Skip Menu |
 

From hmkash@ARL.MIL Wed Feb 4 18:07:51 1998
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id SAA22818 for <bugs@RT-11.MIT.EDU>; Wed, 4 Feb 1998 18:07:38 -0500
Received: from admii.arl.mil by MIT.EDU with SMTP
id AA13095; Wed, 4 Feb 98 18:07:50 EST
Message-Id: <9802041802.aa27610@ADMII.ARL.MIL>
Date: Wed, 4 Feb 98 18:02:16 EST
From: hmkash@ARL.MIL
Sender: hmkash@ARL.MIL
Reply-To: hmkash@ARL.MIL
To: krb5-bugs@MIT.EDU
Cc: hmkash@ARL.MIL
Subject: telnetd coredumps calling cleanup() twice
X-Send-Pr-Version: 3.99

Show quoted text
>Number: 546
>Category: telnet
>Synopsis: telnetd coredumps calling cleanup() twice
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: tlyu
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Wed Feb 04 18:08:01 EST 1998
>Last-Modified: Mon Feb 23 23:13:14 EST 1998
>Originator: Howard Kash
>Organization:
U.S. Army Research Lab
Show quoted text
>Release: krb5-1.0.4
>Environment:

System: IRIX admii 5.3 11091810 IP7 mips


Show quoted text
>Description:

Telnetd would core dump when user logged out or if ^D was typed at
the login: prompt. The following gdb output shows that it was
failing in the utmp cleanup and that the utmp cleanup was occuring
twice (once for the SIGCHLD signal handler and once for the cleanup(0)
call in the telnet() function in telnetd.c):

(gdb) where
#0 strcpy () at strcpy.s:123
#1 0xfafd494 in _utmpname () at getut.c:97
#2 0x42e9e8 in pty_update_utmp ()
#3 0x42ec5c in pty_cleanup ()
#4 0x419494 in cleanup ()
#5 <signal handler called>
#6 0xfac77b4 in _xstat () at xstat.s:12
#7 0xfac66c4 in _stat () at stat.c:11
#8 0xface92c in _synchutmp () at getut.c:97
#9 0xfb023b8 in _getutent () at getut.c:133
#10 0xfafd0ac in _pututline () at getut.c:97
#11 0x42ead0 in pty_update_utmp ()
#12 0x42ec5c in pty_cleanup ()
#13 0x419494 in cleanup ()
#14 0x412904 in telnet ()
#15 0x411514 in doit ()
#16 0x4101a0 in main ()

The problem may not be that cleanup() was being called twice, but that
it was being interrupted by the signal and left utmp in an unstable
state.


Show quoted text
>How-To-Repeat:

Logout of an IRIX 5.3 telnet session or type ^D at the telnet login:
prompt. Doesn't seem to happen all of the time, probably depends on the
timing of the SIGCHLD signal (or maybe an entirely different problem).
Show quoted text
>Fix:

My fix was to add the following line before the cleanup(0) call in the
telnet() funtion in telnetd.c:

(void) signal(SIGCHLD, SIG_DFL);

It may need to be added before all explicit calls to cleanup() in the
telnetd source. (???)
Show quoted text
>Audit-Trail:

Responsible-Changed-From-To: gnats-admin->tlyu
Responsible-Changed-By: tlyu
Responsible-Changed-When: Sun Feb 22 21:25:43 1998
Responsible-Changed-Why:

Refiled

State-Changed-From-To: open-closed
State-Changed-By: tlyu
State-Changed-When: Mon Feb 23 23:10:04 1998
State-Changed-Why:

Thanks for the fix. It has been applied.
src/appl/telnet/telnetd/state.c 5.72
src/appl/telnet/telnetd/telnetd.c 5.26
src/appl/telnet/telnetd/utility.c 5.11

Show quoted text
>Unformatted: