Re: segfault in dhclient 5.4 please help
On Mon, Apr 14, 2014 at 09:32:43PM -0400, sven falempin wrote: so i got gdb back to the machine because i cannot reproduce outside of the box. gdb too old cannot gcore. The state is nasty, but i do get the trace of the dhcp transaction. [..] DHCPREQUEST on trunk0 to 255.255.255.255 port 67 DHCPACK from 10.0.0.254 (96:4f:87:9c:ad:67) Program received signal SIGSEGV, Segmentation fault. 0x1c005b26 in add_classless_static_routes (rdomain=13684944, classless_static_routes=0x0) at /usr/src/sbin/dhclient/dhclient.c:2408 2408/usr/src/sbin/dhclient/dhclient.c: No such file or directory. in /usr/src/sbin/dhclient/dhclient.c (gdb) bt #0 0x1c005b26 in add_classless_static_routes (rdomain=13684944, classless_static_routes=0x0) at /usr/src/sbin/dhclient/dhclient.c:2408 #1 0xd0d0d0d0 in ?? () #2 0x00d0d0d0 in ?? () #3 0x in ?? () ... the line in 5.4 is : 2405: i += bytes; 2406: 2407: memset(gateway, 0, sizeof(gateway)); 2408: memcpy(gateway, classless_static_routes-data[i], 4); The memcpy segfaults. Current and 5.5 have a rewritten version of this code. Can you reproduce on current? -Otto The transmission leading to the bug, maybe it can be used as a replay test : tcpdump: listening on trunk0, link-type EN10MB 1397524649.881762 fe:e1:ba:d0:8e:d0 ff:ff:ff:ff:ff:ff 0800 342: 10.0.0.126.68 255.255.255.255.67: xid:0x38641e99 vend-rfc1048 DHCP:REQUEST HN:ulis-v12-GW RQ:10.0.0.126 PR:SM+BR+TZ+121+DG+DN+NS+HN CID:1.254.225.186.208.142.208 [tos 0x10] : fee1 bad0 8ed0 0800 4510 ..E. 0010: 0148 8011 2f18 0a00 007e .H../~.. 0020: 0044 0043 0134 3fc2 0101 0600 3864 ...D.C.4?.8d 0030: 1e99 0040: fee1 bad0 8ed0 0050: 0060: 0070: 0080: 0090: 00a0: 00b0: 00c0: 00d0: 00e0: 00f0: 0100: 0110: 6382 5363 3501 030c 0b75 ..c.Sc5u 0120: 6c69 732d 7631 322d 4757 3204 0a00 007e lis-v12-GW2~ 0130: 3708 011c 0279 030f 060c 3d07 01fe e1ba 7y=. 0140: d08e d0ff 0150: .. 1397524652.887574 fe:e1:ba:d0:8e:d0 ff:ff:ff:ff:ff:ff 0800 342: 10.0.0.126.68 255.255.255.255.67: xid:0x38641e99 secs:3 vend-rfc1048 DHCP:REQUEST HN:ulis-v12-GW RQ:10.0.0.126 PR:SM+BR+TZ+121+DG+DN+NS+HN CID:1.254.225.186.208.142.208 [tos 0x10] : fee1 bad0 8ed0 0800 4510 ..E. 0010: 0148 8011 2f18 0a00 007e .H../~.. 0020: 0044 0043 0134 3fbf 0101 0600 3864 ...D.C.4?.8d 0030: 1e99 0003 0040: fee1 bad0 8ed0 0050: 0060: 0070: 0080: 0090: 00a0: 00b0: 00c0: 00d0: 00e0: 00f0: 0100: 0110: 6382 5363 3501 030c 0b75 ..c.Sc5u 0120: 6c69 732d 7631 322d 4757 3204 0a00 007e lis-v12-GW2~ 0130: 3708 011c 0279 030f 060c 3d07 01fe e1ba 7y=. 0140: d08e d0ff 0150: .. 1397524658.897378 fe:e1:ba:d0:8e:d0 ff:ff:ff:ff:ff:ff 0800 342: 10.0.0.126.68 255.255.255.255.67: xid:0x38641e99 secs:9 vend-rfc1048 DHCP:REQUEST HN:ulis-v12-GW RQ:10.0.0.126 PR:SM+BR+TZ+121+DG+DN+NS+HN CID:1.254.225.186.208.142.208 [tos 0x10] :
Re: print time_t with %lld in last(1)
ping
On Sun, Mar 23, 2014 at 07:31:11PM +0200, Arto Jonsson wrote:
Index: last.c
===
RCS file: /cvs/src/usr.bin/last/last.c,v
retrieving revision 1.39
diff -u -p -r1.39 last.c
--- last.c22 Aug 2013 04:43:40 - 1.39
+++ last.c27 Feb 2014 13:55:22 -
@@ -266,8 +266,8 @@ wtmp(void)
*/
if (want(bp, NO)) {
if (seconds) {
- snprintf(tim, sizeof tim, %ld,
- (long)bp-ut_time);
+ snprintf(tim, sizeof tim,
%lld,
+ (long long)bp-ut_time);
} else {
ct = ctime(bp-ut_time);
snprintf(tim, sizeof tim,
@@ -296,8 +296,8 @@ wtmp(void)
!bp-ut_line[1]) {
if (want(bp, NO)) {
if (seconds) {
- snprintf(tim, sizeof tim, %ld,
- (long)bp-ut_time);
+ snprintf(tim, sizeof tim,
%lld,
+ (long long)bp-ut_time);
} else {
ct = ctime(bp-ut_time);
snprintf(tim, sizeof tim,
@@ -339,8 +339,8 @@ wtmp(void)
T-logout 0 {
snapfound = 1;
if (seconds) {
- snprintf(tim, sizeof tim, %ld,
- (long)bp-ut_time);
+ snprintf(tim, sizeof tim, %lld,
