Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-Id: <3.0.5.32.20030415221945.007f8950@incoming.verizon.net>
X-Sender: vze1u1tg AT incoming DOT verizon DOT net
Date: Tue, 15 Apr 2003 22:19:45 -0400
To: "Rob Siklos" <rob2 AT siklos DOT ca>, <cygwin AT cygwin DOT com>
From: "Pierre A. Humblet" <Pierre DOT Humblet AT ieee DOT org>
Subject: tcgetattr problem [Was Re: 1.3.22: bug report: rlogin crashes
  when run from an existing rlogin session]
In-Reply-To: <00e201c2feca$8cf4d660$cc0aa8c0@adexainc.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"

At 03:02 PM 4/9/2003 -0400, Rob Siklos wrote:
>Hello all,
>
>I posted this a while ago, but nobody said anything.  I'm using the latest
>everything.  cygcheck info attached.
>
>from any machine, rlogin into a cygwin machine, and then from that session,
>rlogin anywhere (host doesn't even have to be valid) - rlogin will crash
>with a stackdump.

With a little bit of luck I found out it's a tcgetattr problem, and possibly
a rlogin problem.

Here is the offending code from rlogin.c, with an extra printf
int
speed(fd)
	int fd;
{
	struct termios tt;

	(void)tcgetattr(fd, &tt);
   fprintf(stderr, "Speed %d\n", cfgetispeed(&tt));
	return (speeds[(int)cfgetispeed(&tt)]);
}
Here is what happens

/usr/src/inetutils-1.3.2-20/rlogin: ./rlogin localhost
Speed 15         <XXXXXXXXXXXXXXXXX
Fanfare!!!
You are successfully logged in to this server!!!

~: cd /usr/src/inetutils-1.3.2-20/rlogin
/usr/src/inetutils-1.3.2-20/rlogin: ./rlogin xxx
Speed 38400      <XXXXXXXXXXXXXXXXXXX
Segmentation fault (core dumped)

So in one case the speed is the #define B38400, in the other case
it is 38400, causing an overflow from the speeds[] array.

Note that rlogin.c has an #if BSD >= 198810 and is currently using 
the #else branch. The speed[] array is limited to speeds up to 38400.
Is that enough?

That also explains why stty reports a speed of 0 after rlogging in,
38400 before. At least it doesn't segfaults. 
"strace rlogin xxxx" always segfaults because tcgetattr returns -1, 
the speed is garbage, and rlogin doesn't check error values.

Pierre

 


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/