Hey, great find! I see two places in that file where ICANON is
improperly tested against t_iflag instead of t_lflag.
Have you done any further testing using the t_lflag field instead
of t_iflag? Did it fix the crash you were getting?
-Matt
:Hi,
:
:The following code in ptcwrite() in kern/tty_pty.c is supposed to prevent
:the tty input buffer overflow (for certain cases):
:
: 612 if ((tp->t_rawq.c_cc + tp->t_canq.c_cc) >= TTYHOG - 2 &&
: 613 (tp->t_canq.c_cc > 0 || !(tp->t_iflag&ICANON))) {
: 614 wakeup(TSA_HUP_OR_INPUT(tp));
: 615 goto block;
: 616 }
:
:But the ICANON flag is set in tp->t_lflag and not tp->t_iflag. The ICRNL flag
:in tp->t_iflag has the same value as the ICANON flag in tp->t_lflag (0x100).
:This leads to input buffer overflow as soon as the ICRNL bit is set in
:tp->t_iflag, and there are more than 1024 characters that telnet/ssh wants
:to write to the pty.
:
:I discovered this problem when using libreadline because it changes the
:terminal settings every time it is begins/finishes reading a line.
:
:Has anyone else seen a similar problem ? I saw identical behavior on NetBSD
:too. Please CC me as I am not on the mailing list.
:
:thanks
:Neel
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
