[2875] in Kerberos-V5-bugs
pending/546: telnetd core dump
daemon@ATHENA.MIT.EDU (hmkash@ARL.MIL)
Wed Feb 4 18:08:08 1998
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: gnats-admin@rt-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, hmkash@ARL.MIL
Date: Wed, 4 Feb 98 18:02:16 EST
From: hmkash@ARL.MIL
Reply-To: hmkash@ARL.MIL
To: krb5-bugs@MIT.EDU
Cc: hmkash@ARL.MIL
>Number: 546
>Category: pending
>Synopsis: telnetd core dump
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: gnats-admin
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Wed Feb 04 18:08:01 EST 1998
>Last-Modified:
>Originator: Howard Kash
>Organization:
U.S. Army Research Lab
>Release: krb5-1.0.4
>Environment:
System: IRIX admii 5.3 11091810 IP7 mips
>Description:
Telnetd would core dump when user logged out or if ^D was typed at
the login: prompt. The following gdb output shows that it was
failing in the utmp cleanup and that the utmp cleanup was occuring
twice (once for the SIGCHLD signal handler and once for the cleanup(0)
call in the telnet() function in telnetd.c):
(gdb) where
#0 strcpy () at strcpy.s:123
#1 0xfafd494 in _utmpname () at getut.c:97
#2 0x42e9e8 in pty_update_utmp ()
#3 0x42ec5c in pty_cleanup ()
#4 0x419494 in cleanup ()
#5 <signal handler called>
#6 0xfac77b4 in _xstat () at xstat.s:12
#7 0xfac66c4 in _stat () at stat.c:11
#8 0xface92c in _synchutmp () at getut.c:97
#9 0xfb023b8 in _getutent () at getut.c:133
#10 0xfafd0ac in _pututline () at getut.c:97
#11 0x42ead0 in pty_update_utmp ()
#12 0x42ec5c in pty_cleanup ()
#13 0x419494 in cleanup ()
#14 0x412904 in telnet ()
#15 0x411514 in doit ()
#16 0x4101a0 in main ()
The problem may not be that cleanup() was being called twice, but that
it was being interrupted by the signal and left utmp in an unstable
state.
>How-To-Repeat:
Logout of an IRIX 5.3 telnet session or type ^D at the telnet login:
prompt. Doesn't seem to happen all of the time, probably depends on the
timing of the SIGCHLD signal (or maybe an entirely different problem).
>Fix:
My fix was to add the following line before the cleanup(0) call in the
telnet() funtion in telnetd.c:
(void) signal(SIGCHLD, SIG_DFL);
It may need to be added before all explicit calls to cleanup() in the
telnetd source. (???)
>Audit-Trail:
>Unformatted:
no
IRIX 5.3 telnetd core dumps during cleanup
non-critical
medium
krb5-appl
sw-bug
