Index: ossp-pkg/l2/TODO RCS File: /v/ossp/cvs/ossp-pkg/l2/TODO,v rcsdiff -q -kk '-r1.58' '-r1.59' -u '/v/ossp/cvs/ossp-pkg/l2/TODO,v' 2>/dev/null --- TODO 2003/01/06 11:41:51 1.58 +++ TODO 2003/01/27 16:01:35 1.59 @@ -9,6 +9,18 @@ TODO ==== +20030127 thl + Fixed a bug in l2_channel.c:l2_channel_destroy() where chD was + passing a pointer to l2_channel_downstream() to find a sibling of a + previously free(3)d node. This caused a bus error on FreeBSD5 where + free(3) filled the free area with nonzero data. All other + implementations seem to keep the data and l2_channel_downstream() + traversed through still valid pointers in unmalloc(3)ed areas. This + caused openssh using fsl v1.0.6 to fail on FreeBSD5. The fix was + implemented in l2_channel_destroy() through look-ahead. This is once + again a basic iteration problem which can catch us in other places + as well. This needs to be verified. + Structure of channels and documentation [thl]. It should be possible to drag the documentation out of a channel's source code. Everything else is error prone and a documentation nightmare. Currently, most (noop and Index: ossp-pkg/l2/l2_channel.c RCS File: /v/ossp/cvs/ossp-pkg/l2/l2_channel.c,v rcsdiff -q -kk '-r1.30' '-r1.31' -u '/v/ossp/cvs/ossp-pkg/l2/l2_channel.c,v' 2>/dev/null --- l2_channel.c 2003/01/06 11:41:51 1.30 +++ l2_channel.c 2003/01/27 16:01:35 1.31 @@ -455,8 +455,10 @@ l2_result_t l2_channel_destroy(l2_channel_t *ch) { l2_result_t rv; - l2_result_t rvD; + l2_result_t rvD; /* downstream */ l2_channel_t *chD; + l2_result_t rvL; /* lookahead */ + l2_channel_t *chL; /* argument sanity check */ if (ch == NULL) @@ -477,9 +479,16 @@ if (rv == L2_OK_PASS) { rv = L2_OK; chD = NULL; - while (l2_channel_downstream(ch, &chD) == L2_OK) - if ((rvD = l2_channel_destroy(chD)) != L2_OK) - rv = rvD; + if (l2_channel_downstream(ch, &chD) == L2_OK) { + chL = chD; + do { + rvL = l2_channel_downstream(ch, &chL); + if ((rvD = l2_channel_destroy(chD)) != L2_OK) + rv = rvD; + if (rvL == L2_OK) + chD = chL; + } while ((rv == L2_OK) && (rvL == L2_OK)); + } } /* free channel structure */ Index: ossp-pkg/l2/l2_test.c RCS File: /v/ossp/cvs/ossp-pkg/l2/l2_test.c,v rcsdiff -q -kk '-r1.51' '-r1.52' -u '/v/ossp/cvs/ossp-pkg/l2/l2_test.c,v' 2>/dev/null --- l2_test.c 2003/01/06 11:41:52 1.51 +++ l2_test.c 2003/01/27 16:01:35 1.52 @@ -89,10 +89,11 @@ " filter(regex=hecking, negate=0)" " -> prefix(prefix=\"[%d-%m-%Y/%H:%M:%S] %L test[%P]: \", timezone=local)" " -> buffer(size=800)" -/* " -> buffer(size=800, timer=on)"*/ " -> file(path=l2_test.log, append=1, perm=0644) ;" +/* " syslog(ident=L2-Test, facility=user, " " remotehost=localhost, logpid=1, target=remote)" +*/ "}"; fprintf(stderr, "configuring: %s\n", spec); if ((rv = l2_spec(&ch, env, "%s", spec)) != L2_OK) @@ -158,11 +159,11 @@ /* perform a few log operations */ if ((rv = l2_channel_log(ch, L2_LEVEL_PANIC, "1: Checking localhost %s %{myparm}k <%{text}S><%{hex}S><%{base64}S>\n", "foo", 12345, "foo\1bar", 7, "foo\1bar", 7, "foo\1bar", 7)) != L2_OK) die(env, rv, "failed to log message #1 to channel"); - if ((rv = l2_channel_log(ch, L2_LEVEL_PANIC, "2: Shecking\n")) != L2_OK) + if ((rv = l2_channel_log(ch, L2_LEVEL_PANIC, "2: Checking\n")) != L2_OK) die(env, rv, "failed to log message #2 to channel"); if ((rv = l2_channel_log(ch, L2_LEVEL_PANIC, "3: Checking localhost %s %{myparm}k <%{text}S><%{hex}S><%{base64}S>\n", "foo", 12345, "foo\1bar", 7, "foo\1bar", 7, "foo\1bar", 7)) != L2_OK) die(env, rv, "failed to log message #3 to channel"); - if ((rv = l2_channel_log(ch, L2_LEVEL_PANIC, "4: Shecking\n")) != L2_OK) + if ((rv = l2_channel_log(ch, L2_LEVEL_PANIC, "4: Checking\n")) != L2_OK) die(env, rv, "failed to log message #4 to channel"); /* destroy channel tree */