+ (long long)bp-ut_time);
} else {
ct = ctime(bp-ut_time);
snprintf(tim, sizeof tim,
@@ -361,8 +361,8 @@ wtmp(void)
printf(- %s, crmsg);
} else {
if (seconds)
- printf(- %ld,
- (long)T-logout);
+ printf(- %lld,
+ (long
long)T-logout);
else
printf(- %*.*s,
timesize, timesize,
@@ -370,7 +370,7 @@ wtmp(void)
}
delta = T-logout - bp-ut_time;
if (seconds)
- printf( (%ld)\n,
(long)delta);
+ printf( (%lld)\n, (long
long)delta);
else {
if (delta SECSPERDAY)
printf( (%*.*s)\n,
xcb-util-cursor broken
Hi! x11/i3 (and x11/awesome too) wants to use libxcb-cursor. Back in the days I patched upstream code and reverted it to use libXcursor. Now that we have xcb-util-cursor I want to remove those patches. However, xcb-util-cursor is currently broken: [i3] CC src/config_parser.c cc -DI3_VERSION=\'4.7.2 (2014-01-23, branch \tags/4.7.2\)'\ -DMAJOR_VERSION=4 -DMINOR_VERSION=7 -DPATCH_VERSION=2 -DSYSCONFDIR=\/etc\ -DI3__FILE__=__FILE__ -DPCRE_HAS_UCP=1 -DPANGO_SUPPORT=1 -I/usr/X11R6/include -I/usr/X11R6/include -I/usr/X11R6/include -I/usr/X11R6/include -I/usr/X11R6/include -I/usr/X11R6/include -I/usr/X11R6/include -I/usr/X11R6/include -I/usr/X11R6/include -I/usr/local/include/cairo -I/usr/local/include/glib-2.0 -I/usr/local/lib/glib-2.0/include -I/usr/local/include -I/usr/X11R6/include/pixman-1 -I/usr/X11R6/include -I/usr/X11R6/include/freetype2 -I/usr/local/include/libpng16 -I/usr/local/include/pango-1.0 -I/usr/local/include/cairo -I/usr/X11R6/include/pixman-1 -I/usr/local/include/libpng16 -I/usr/X11R6/include -I/usr/local/include/harfbuzz -pthread -I/usr/local/include/glib-2.0 -I/usr/local/lib/glib-2.0/include -I/usr/local/include -I/usr/X11R6/include/freetype2 -I/usr/local/include/yajl -idirafter /usr/ports/pobj/i3-4.7.2/i3-4.7.2/yajl-fallbac! k -I/usr/local/include -I/usr/local/include/startup-notification-1.0 -std=c99 -Wall -Wunused-value -Iinclude -I/usr/X11R6/include -I/usr/local/include -O2 -pipe -L/usr/X11R6/lib -L/usr/local/lib -DTEST_PARSER -g -o test.config_parser src/config_parser.c -L/usr/ports/pobj/i3-4.7.2/i3-4.7.2 -li3 -lm -liconv -L/usr/X11R6/lib -lxcb -L/usr/X11R6/lib -lxcb-util -lxcb -L/usr/X11R6/lib -lxcb-util -lxcb -L/usr/X11R6/lib -lxcb-keysyms -lxcb -L/usr/X11R6/lib -lxcb-icccm -lxcb -L/usr/X11R6/lib -lxcb-xinerama -lxcb -L/usr/X11R6/lib -lxcb-randr -lxcb -L/usr/X11R6/lib -lX11 -L/usr/X11R6/lib -lxcb-cursor -lxcb -L/usr/local/lib -Wl,-rpath-link,/usr/X11R6/lib -lcairo -L/usr/local/lib -Wl,-rpath-link,/usr/X11R6/lib -L/usr/X11R6/lib -lpangocairo-1.0 -lcairo -lpangoft2-1.0 -lpango-1.0 -lm -lgobject-2.0 -lglib-2.0 -lintl -lfreetype -lz -lfontconfig -L/usr/local/lib -lyajl -lev -L/usr/local/lib -lpcre -L/usr/local/lib -lstartup-notification-1 -lm src/config_parser.c:162: warning: type qualifiers ignored on function return type /usr/local/lib/libglib-2.0.so.4000.0: warning: vsprintf() is often misused, please use vsnprintf() /usr/local/lib/libglib-2.0.so.4000.0: warning: stpcpy() is dangerous GNU crap; don't use it /tmp//ccBo5VvY.o(.text+0x1a21): In function `parse_config': src/config_parser.c:498: warning: strcpy() is almost always misused, please use strlcpy() /usr/local/lib/libcairo.so.12.2: warning: rand() isn't random; consider using arc4random() /usr/X11R6/lib/libX11.so.16.0: warning: strcat() is almost always misused, please use strlcat() /usr/X11R6/lib/libX11.so.16.0: warning: sprintf() is often misused, please use snprintf() /usr/X11R6/lib/libxcb-cursor.so.0.0: undefined reference to `le32toh' collect2: ld returned 1 exit status src/i3.mk:55: recipe for target 'src/config_parser.o' failed gmake: *** [src/config_parser.o] Error 1 If I got it right, letoh32 is equivalent to linux' le32toh. The following diff works for me. OK? Index: cursor/parse_cursor_file.c === RCS file: /cvs/xenocara/lib/xcb-util-cursor/cursor/parse_cursor_file.c,v retrieving revision 1.1.1.1 diff -u -p -u -p -r1.1.1.1 parse_cursor_file.c --- cursor/parse_cursor_file.c 14 Apr 2014 19:28:48 - 1.1.1.1 +++ cursor/parse_cursor_file.c 15 Apr 2014 08:50:12 - @@ -42,6 +42,9 @@ #endif #ifdef HAVE_SYS_ENDIAN_H #include sys/endian.h +# ifndef HAVE_LE32TOH +# define le32toh(x) letoh32(x) +# endif #endif #ifdef HAVE_SYS_BYTEORDER_H #include sys/byteorder.h
