k0ga reports:
Hello,
While I was setting my pppoe conexion with my ISP
I discovered several problems in ip/pppoe. I used
the command line ip/pppoe -A '' ether0 and I got
this:
...
dropping unwanted pkt: wrong ac name
panic: D2B called on non-block dc10 (double-free?)
note rcved: sys: trap: fault read addr=0x0 pc=0x000066e1
pppoe 1013: suicide: sys: trap: fault read addr=0x0 pc=0x000066e1
cpu% acid 1013
/proc/1013/text:386 plan 9 executable
/sys/lib/acid/port
/sys/lib/acid/386
acid: stk()
abort()+0x0 /sys/src/libc/9sys/abort.c:6
ppanic(p=0xd1b8,fmt=0xc7f9)+0x146 /sys/src/libc/port/malloc.c:166
D2B(p=0xd1b8,v=0xdc10)+0x57 /sys/src/libc/port/pool.c:926
poolfreel(v=0xdc10,p=0xd1b8)+0x20 /sys/src/libc/port/pool.c:1152
poolfree(p=0xd1b8,v=0xdc10)+0x3b /sys/src/libc/port/pool.c:1287
free(v=0xdc18)+0x23 /sys/src/libc/port/malloc.c:250
clearstate()+0x1b /sys/src/cmd/ip/pppoe.c:328
pppoe(ether=0xdfffefc1)+0x123 /sys/src/cmd/ip/pppoe.c:426
main(argv=0xdfffefa0,argc=0x1)+0x89 /sys/src/cmd/ip/pppoe.c:100
_main+0x31 /sys/src/libc/386/main9.s:16
acid:
clearstate() is called in pppoe.c:424, and it frees acname and sets it
to nil. pktread() is called in pppoe.c:434 with parameter wantoffer,
which frees acname again in line pppoe.c:360 but doesn't set it to
nil, so clearstate() makes a double free in the next iteration.
for version <= TLS1.1, there is no sigalg field in the ServerKeyExchange
message and the signature digest algorithm is fixed to md5+sha1 and we
only support RSA signatures (TLS1.1 doesnt know about ECDSA).
this allows running kbdfs under kbdfs :-)
going use this in new drawterm. drawterm provides the initial
/dev/kbd, but only sends rune up/down messages (keeps it simple).
the servers kbdfs reads that and exports itself the full
set of files, similar to what we do in vncs. this also
provides note processing.
the dns file service can be restarted, which causes it to forget
all fid state. given the simple file system structure of the dns
service (just a single dns file), we can assume that rpcs
on a unknown fid refers to the root, so the mountpoint will stay
valid and /net/dns can be reopend avoiding the need for a remount
of the dns service after restart.
The execexec() function should never return, as it irreversably changes
the filedescriptor table for the new program. This means rc's internal
filedesciptors for reading the script get implicitely closed and we cannot
continue the rc interpreter when Execute() fails. So Execute() now sets the
error status, and execexec() runs Xexit() in case Execute() returns.
when we look up role=speakfor key and askforkeys is set, the
findkey() can return RpcNeedkey, which causes us to skip the
query for a role=client key. Instead, we now check for the
return value != RpcOk (and != RpcConfirm which we want to
handle the same for both queries).
we have to free the attribute lists when returning RpcConfirm.
the ini buffer was not reset when we got eof in the message
body read causing a endless loop. instead of defining our
own read9pmsg() function, just handle the first read specially
when we consumed the first 4 bytes for the "impo" protocol
escape check.
this code was if(0) for a long time due to wrong parentesis,
fixed parentesis cause print spam on some machines making them
unusage (kenji okomoto). removing the check alltogether.
this is a reimplementation of cpu and import utilities in rc using a tlsclient
and tlssrv as the encryption and authentication layers. there is only one new
service, which after authentication and encryption setup accepts an arbitrary
rc script over the network and executes it with the standard filedescriptors
redirected to the conversaion (this is *after* authentication and in the
context of the authorized user).
the new rcpu program has a few improvements over cpu(1):
- doesnt mangle program arguments
- the remote process will get the clients standard file descriptors, so error
and output are separated and you can consume the clients input from the
remote side :-)
- forwards error status of remote process
theres no backwards mode for rimport, but a new program called rexport
for the same purpose.
all these services use exportfs without the bolted on initial handshake,
so the hope is to clean up exportfs in the future and remove all the ugly
crap in there.
theres a bootstrap problem:
when /bin/init is run, it processes /lib/namespace where we might want to
mount or bind resources to /n or /mnt. but mntgen was run later in
cpurc/termrc so these mounts would be ignored.
we already have mntgen in bootfs, so we can provide these mountpoints early.
i keep the termrc/cpurc mntgens where they are, but ignore the error
prints. this way old kernels will continue to work.
When a window is moved or reshaped, that implicitely tops
the window and makes it current. The conseqence of this
is that we always have to redraw the window as if it where
a current window in any case. This was handled for Reshaped
windows, but not when the window was just moved. We now
handle both cases the exact same way, getting rid of the
Moved wctl message.
