Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Date: Tue, 15 Apr 2003 22:53:24 -0400
From: Christopher Faylor <cgf AT redhat DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: tcgetattr problem [Was Re: 1.3.22: bug report: rlogin crashes when run from an existing rlogin session]
Message-ID: <20030416025324.GB18999@redhat.com>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <00e201c2feca$8cf4d660$cc0aa8c0 AT adexainc DOT com> <3 DOT 0 DOT 5 DOT 32 DOT 20030415221945 DOT 007f8950 AT incoming DOT verizon DOT net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3.0.5.32.20030415221945.007f8950@incoming.verizon.net>
User-Agent: Mutt/1.4.1i

On Tue, Apr 15, 2003 at 10:19:45PM -0400, Pierre A. Humblet wrote:
>At 03:02 PM 4/9/2003 -0400, Rob Siklos wrote:
>>Hello all,
>>
>>I posted this a while ago, but nobody said anything.  I'm using the latest
>>everything.  cygcheck info attached.
>>
>>from any machine, rlogin into a cygwin machine, and then from that session,
>>rlogin anywhere (host doesn't even have to be valid) - rlogin will crash
>>with a stackdump.
>
>With a little bit of luck I found out it's a tcgetattr problem, and possibly
>a rlogin problem.
>
>Here is the offending code from rlogin.c, with an extra printf
>int
>speed(fd)
>	int fd;
>{
>	struct termios tt;
>
>	(void)tcgetattr(fd, &tt);
>   fprintf(stderr, "Speed %d\n", cfgetispeed(&tt));
>	return (speeds[(int)cfgetispeed(&tt)]);
>}
>Here is what happens
>
>/usr/src/inetutils-1.3.2-20/rlogin: ./rlogin localhost
>Speed 15         <XXXXXXXXXXXXXXXXX
>Fanfare!!!
>You are successfully logged in to this server!!!
>
>~: cd /usr/src/inetutils-1.3.2-20/rlogin
>/usr/src/inetutils-1.3.2-20/rlogin: ./rlogin xxx
>Speed 38400      <XXXXXXXXXXXXXXXXXXX
>Segmentation fault (core dumped)
>
>So in one case the speed is the #define B38400, in the other case
>it is 38400, causing an overflow from the speeds[] array.

It sounds like rlogin itself is setting the speed to 38400,
maybe using cfsetospeed or cfsetispeed.  I'll check in a fix that
adds some needed bounds checking on the setting.

cgf

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/