[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [patch] null-pointer exception in hurd/libpipe/pq.c
From: |
Stefan Siegl |
Subject: |
Re: [patch] null-pointer exception in hurd/libpipe/pq.c |
Date: |
Tue, 25 Jul 2006 22:34:44 +0200 |
User-agent: |
Mutt/1.5.11+cvs20060403 |
Hello!
On Tue, Jul 25, 2006 at 04:09:51PM +0200, Thomas Schwinge wrote:
> How / why did this happen for you and why didn't it happen for other
> people in the past?
well, I noticed the bug when I tried to use ssh's ControlMaster feature
(see its manpage for details). Short, to reproduce it, start a
ssh-master (`ssh -M $hostname') and then try to open a slave connection
(just `ssh $hostname') to it. The slave process will then try to talk
to the master process using a common named pipe (you can specify where
it shall be written out using the `ControlPath' option, by the way).
Then pflocal will crash as soon as you launch the slave-ssh process,
i.e. as soon as it tries to send data to the master for the first time.
I haven't tracked it down to the last detail (especially I haven't
written any test code), but it seems to be related to sendmsg calls. At
least sendmsg is the only call, which triggers control packages:
,-- [glibc]/sysdeps/mach/hurd/sendmsg.c
| /* Send the data. */
| err = __socket_send (port, aport,
| flags, data.ptr, len,
| NULL,
| MACH_MSG_TYPE_COPY_SEND, 0,
| message->msg_control,
| message->msg_controllen,
| &amount);
`--
... the send call for example just provides NULL for msg_control and
zero for msg_controllen. However a control package needs to be sent for
the bug to occur (see `pipe_send' from [hurd]/libpipe/pipe.c).
Concerning your questions why this hasn't shown in the past, well,
probably nobody has tried to use sendmsg to send aucillary data through
a (named) pipe so far. Cannot think of another reason.
regards,
stesie
--
Stefan Siegl <stesie@brokenpipe.de>