Re: xcb-util-cursor broken
On Tue, Apr 15, 2014 at 10:52:25AM +0200, David Coppa wrote: Hi! x11/i3 (and x11/awesome too) wants to use libxcb-cursor. Back in the days I patched upstream code and reverted it to use libXcursor. Now that we have xcb-util-cursor I want to remove those patches. However, xcb-util-cursor is currently broken: [i3] CC src/config_parser.c cc -DI3_VERSION=\'4.7.2 (2014-01-23, branch \tags/4.7.2\)'\ -DMAJOR_VERSION=4 -DMINOR_VERSION=7 -DPATCH_VERSION=2 -DSYSCONFDIR=\/etc\ -DI3__FILE__=__FILE__ -DPCRE_HAS_UCP=1 -DPANGO_SUPPORT=1 -I/usr/X11R6/include -I/usr/X11R6/include -I/usr/X11R6/include -I/usr/X11R6/include -I/usr/X11R6/include -I/usr/X11R6/include -I/usr/X11R6/include -I/usr/X11R6/include -I/usr/X11R6/include -I/usr/local/include/cairo -I/usr/local/include/glib-2.0 -I/usr/local/lib/glib-2.0/include -I/usr/local/include -I/usr/X11R6/include/pixman-1 -I/usr/X11R6/include -I/usr/X11R6/include/freetype2 -I/usr/local/include/libpng16 -I/usr/local/include/pango-1.0 -I/usr/local/include/cairo -I/usr/X11R6/include/pixman-1 -I/usr/local/include/libpng16 -I/usr/X11R6/include -I/usr/local/include/harfbuzz -pthread -I/usr/local/include/glib-2.0 -I/usr/local/lib/glib-2.0/include -I/usr/local/include -I/usr/X11R6/include/freetype2 -I/usr/local/include/yajl -idirafter /usr/ports/pobj/i3-4.7.2/i3-4.7.2/yajl-fallb! ack -I/usr/local/include -I/usr/local/include/startup-notification-1.0 -std=c99 -Wall -Wunused-value -Iinclude -I/usr/X11R6/include -I/usr/local/include -O2 -pipe -L/usr/X11R6/lib -L/usr/local/lib -DTEST_PARSER -g -o test.config_parser src/config_parser.c -L/usr/ports/pobj/i3-4.7.2/i3-4.7.2 -li3 -lm -liconv -L/usr/X11R6/lib -lxcb -L/usr/X11R6/lib -lxcb-util -lxcb -L/usr/X11R6/lib -lxcb-util -lxcb -L/usr/X11R6/lib -lxcb-keysyms -lxcb -L/usr/X11R6/lib -lxcb-icccm -lxcb -L/usr/X11R6/lib -lxcb-xinerama -lxcb -L/usr/X11R6/lib -lxcb-randr -lxcb -L/usr/X11R6/lib -lX11 -L/usr/X11R6/lib -lxcb-cursor -lxcb -L/usr/local/lib -Wl,-rpath-link,/usr/X11R6/lib -lcairo -L/usr/local/lib -Wl,-rpath-link,/usr/X11R6/lib -L/usr/X11R6/lib -lpangocairo-1.0 -lcairo -lpangoft2-1.0 -lpango-1.0 -lm -lgobject-2.0 -lglib-2.0 -lintl -lfreetype -lz -lfontconfig -L/usr/local/lib -lyajl -lev -L/usr/local/lib -lpcre -L/usr/local/lib -lstartup-notification-1 -lm src/config_parser.c:162: warning: type qualifiers ignored on function return type /usr/local/lib/libglib-2.0.so.4000.0: warning: vsprintf() is often misused, please use vsnprintf() /usr/local/lib/libglib-2.0.so.4000.0: warning: stpcpy() is dangerous GNU crap; don't use it /tmp//ccBo5VvY.o(.text+0x1a21): In function `parse_config': src/config_parser.c:498: warning: strcpy() is almost always misused, please use strlcpy() /usr/local/lib/libcairo.so.12.2: warning: rand() isn't random; consider using arc4random() /usr/X11R6/lib/libX11.so.16.0: warning: strcat() is almost always misused, please use strlcat() /usr/X11R6/lib/libX11.so.16.0: warning: sprintf() is often misused, please use snprintf() /usr/X11R6/lib/libxcb-cursor.so.0.0: undefined reference to `le32toh' collect2: ld returned 1 exit status src/i3.mk:55: recipe for target 'src/config_parser.o' failed gmake: *** [src/config_parser.o] Error 1 If I got it right, letoh32 is equivalent to linux' le32toh. The following diff works for me. OK? Index: cursor/parse_cursor_file.c === RCS file: /cvs/xenocara/lib/xcb-util-cursor/cursor/parse_cursor_file.c,v retrieving revision 1.1.1.1 diff -u -p -u -p -r1.1.1.1 parse_cursor_file.c --- cursor/parse_cursor_file.c14 Apr 2014 19:28:48 - 1.1.1.1 +++ cursor/parse_cursor_file.c15 Apr 2014 08:50:12 - @@ -42,6 +42,9 @@ #endif #ifdef HAVE_SYS_ENDIAN_H #include sys/endian.h +# ifndef HAVE_LE32TOH +# define le32toh(x) letoh32(x) +# endif #endif #ifdef HAVE_SYS_BYTEORDER_H #include sys/byteorder.h Yes. -- Matthieu Herrb
