Mail Archives: cygwin/2003/04/15/22:19:03
At 03:02 PM 4/9/2003 -0400, Rob Siklos wrote:
>Hello all,
>
>I posted this a while ago, but nobody said anything. I'm using the latest
>everything. cygcheck info attached.
>
>from any machine, rlogin into a cygwin machine, and then from that session,
>rlogin anywhere (host doesn't even have to be valid) - rlogin will crash
>with a stackdump.
With a little bit of luck I found out it's a tcgetattr problem, and possibly
a rlogin problem.
Here is the offending code from rlogin.c, with an extra printf
int
speed(fd)
int fd;
{
struct termios tt;
(void)tcgetattr(fd, &tt);
fprintf(stderr, "Speed %d\n", cfgetispeed(&tt));
return (speeds[(int)cfgetispeed(&tt)]);
}
Here is what happens
/usr/src/inetutils-1.3.2-20/rlogin: ./rlogin localhost
Speed 15 <XXXXXXXXXXXXXXXXX
Fanfare!!!
You are successfully logged in to this server!!!
~: cd /usr/src/inetutils-1.3.2-20/rlogin
/usr/src/inetutils-1.3.2-20/rlogin: ./rlogin xxx
Speed 38400 <XXXXXXXXXXXXXXXXXXX
Segmentation fault (core dumped)
So in one case the speed is the #define B38400, in the other case
it is 38400, causing an overflow from the speeds[] array.
Note that rlogin.c has an #if BSD >= 198810 and is currently using
the #else branch. The speed[] array is limited to speeds up to 38400.
Is that enough?
That also explains why stty reports a speed of 0 after rlogging in,
38400 before. At least it doesn't segfaults.
"strace rlogin xxxx" always segfaults because tcgetattr returns -1,
the speed is garbage, and rlogin doesn't check error values.
Pierre
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -