Hi Miod,
Thanks for helping. With this patch unfortunatly I still get a trap 2 on
my small unifi security gateway which I pulled out again to test your patch.
------->
cnmac0: 192.168.177.35 lease accepted from 192.168.177.1 (24:a4:3c:06:9f:16)
pppoe0: received unexpected PADO
pppoe0: host unique tag found, but it belongs to a connection in state 3
Trap cause = 2 Frame 0x980000000ffdb860
Trap PC 0xffffffff811ac34c RA 0xffffffff813a09bc fault 0x0
smallcpy+0x8 (1,9800000001e1e476,1,2) ra 0xffffffff813a09bc sp 0x980000000ffdb9
b8, sz 0
sppp_auth_send+0x10c (1,9800000001e1e476,1,2) ra 0xffffffff8139c844 sp 0x980000
000ffdb9b8, sz 144
sppp_lcp_tlu+0x274 (1,9800000001e1e476,1,2) ra 0xffffffff81396514 sp 0x98000000
0ffdba48, sz 128
sppp_cp_input+0x141c (1,9800000001e1e476,1,2) ra 0xffffffff81394a08 sp 0x980000
000ffdbac8, sz 112
sppp_input+0x1d0 (1,9800000001e1e476,1,2) ra 0xffffffff8148d2e4 sp
0x980000000ffdbb38, sz 80
pppoeintr+0xf9c (1,9800000001e1e476,1,2) ra 0xffffffff814a44d8 sp 0x980000000ff
dbb88, sz 400
User-level: pid 68736
stopped on non ddb fault
Stopped at smallcpy+0x8: lbu v1,0(a0)
ddb{0}>
<-------
Sorry that it does this. My patch still stands I'm amazed!
Best Regards,
-peter
On Wed, Oct 23, 2019 at 05:15:41PM -0000, Miod Vallat wrote:
>
> > Try changing all the final 0 in sppp_auth_send() to 0UL and this ought
> > to work. This function needs __attribute__((__sentinel__)) as well to
> > prevent such mistakes from occurring again.
>
> The sentinel attribute wants a pointer, not a zero size_t,
> unfortunately.
>
> Please try this diff.
>
> Index: if_spppsubr.c
> ===================================================================
> RCS file: /OpenBSD/src/sys/net/if_spppsubr.c,v
> retrieving revision 1.179
> diff -u -p -r1.179 if_spppsubr.c
> --- if_spppsubr.c 24 Jun 2019 21:36:53 -0000 1.179
> +++ if_spppsubr.c 23 Oct 2019 17:12:53 -0000
> @@ -3340,7 +3340,7 @@ sppp_chap_input(struct sppp *sp, struct
> sizeof digest, digest,
> strlen(sp->myauth.name),
> sp->myauth.name,
> - 0);
> + 0UL);
> break;
>
> case CHAP_SUCCESS:
> @@ -3460,7 +3460,7 @@ sppp_chap_input(struct sppp *sp, struct
> /* action scn, tld */
> sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident,
> sizeof(FAILMSG) - 1, (u_char *)FAILMSG,
> - 0);
> + 0UL);
> chap.tld(sp);
> break;
> }
> @@ -3469,7 +3469,7 @@ sppp_chap_input(struct sppp *sp, struct
> sp->state[IDX_CHAP] == STATE_OPENED)
> sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident,
> sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG,
> - 0);
> + 0UL);
> if (sp->state[IDX_CHAP] == STATE_REQ_SENT) {
> sppp_cp_change_state(&chap, sp, STATE_OPENED);
> chap.tlu(sp);
> @@ -3647,7 +3647,7 @@ sppp_chap_scr(struct sppp *sp)
> (size_t)AUTHCHALEN, sp->chap_challenge,
> strlen(sp->myauth.name),
> sp->myauth.name,
> - 0);
> + 0UL);
> }
> /*
> *--------------------------------------------------------------------------*
> @@ -3726,7 +3726,7 @@ sppp_pap_input(struct sppp *sp, struct m
> sppp_auth_send(&pap, sp, PAP_NAK, h->ident,
> sizeof mlen, (const char *)&mlen,
> sizeof(FAILMSG) - 1, (u_char *)FAILMSG,
> - 0);
> + 0UL);
> pap.tld(sp);
> break;
> }
> @@ -3737,7 +3737,7 @@ sppp_pap_input(struct sppp *sp, struct m
> sppp_auth_send(&pap, sp, PAP_ACK, h->ident,
> sizeof mlen, (const char *)&mlen,
> sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG,
> - 0);
> + 0UL);
> }
> if (sp->state[IDX_PAP] == STATE_REQ_SENT) {
> sppp_cp_change_state(&pap, sp, STATE_OPENED);
> @@ -3952,7 +3952,7 @@ sppp_pap_scr(struct sppp *sp)
> (size_t)idlen, sp->myauth.name,
> sizeof pwdlen, (const char *)&pwdlen,
> (size_t)pwdlen, sp->myauth.secret,
> - 0);
> + 0UL);
> }
> /*
> * Random miscellaneous functions.