Re: segfault in dhclient 5.4 please help
On 15 April 2014 08:34, Otto Moerbeek o...@drijf.net wrote: On Mon, Apr 14, 2014 at 09:32:43PM -0400, sven falempin wrote: so i got gdb back to the machine because i cannot reproduce outside of the box. gdb too old cannot gcore. The state is nasty, but i do get the trace of the dhcp transaction. [..] DHCPREQUEST on trunk0 to 255.255.255.255 port 67 DHCPACK from 10.0.0.254 (96:4f:87:9c:ad:67) Program received signal SIGSEGV, Segmentation fault. 0x1c005b26 in add_classless_static_routes (rdomain=13684944, classless_static_routes=0x0) at /usr/src/sbin/dhclient/dhclient.c:2408 2408/usr/src/sbin/dhclient/dhclient.c: No such file or directory. in /usr/src/sbin/dhclient/dhclient.c (gdb) bt #0 0x1c005b26 in add_classless_static_routes (rdomain=13684944, classless_static_routes=0x0) at /usr/src/sbin/dhclient/dhclient.c:2408 #1 0xd0d0d0d0 in ?? () #2 0x00d0d0d0 in ?? () #3 0x in ?? () ... the line in 5.4 is : 2405: i += bytes; 2406: 2407: memset(gateway, 0, sizeof(gateway)); 2408: memcpy(gateway, classless_static_routes-data[i], 4); The memcpy segfaults. Not surprising *if* the gdb info is correct and the pointer parameter 'classless_static_routes' is NULL. :-) Current and 5.5 have a rewritten version of this code. Can you reproduce on current? That would be good to check, but if there a NULL pointer being passed I fear it will still fault. -Otto [snip] 1397524674.011308 96:4f:87:9c:ad:67 fe:e1:ba:d0:8e:d0 0800 373: 10.0.0.254.67 10.0.0.126.68: xid:0x95ce17 Y:10.0.0.126 S:10.0.0.254 vend-rfc1048 DHCP:ACK SID:10.0.0.254 LT:43200 RN:21600 RB:37800 SM:255.255.255.0 BR:10.0.0.255 HN:ulis-v12-GW T121:415279105,3232236030,415279114,3232236030,3232236030,167772414 NS:10.0.0.254 DG:10.0.0.254 (DF) : fee1 bad0 8ed0 964f 879c ad67 0800 4500 ...O...g..E. 0010: 0167 4000 4011 240b 0a00 00fe 0a00 .g..@.@.$... 0020: 007e 0043 0044 0153 9aa6 0201 0600 0095 .~.C.D.S 0030: ce17 0a00 007e 0a00 .~.. 0040: 00fe fee1 bad0 8ed0 0050: 0060: 0070: 0080: 0090: 00a0: 00b0: 00c0: 00d0: 00e0: 00f0: 0100: 0110: 6382 5363 3501 0536 040a ..c.Sc5..6.. 0120: fe33 0400 00a8 c03a 0400 0054 603b ...3.:...T`; 0130: 0400 0093 a801 04ff 001c 040a 0140: ff0c 0b75 6c69 732d 7631 322d 4757 7918 ...ulis-v12-GWy. 0150: 18c0 a801 c0a8 01fe 18c0 a80a c0a8 01fe 0160: c0a8 01fe 0a00 00fe 0604 0a00 00fe 0304 0170: 0a00 00fe ff . Pulling out the options provided we get Options === 6382 5363 /* Cookie */ 35 01 05 /* DHCP message type */ 36 04 0a 00 00 fe /* DHCP server id */ 33 04 00 00 a8 c0 /* DHCP lease time */ 3a 04 00 00 54 60 /* DHCP renewal time */ 3b 04 00 00 93 a8 /* DHCP rebinding time */ 01 04 ff ff ff 00 /* Subnet Mask */ 1c 04 0a 00 00 ff /* Broadcast Address */ 0c 0b 75 6c 69 73 2d 76 31 32 2d 47 57 /* Hostname */ 79 18 18 c0 a8 01 c0 a8 01 fe 18 c0 a8 0a c0 a8 01 fe c0 a8 01 fe 0a 00 00 fe /Classless static routes */ 06 04 0a 00 00 fe /* Domain Name Servers */ 03 04 0a 00 00 fe /* Routers */ ff /* End of Options */ And looking at the classless static routes closer we see 79 18 18 c0 a8 01 c0 a8 01 fe /* 192.168.1/24 via 192.168.1.254 */ 18 c0 a8 0a c0 a8 01 fe /* 192.168.10/24 via 192.168.1.254 */ c0 a8 01 fe 0a 00 00 fe /* ??? */ Where the last one is, to use the technical term, fucked. It seems to specify a network with 'c0' == 192 bits. I can't see how this would cause a NULL pointer to be passed though. Ken
