0Z71038946; Sat, 6 Dec 2003 13:00:35 -0800 (PST) (envelope-from gnats) Resent-Date: Sat, 6 Dec 2003 13:00:35 -0800 (PST) Resent-Message-Id: <200312062100.hB6L0Z71038946@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Martin Birgmeier Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7092616A4CE for ; Sat, 6 Dec 2003 12:52:02 -0800 (PST) Received: from email02.aon.at (WARSL402PIP7.highway.telekom.at [195.3.96.94]) by mx1.FreeBSD.org (Postfix) with SMTP id 6557643FDD for ; Sat, 6 Dec 2003 12:51:57 -0800 (PST) (envelope-from martin@email.aon.at) Received: (qmail 266004 invoked from network); 6 Dec 2003 20:51:55 -0000 Received: from m032p001.adsl.highway.telekom.at (HELO gandalf.xyzzy) ([62.47.171.225]) (envelope-sender ) by qmail2rs.highway.telekom.at (qmail-ldap-1.03) with SMTP for ; 6 Dec 2003 20:51:55 -0000 Received: from gandalf.xyzzy (localhost.xyzzy [127.0.0.1]) by gandalf.xyzzy (8.12.9p2/8.12.9) with ESMTP id hB6KptxI054846 for ; Sat, 6 Dec 2003 21:51:55 +0100 (CET) (envelope-from martin@gandalf.xyzzy) Received: (from martin@localhost) by gandalf.xyzzy (8.12.9p2/8.12.9/Submit) id hB6KpsTq054845; Sat, 6 Dec 2003 21:51:54 +0100 (CET) (envelope-from martin) Message-Id: <200312062051.hB6KpsTq054845@gandalf.xyzzy> Date: Sat, 6 Dec 2003 21:51:54 +0100 (CET) From: Martin Birgmeier To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: bin/59995: various fixes to ppp dumping core X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Martin Birgmeier List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Dec 2003 21:00:40 -0000 >Number: 59995 >Category: bin >Synopsis: various fixes to ppp dumping core >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Dec 06 13:00:35 PST 2003 >Closed-Date: >Last-Modified: >Originator: Martin Birgmeier >Release: FreeBSD 4.9-RELEASE i386 >Organization: MBi at home >Environment: System: FreeBSD gandalf.xyzzy 4.9-RELEASE FreeBSD 4.9-RELEASE #0: Sat Nov 8 15:57:06 CET 2003 root@gandalf.xyzzy:/d/6s4e/OBJ/FreeBSD/RELENG_4_9_0_RELEASE/src/sys/GANDALF i386 >Description: User ppp likes to dump core, especially when using log substitutions >How-To-Repeat: Start ppp; use logfile (or command) substitutions which expand the string (e.g., "HISADDR", which would be expanded to a string like "192.168.55.245") >Fix: *** usr.sbin/ppp/chap.c.ORIG Sat Dec 6 21:31:03 2003 --- usr.sbin/ppp/chap.c Sat Dec 6 21:34:29 2003 *************** *** 954,960 **** datalink_AuthNotOk(p->dl); break; } ! free(ans); } m_freem(bp); --- 954,966 ---- datalink_AuthNotOk(p->dl); break; } ! switch (chap->auth.in.hdr.code) { ! case CHAP_RESPONSE: ! case CHAP_SUCCESS: ! case CHAP_FAILURE: ! free(ans); ! break; ! } } m_freem(bp); *** usr.sbin/ppp/command.c.ORIG Sat Dec 6 21:31:04 2003 --- usr.sbin/ppp/command.c Sat Dec 6 21:32:06 2003 *************** *** 452,458 **** tgt = ntgt; } if (lnewstr > loldstr) ! bcopy(word + loldstr, word + lnewstr, ltgt - pos - loldstr); bcopy(newstr, word, lnewstr); } while ((word = strstrword(word, oldstr))); --- 452,458 ---- tgt = ntgt; } if (lnewstr > loldstr) ! bcopy(word + loldstr, word + lnewstr, ltgt - pos - lnewstr); bcopy(newstr, word, lnewstr); } while ((word = strstrword(word, oldstr))); *** usr.sbin/ppp/ncp.c.ORIG Sat Dec 6 21:31:05 2003 --- usr.sbin/ppp/ncp.c Sat Dec 6 21:36:30 2003 *************** *** 103,115 **** ncp->route = NULL; ncp->cfg.urgent.tcp.nports = ncp->cfg.urgent.tcp.maxports = NDEFTCPPORTS; ! ncp->cfg.urgent.tcp.port = (u_short *)malloc(NDEFTCPPORTS * sizeof(u_short)); memcpy(ncp->cfg.urgent.tcp.port, default_urgent_tcp_ports, NDEFTCPPORTS * sizeof(u_short)); ncp->cfg.urgent.tos = 1; ncp->cfg.urgent.udp.nports = ncp->cfg.urgent.udp.maxports = NDEFUDPPORTS; ! ncp->cfg.urgent.udp.port = (u_short *)malloc(NDEFUDPPORTS * sizeof(u_short)); memcpy(ncp->cfg.urgent.udp.port, default_urgent_udp_ports, NDEFUDPPORTS * sizeof(u_short)); --- 103,115 ---- ncp->route = NULL; ncp->cfg.urgent.tcp.nports = ncp->cfg.urgent.tcp.maxports = NDEFTCPPORTS; ! ncp->cfg.urgent.tcp.port = (u_short *)malloc((NDEFTCPPORTS ? NDEFTCPPORTS : 1) * sizeof(u_short)); memcpy(ncp->cfg.urgent.tcp.port, default_urgent_tcp_ports, NDEFTCPPORTS * sizeof(u_short)); ncp->cfg.urgent.tos = 1; ncp->cfg.urgent.udp.nports = ncp->cfg.urgent.udp.maxports = NDEFUDPPORTS; ! ncp->cfg.urgent.udp.port = (u_short *)malloc((NDEFUDPPORTS ? NDEFUDPPORTS : 1) * sizeof(u_short)); memcpy(ncp->cfg.urgent.udp.port, default_urgent_udp_ports, NDEFUDPPORTS * sizeof(u_short)); This one was hard to track down... and only succeeded using dmalloc (ports/devel). I got to learn a nice piece of code! -- Martin Birgmeier Vienna Austria >Release-Note: >Audit-Trail: >Unformatted: