Hi Miod, Thanks for helping. With this patch unfortunatly I still get a trap 2 on my small unifi security gateway which I pulled out again to test your patch.
-------> cnmac0: 192.168.177.35 lease accepted from 192.168.177.1 (24:a4:3c:06:9f:16) pppoe0: received unexpected PADO pppoe0: host unique tag found, but it belongs to a connection in state 3 Trap cause = 2 Frame 0x980000000ffdb860 Trap PC 0xffffffff811ac34c RA 0xffffffff813a09bc fault 0x0 smallcpy+0x8 (1,9800000001e1e476,1,2) ra 0xffffffff813a09bc sp 0x980000000ffdb9 b8, sz 0 sppp_auth_send+0x10c (1,9800000001e1e476,1,2) ra 0xffffffff8139c844 sp 0x980000 000ffdb9b8, sz 144 sppp_lcp_tlu+0x274 (1,9800000001e1e476,1,2) ra 0xffffffff81396514 sp 0x98000000 0ffdba48, sz 128 sppp_cp_input+0x141c (1,9800000001e1e476,1,2) ra 0xffffffff81394a08 sp 0x980000 000ffdbac8, sz 112 sppp_input+0x1d0 (1,9800000001e1e476,1,2) ra 0xffffffff8148d2e4 sp 0x980000000ffdbb38, sz 80 pppoeintr+0xf9c (1,9800000001e1e476,1,2) ra 0xffffffff814a44d8 sp 0x980000000ff dbb88, sz 400 User-level: pid 68736 stopped on non ddb fault Stopped at smallcpy+0x8: lbu v1,0(a0) ddb{0}> <------- Sorry that it does this. My patch still stands I'm amazed! Best Regards, -peter On Wed, Oct 23, 2019 at 05:15:41PM -0000, Miod Vallat wrote: > > > Try changing all the final 0 in sppp_auth_send() to 0UL and this ought > > to work. This function needs __attribute__((__sentinel__)) as well to > > prevent such mistakes from occurring again. > > The sentinel attribute wants a pointer, not a zero size_t, > unfortunately. > > Please try this diff. > > Index: if_spppsubr.c > =================================================================== > RCS file: /OpenBSD/src/sys/net/if_spppsubr.c,v > retrieving revision 1.179 > diff -u -p -r1.179 if_spppsubr.c > --- if_spppsubr.c 24 Jun 2019 21:36:53 -0000 1.179 > +++ if_spppsubr.c 23 Oct 2019 17:12:53 -0000 > @@ -3340,7 +3340,7 @@ sppp_chap_input(struct sppp *sp, struct > sizeof digest, digest, > strlen(sp->myauth.name), > sp->myauth.name, > - 0); > + 0UL); > break; > > case CHAP_SUCCESS: > @@ -3460,7 +3460,7 @@ sppp_chap_input(struct sppp *sp, struct > /* action scn, tld */ > sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, > sizeof(FAILMSG) - 1, (u_char *)FAILMSG, > - 0); > + 0UL); > chap.tld(sp); > break; > } > @@ -3469,7 +3469,7 @@ sppp_chap_input(struct sppp *sp, struct > sp->state[IDX_CHAP] == STATE_OPENED) > sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, > sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, > - 0); > + 0UL); > if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { > sppp_cp_change_state(&chap, sp, STATE_OPENED); > chap.tlu(sp); > @@ -3647,7 +3647,7 @@ sppp_chap_scr(struct sppp *sp) > (size_t)AUTHCHALEN, sp->chap_challenge, > strlen(sp->myauth.name), > sp->myauth.name, > - 0); > + 0UL); > } > /* > *--------------------------------------------------------------------------* > @@ -3726,7 +3726,7 @@ sppp_pap_input(struct sppp *sp, struct m > sppp_auth_send(&pap, sp, PAP_NAK, h->ident, > sizeof mlen, (const char *)&mlen, > sizeof(FAILMSG) - 1, (u_char *)FAILMSG, > - 0); > + 0UL); > pap.tld(sp); > break; > } > @@ -3737,7 +3737,7 @@ sppp_pap_input(struct sppp *sp, struct m > sppp_auth_send(&pap, sp, PAP_ACK, h->ident, > sizeof mlen, (const char *)&mlen, > sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, > - 0); > + 0UL); > } > if (sp->state[IDX_PAP] == STATE_REQ_SENT) { > sppp_cp_change_state(&pap, sp, STATE_OPENED); > @@ -3952,7 +3952,7 @@ sppp_pap_scr(struct sppp *sp) > (size_t)idlen, sp->myauth.name, > sizeof pwdlen, (const char *)&pwdlen, > (size_t)pwdlen, sp->myauth.secret, > - 0); > + 0UL); > } > /* > * Random miscellaneous functions.