Re: segfault in dhclient 5.4 please help
Op 15 apr. 2014 om 13:13 heeft Kenneth Westerback kwesterb...@gmail.com het volgende geschreven: On 15 April 2014 08:34, Otto Moerbeek o...@drijf.net wrote: On Mon, Apr 14, 2014 at 09:32:43PM -0400, sven falempin wrote: so i got gdb back to the machine because i cannot reproduce outside of the box. gdb too old cannot gcore. The state is nasty, but i do get the trace of the dhcp transaction. [..] DHCPREQUEST on trunk0 to 255.255.255.255 port 67 DHCPACK from 10.0.0.254 (96:4f:87:9c:ad:67) Program received signal SIGSEGV, Segmentation fault. 0x1c005b26 in add_classless_static_routes (rdomain=13684944, classless_static_routes=0x0) at /usr/src/sbin/dhclient/dhclient.c:2408 2408/usr/src/sbin/dhclient/dhclient.c: No such file or directory. in /usr/src/sbin/dhclient/dhclient.c (gdb) bt #0 0x1c005b26 in add_classless_static_routes (rdomain=13684944, classless_static_routes=0x0) at /usr/src/sbin/dhclient/dhclient.c:2408 #1 0xd0d0d0d0 in ?? () #2 0x00d0d0d0 in ?? () #3 0x in ?? () ... the line in 5.4 is : 2405: i += bytes; 2406: 2407: memset(gateway, 0, sizeof(gateway)); 2408: memcpy(gateway, classless_static_routes-data[i], 4); The memcpy segfaults. Not surprising *if* the gdb info is correct and the pointer parameter 'classless_static_routes' is NULL. :-) Current and 5.5 have a rewritten version of this code. Can you reproduce on current? That would be good to check, but if there a NULL pointer being passed I fear it will still fault. -Otto [snip] 1397524674.011308 96:4f:87:9c:ad:67 fe:e1:ba:d0:8e:d0 0800 373: 10.0.0.254.67 10.0.0.126.68: xid:0x95ce17 Y:10.0.0.126 S:10.0.0.254 vend-rfc1048 DHCP:ACK SID:10.0.0.254 LT:43200 RN:21600 RB:37800 SM:255.255.255.0 BR:10.0.0.255 HN:ulis-v12-GW T121:415279105,3232236030,415279114,3232236030,3232236030,167772414 NS:10.0.0.254 DG:10.0.0.254 (DF) : fee1 bad0 8ed0 964f 879c ad67 0800 4500 ...O...g..E. 0010: 0167 4000 4011 240b 0a00 00fe 0a00 .g..@.@.$... 0020: 007e 0043 0044 0153 9aa6 0201 0600 0095 .~.C.D.S 0030: ce17 0a00 007e 0a00 .~.. 0040: 00fe fee1 bad0 8ed0 0050: 0060: 0070: 0080: 0090: 00a0: 00b0: 00c0: 00d0: 00e0: 00f0: 0100: 0110: 6382 5363 3501 0536 040a ..c.Sc5..6.. 0120: fe33 0400 00a8 c03a 0400 0054 603b ...3.:...T`; 0130: 0400 0093 a801 04ff 001c 040a 0140: ff0c 0b75 6c69 732d 7631 322d 4757 7918 ...ulis-v12-GWy. 0150: 18c0 a801 c0a8 01fe 18c0 a80a c0a8 01fe 0160: c0a8 01fe 0a00 00fe 0604 0a00 00fe 0304 0170: 0a00 00fe ff . Pulling out the options provided we get Options === 6382 5363 /* Cookie */ 35 01 05 /* DHCP message type */ 36 04 0a 00 00 fe /* DHCP server id */ 33 04 00 00 a8 c0 /* DHCP lease time */ 3a 04 00 00 54 60 /* DHCP renewal time */ 3b 04 00 00 93 a8 /* DHCP rebinding time */ 01 04 ff ff ff 00 /* Subnet Mask */ 1c 04 0a 00 00 ff /* Broadcast Address */ 0c 0b 75 6c 69 73 2d 76 31 32 2d 47 57 /* Hostname */ 79 18 18 c0 a8 01 c0 a8 01 fe 18 c0 a8 0a c0 a8 01 fe c0 a8 01 fe 0a 00 00 fe /Classless static routes */ 06 04 0a 00 00 fe /* Domain Name Servers */ 03 04 0a 00 00 fe /* Routers */ ff /* End of Options */ And looking at the classless static routes closer we see 79 18 18 c0 a8 01 c0 a8 01 fe /* 192.168.1/24 via 192.168.1.254 */ 18 c0 a8 0a c0 a8 01 fe /* 192.168.10/24 via 192.168.1.254 */ c0 a8 01 fe 0a 00 00 fe /* ??? */ Where the last one is, to use the technical term, fucked. It seems to specify a network with 'c0' == 192 bits. I can't see how this would cause a NULL pointer to be passed though. Ken I think the NULL is a red herring. If I see thing correctly the value comes from an expression which should never be NULL. It's pretty common for gdb to get locals or rags wrong or maybe the stack is smashed. -Otto
