bin/59995: various fixes to ppp dumping core
Martin Birgmeier
martin at email.aon.at
Sat Dec 6 13:00:40 PST 2003
>Number: 59995
>Category: bin
>Synopsis: various fixes to ppp dumping core
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Dec 06 13:00:35 PST 2003
>Closed-Date:
>Last-Modified:
>Originator: Martin Birgmeier
>Release: FreeBSD 4.9-RELEASE i386
>Organization:
MBi at home
>Environment:
System: FreeBSD gandalf.xyzzy 4.9-RELEASE FreeBSD 4.9-RELEASE #0: Sat Nov 8 15:57:06 CET 2003 root at gandalf.xyzzy:/d/6s4e/OBJ/FreeBSD/RELENG_4_9_0_RELEASE/src/sys/GANDALF i386
>Description:
User ppp likes to dump core, especially when using log substitutions
>How-To-Repeat:
Start ppp; use logfile (or command) substitutions which expand the
string (e.g., "HISADDR", which would be expanded to a string like
"192.168.55.245")
>Fix:
*** usr.sbin/ppp/chap.c.ORIG Sat Dec 6 21:31:03 2003
--- usr.sbin/ppp/chap.c Sat Dec 6 21:34:29 2003
***************
*** 954,960 ****
datalink_AuthNotOk(p->dl);
break;
}
! free(ans);
}
m_freem(bp);
--- 954,966 ----
datalink_AuthNotOk(p->dl);
break;
}
! switch (chap->auth.in.hdr.code) {
! case CHAP_RESPONSE:
! case CHAP_SUCCESS:
! case CHAP_FAILURE:
! free(ans);
! break;
! }
}
m_freem(bp);
*** usr.sbin/ppp/command.c.ORIG Sat Dec 6 21:31:04 2003
--- usr.sbin/ppp/command.c Sat Dec 6 21:32:06 2003
***************
*** 452,458 ****
tgt = ntgt;
}
if (lnewstr > loldstr)
! bcopy(word + loldstr, word + lnewstr, ltgt - pos - loldstr);
bcopy(newstr, word, lnewstr);
} while ((word = strstrword(word, oldstr)));
--- 452,458 ----
tgt = ntgt;
}
if (lnewstr > loldstr)
! bcopy(word + loldstr, word + lnewstr, ltgt - pos - lnewstr);
bcopy(newstr, word, lnewstr);
} while ((word = strstrword(word, oldstr)));
*** usr.sbin/ppp/ncp.c.ORIG Sat Dec 6 21:31:05 2003
--- usr.sbin/ppp/ncp.c Sat Dec 6 21:36:30 2003
***************
*** 103,115 ****
ncp->route = NULL;
ncp->cfg.urgent.tcp.nports = ncp->cfg.urgent.tcp.maxports = NDEFTCPPORTS;
! ncp->cfg.urgent.tcp.port = (u_short *)malloc(NDEFTCPPORTS * sizeof(u_short));
memcpy(ncp->cfg.urgent.tcp.port, default_urgent_tcp_ports,
NDEFTCPPORTS * sizeof(u_short));
ncp->cfg.urgent.tos = 1;
ncp->cfg.urgent.udp.nports = ncp->cfg.urgent.udp.maxports = NDEFUDPPORTS;
! ncp->cfg.urgent.udp.port = (u_short *)malloc(NDEFUDPPORTS * sizeof(u_short));
memcpy(ncp->cfg.urgent.udp.port, default_urgent_udp_ports,
NDEFUDPPORTS * sizeof(u_short));
--- 103,115 ----
ncp->route = NULL;
ncp->cfg.urgent.tcp.nports = ncp->cfg.urgent.tcp.maxports = NDEFTCPPORTS;
! ncp->cfg.urgent.tcp.port = (u_short *)malloc((NDEFTCPPORTS ? NDEFTCPPORTS : 1) * sizeof(u_short));
memcpy(ncp->cfg.urgent.tcp.port, default_urgent_tcp_ports,
NDEFTCPPORTS * sizeof(u_short));
ncp->cfg.urgent.tos = 1;
ncp->cfg.urgent.udp.nports = ncp->cfg.urgent.udp.maxports = NDEFUDPPORTS;
! ncp->cfg.urgent.udp.port = (u_short *)malloc((NDEFUDPPORTS ? NDEFUDPPORTS : 1) * sizeof(u_short));
memcpy(ncp->cfg.urgent.udp.port, default_urgent_udp_ports,
NDEFUDPPORTS * sizeof(u_short));
This one was hard to track down... and only succeeded using
dmalloc (ports/devel). I got to learn a nice piece of code!
--
Martin Birgmeier
Vienna
Austria
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list