Re: segfault in dhclient 5.4 please help
On Tue, Apr 15, 2014 at 7:13 AM, Kenneth Westerback kwesterb...@gmail.com wrote: On 15 April 2014 08:34, Otto Moerbeek o...@drijf.net wrote: On Mon, Apr 14, 2014 at 09:32:43PM -0400, sven falempin wrote: so i got gdb back to the machine because i cannot reproduce outside of the box. gdb too old cannot gcore. The state is nasty, but i do get the trace of the dhcp transaction. [..] DHCPREQUEST on trunk0 to 255.255.255.255 port 67 DHCPACK from 10.0.0.254 (96:4f:87:9c:ad:67) Program received signal SIGSEGV, Segmentation fault. 0x1c005b26 in add_classless_static_routes (rdomain=13684944, classless_static_routes=0x0) at /usr/src/sbin/dhclient/dhclient.c:2408 2408/usr/src/sbin/dhclient/dhclient.c: No such file or directory. in /usr/src/sbin/dhclient/dhclient.c (gdb) bt #0 0x1c005b26 in add_classless_static_routes (rdomain=13684944, classless_static_routes=0x0) at /usr/src/sbin/dhclient/dhclient.c:2408 #1 0xd0d0d0d0 in ?? () #2 0x00d0d0d0 in ?? () #3 0x in ?? () ... the line in 5.4 is : 2405: i += bytes; 2406: 2407: memset(gateway, 0, sizeof(gateway)); 2408: memcpy(gateway, classless_static_routes-data[i], 4); The memcpy segfaults. Not surprising *if* the gdb info is correct and the pointer parameter 'classless_static_routes' is NULL. :-) Current and 5.5 have a rewritten version of this code. Can you reproduce on current? That would be good to check, but if there a NULL pointer being passed I fear it will still fault. -Otto [snip] 1397524674.011308 96:4f:87:9c:ad:67 fe:e1:ba:d0:8e:d0 0800 373: 10.0.0.254.67 10.0.0.126.68: xid:0x95ce17 Y:10.0.0.126 S:10.0.0.254 vend-rfc1048 DHCP:ACK SID:10.0.0.254 LT:43200 RN:21600 RB:37800 SM:255.255.255.0 BR:10.0.0.255 HN:ulis-v12-GW T121:415279105,3232236030,415279114,3232236030,3232236030,167772414 NS:10.0.0.254 DG:10.0.0.254 (DF) : fee1 bad0 8ed0 964f 879c ad67 0800 4500 ...O...g..E. 0010: 0167 4000 4011 240b 0a00 00fe 0a00 .g..@.@.$... 0020: 007e 0043 0044 0153 9aa6 0201 0600 0095 .~.C.D.S 0030: ce17 0a00 007e 0a00 .~.. 0040: 00fe fee1 bad0 8ed0 0050: 0060: 0070: 0080: 0090: 00a0: 00b0: 00c0: 00d0: 00e0: 00f0: 0100: 0110: 6382 5363 3501 0536 040a ..c.Sc5..6.. 0120: fe33 0400 00a8 c03a 0400 0054 603b ...3.:...T`; 0130: 0400 0093 a801 04ff 001c 040a 0140: ff0c 0b75 6c69 732d 7631 322d 4757 7918 ...ulis-v12-GWy. 0150: 18c0 a801 c0a8 01fe 18c0 a80a c0a8 01fe 0160: c0a8 01fe 0a00 00fe 0604 0a00 00fe 0304 0170: 0a00 00fe ff . Pulling out the options provided we get Options === 6382 5363 /* Cookie */ 35 01 05 /* DHCP message type */ 36 04 0a 00 00 fe /* DHCP server id */ 33 04 00 00 a8 c0 /* DHCP lease time */ 3a 04 00 00 54 60 /* DHCP renewal time */ 3b 04 00 00 93 a8 /* DHCP rebinding time */ 01 04 ff ff ff 00 /* Subnet Mask */ 1c 04 0a 00 00 ff /* Broadcast Address */ 0c 0b 75 6c 69 73 2d 76 31 32 2d 47 57 /* Hostname */ 79 18 18 c0 a8 01 c0 a8 01 fe 18 c0 a8 0a c0 a8 01 fe c0 a8 01 fe 0a 00 00 fe /Classless static routes */ 06 04 0a 00 00 fe /* Domain Name Servers */ 03 04 0a 00 00 fe /* Routers */ ff /* End of Options */ And looking at the classless static routes closer we see 79 18 18 c0 a8 01 c0 a8 01 fe /* 192.168.1/24 via 192.168.1.254 */ 18 c0 a8 0a c0 a8 01 fe /* 192.168.10/24 via 192.168.1.254 */ c0 a8 01 fe 0a 00 00 fe /* ??? */ Where the last one is, to use the technical term, fucked. It seems to specify a network with 'c0' == 192 bits. I can't see how this would cause a NULL pointer to be passed though. Ken ok the last was supposed to be 192.168.1.254/32 via 10.0.0.254, in the dhcp server but i didn't specify the subnet. with this infos i will try to replay this on last snapshots (basic test didnt fault) -- - () ascii ribbon campaign - against html e-mail
re-introducing ssl_privsep.c
Hi gang, Long-time no see :-) Now that there will be more limited interaction between upstream and the in-tree libssl, would it make sense for me to prep up a diff which would integrate ssl_privsep.c in libssl directly (I initially sent out a diff upstream which was never looked at and we decided on having it in each consuming project). The code I'm referring to is src/usr.sbin/relayd/ssl_privsep.c which is also present in ldapd and smtpd. - pyr
Re: re-introducing ssl_privsep.c
Long-time no see :-) Now that there will be more limited interaction between upstream and the in-tree libssl, would it make sense for me to prep up a diff which would integrate ssl_privsep.c in libssl directly (I initially sent out a diff upstream which was never looked at and we decided on having it in each consuming project). The code I'm referring to is src/usr.sbin/relayd/ssl_privsep.c which is also present in ldapd and smtpd. There's a lot more code to remove first. That should be first order of action, so come back in a few weeks.
Re: re-introducing ssl_privsep.c
The code I'm referring to is src/usr.sbin/relayd/ssl_privsep.c which is also present in ldapd and smtpd. There's a lot more code to remove first. That should be first order of action, so come back in a few weeks. Makes perfect sense, I'll wait a bit
GOST was removed
Log message: Remove the GOST engine: It is not compiled or used and depends on the dynamic engine feature that is not enabled in our build. People who need it can still pull it out of the Attic; if it is to have a Russian engine just because it's a Russian engine. -- This hash function is a formal requirement in all public institutions in Russia. Removing it, the work of people using OpenBSD in these institutions is greatly complicated by its return. This is a political decision, or indeed it is necessary for the cleaning OpenSSL? Do not throw out the child along with the bath.
Re: GOST was removed
Log message: Remove the GOST engine: It is not compiled or used and depends on the dynamic engine feature that is not enabled in our build. People who need it can still pull it out of the Attic; if it is to have a Russian engine just because it's a Russian engine. -- This hash function is a formal requirement in all public institutions in Russia. Removing it, the work of people using OpenBSD in these institutions is greatly complicated by its return. First off, this library primary function is to supply two major components for use by people: SSL protocol raw symmetric assymetric crypto functions Meeting the requirements of public institutions is pretty low on the list right about now. Quite frankly, I do not want my own government using OpenSSL for anything. As it is now, it is not suitable. This is a political decision, or indeed it is necessary for the cleaning OpenSSL? Do not throw out the child along with the bath. Dynamic loading of crypto libraries into a framework is not acceptable. Furthermore, if you dig just a bit deeper, you will quickly realize that this code has not worked in our tree before. It was not enabled. It did not work. In the interests of full disclosure, do you work for the government or sell to the government?
Re: GOST was removed
In the interests of full disclosure, do you work for the government or sell to the government? And in the interests of full disclosure, please note, It's absolutely not political. We just deleted all the FIPS junk too. the right way to add GOST if you need it is not as an engine, but as a working cipher suite supported like all the others. what was there has never worked in our tree.
Re: GOST was removed
Hi, On Tue, Apr 15, 2014 at 09:24:48PM +, �?�?�?�?�? �?�?�?омин wrote: Log message: Remove the GOST engine: It is not compiled or used and depends on the dynamic engine feature that is not enabled in our build. People who need it can still pull it out of the Attic; if it is to have a Russian engine just because it's a Russian engine. -- This hash function is a formal requirement in all public institutions in Russia. Removing it, the work of people using OpenBSD in these institutions is greatly complicated by its return. This is a political decision, or indeed it is necessary for the cleaning OpenSSL? Do not throw out the child along with the bath. No, I have no objections against GOST and it is not a political decision. But the GOST engine was not even compiled on OpenBSD and we have OPENSSL_NO_DYNAMIC_ENGINE defined by default. It was just sitting in our source tree. If there is really a demand for GOST, the better way would be to include it as normal built-in ciphers and algorithms instead of using GOST with an engine. So we basically have concerns about these dynamic engines and code that is not enabled by default. Reyk
libexec/login_tis fallout after OpenSSL Valhalla rampage
ianm-openbsd:login_tis {123} make
cc -O2 -pipe -Wall -c /usr/src/libexec/login_tis/login_tis.c
In file included from /usr/src/libexec/login_tis/login_tis.c:43:
/usr/src/libexec/login_tis/login_tis.h:36: error: expected
specifier-qualifier-list before 'des_key_schedule'
/usr/src/libexec/login_tis/login_tis.c: In function 'tis_getkey':
/usr/src/libexec/login_tis/login_tis.c:396: error: 'struct
tis_connection' has no member named 'keysched'
/usr/src/libexec/login_tis/login_tis.c: In function 'tis_recv':
/usr/src/libexec/login_tis/login_tis.c:504: error: 'struct
tis_connection' has no member named 'keysched'
/usr/src/libexec/login_tis/login_tis.c: In function 'tis_send':
/usr/src/libexec/login_tis/login_tis.c:533: error: 'struct
tis_connection' has no member named 'keysched'
*** Error 1 in /usr/src/libexec/login_tis (:87 'login_tis.o')
Ian McWilliam
Re: libexec/login_tis fallout after OpenSSL Valhalla rampage
Fixed. Thanks for reporting. Miod
sbin/iked fallout after OpenSSL valahalla slashing
Hoope the attached diff is a correct fix. Hit me with the cluebat if
not.
cc -O2 -pipe -Wall -I/usr/src/sbin/iked -Wstrict-prototypes
-Wmissing-prototypes -Wmissing-declarations -Wshadow -Wpointer-arith
-Wcast-qual -Wsign-compare -fno-pie -c
/usr/src/sbin/iked/chap_ms.c/usr/src/sbin/iked/chap_ms.c: In function
'mschap_des_addparity':/usr/src/sbin/iked/chap_ms.c:104: error:
'des_cblock' undeclared (first use in this
function)/usr/src/sbin/iked/chap_ms.c:104: error: (Each undeclared
identifier is reported only once/usr/src/sbin/iked/chap_ms.c:104:
error: for each function it appears
in.)/usr/src/sbin/iked/chap_ms.c:104: error: expected expression
before ')' token/usr/src/sbin/iked/chap_ms.c: In function
'mschap_des_encrypt':/usr/src/sbin/iked/chap_ms.c:110: error:
'des_cblock' undeclared (first use in this
function)/usr/src/sbin/iked/chap_ms.c:110: error: expected ';' before
'des_key'/usr/src/sbin/iked/chap_ms.c:111: error: 'des_key_schedule'
undeclared (first use in this
function)/usr/src/sbin/iked/chap_ms.c:111: error: expected ';' before
'key_schedule'/usr/src/sbin/iked/chap_ms.c:113: error: 'des_key'
undeclared (first use in this
function)/usr/src/sbin/iked/chap_ms.c:115: error: 'key_schedule'
undeclared (first use in this
function)/usr/src/sbin/iked/chap_ms.c:116: error: expected expression
before ')' token/usr/src/sbin/iked/chap_ms.c:117: error: too few
arguments to function 'DES_ecb_encrypt'*** Error 1 in
/usr/src/sbin/iked (:87 'chap_ms.o')
? chap_ms.c.ianm? ided.diffIndex:
chap_ms.c===RCS
file: /cvs/src/sbin/iked/chap_ms.c,vretrieving revision 1.6diff -u -p
-u -p -r1.6 chap_ms.c--- chap_ms.c 8 Jan 2013 10:38:19 -
1.6+++ chap_ms.c 16 Apr 2014 05:30:50 -@@ -101,19 +101,19 @@
mschap_des_addparity(u_int8_t *key, u_in des_key[6] =
get7bits(key, 42); des_key[7] = get7bits(key, 49);
- DES_set_odd_parity((des_cblock *)des_key);+
DES_set_odd_parity((DES_cblock *)des_key); }
void mschap_des_encrypt(u_int8_t *clear, u_int8_t *key, u_int8_t
*cipher) {- des_cblock des_key;-
des_key_schedule key_schedule;+ DES_cblock
des_key;+ DES_key_schedule
key_schedule;
mschap_des_addparity(key, des_key);
DES_set_key(des_key, key_schedule);-
DES_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher,+
DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher,
key_schedule, 1); }
