From nobody@FreeBSD.org  Fri Feb  7 11:29:03 2014
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
	(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by hub.freebsd.org (Postfix) with ESMTPS id E05B3F1C
	for <freebsd-gnats-submit@FreeBSD.org>; Fri,  7 Feb 2014 11:29:02 +0000 (UTC)
Received: from oldred.freebsd.org (oldred.freebsd.org [IPv6:2001:1900:2254:206a::50:4])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.freebsd.org (Postfix) with ESMTPS id CA46F1FC0
	for <freebsd-gnats-submit@FreeBSD.org>; Fri,  7 Feb 2014 11:29:02 +0000 (UTC)
Received: from oldred.freebsd.org ([127.0.1.6])
	by oldred.freebsd.org (8.14.5/8.14.7) with ESMTP id s17BT2Y8084438
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 7 Feb 2014 11:29:02 GMT
	(envelope-from nobody@oldred.freebsd.org)
Received: (from nobody@localhost)
	by oldred.freebsd.org (8.14.5/8.14.5/Submit) id s17BT2HE084431;
	Fri, 7 Feb 2014 11:29:02 GMT
	(envelope-from nobody)
Message-Id: <201402071129.s17BT2HE084431@oldred.freebsd.org>
Date: Fri, 7 Feb 2014 11:29:02 GMT
From: Alexander Zagrebin <alexz@visp.ru>
To: freebsd-gnats-submit@FreeBSD.org
Subject: ppp(8): bug in the chat implementation (incorrect handling of an expect-send-expect sequences)
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         186530
>Category:       bin
>Synopsis:       [patch] ppp(8): bug in the chat implementation (incorrect handling of an expect-send-expect sequences)
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    brueffer
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Feb 07 11:30:00 UTC 2014
>Closed-Date:    Fri Feb 21 10:29:44 CET 2014
>Last-Modified:  Fri Feb 21 09:30:04 UTC 2014
>Originator:     Alexander Zagrebin
>Release:        FreeBSD 10.0-RELEASE
>Organization:
-
>Environment:
FreeBSD <...> 10.0-RELEASE FreeBSD 10.0-RELEASE #0 r261078: Thu Jan 23 18:17:16 MSK 2014     root@<...>:/usr/obj/usr/src/sys/GENERIC  amd64
>Description:
If we're using an expect-send-expect sequence in a chat script, then under certain conditions the chat script can work incorrectly.

For example, suppose we're using the ppp(8) with the some modem.
We need initialize it before dialing:
Suppose, we have to send "ATCMD1" and to get response "ERROR".
If modem's response isn't "ERROR", then we have to send ATCMD2 and to get response "OK".
In this case we have to use the following chat script:
"TIMEOUT 2 \"\" ATCMD1 ERROR-ATCMD2-OK ATD CONNECT" (see attached ppp.conf)

Suppose, under certain conditions the modem will respond "OK" to the "ATCMD1" command, and "ERROR" to the following "ATCMD2". Such behavior can be simulated with the chat(8) (see "How to repeat the problem").

At such conditions the ppp(8) has to report error while processing the chat script ("Warning: Chat script failed") because "ATCMD2" failed, but it isn't occurs.

After looking a source code I've found, that while processing an expect-send-expect sequence ppp doesn't clear an input buffer between two commands.
So the chat processes the response from the first command instead of second one.
>How-To-Repeat:
To repeat problem you will need the nmdm(4) driver:

# kldload nmdm

On the first console you have to run a modem simulator:

# chat -vs ATCMD1 OK\n ATCMD2 ERROR\n ATD CONNECT < /dev/nmdm0B > /dev/nmdm0B

On the second console you have to run ppp (ppp.conf is attached)

# ppp

See /var/log/ppp.log
It will contain text like this:

ppp[16836]: Phase: Using interface: tun0
ppp[16836]: Phase: deflink: Created in closed state
ppp[16836]: Chat: deflink: Dial attempt 1 of 1
ppp[16836]: Chat: Send: ATCMD1^M
ppp[16836]: Chat: Expect(2): ERROR
ppp[16836]: Chat: Received: ATCMD1^M
ppp[16836]: Chat: Expect timeout
ppp[16836]: Chat: Send: ATCMD2^M
ppp[16836]: Chat: Send: ATD^M
ppp[16836]: Chat: Expect(2): CONNECT
ppp[16836]: Chat: Received: n^MERRORn^MCONNECT

So, despite the fact that "ATCMD2" has returned an "ERROR", the chat script has not stopped with error, but has continued.
>Fix:
There are two possible decisions:
1. To clear an input buffer before sending each command
2. To clear an input buffer at the case of the timeout error while handling an expect-send-expect sequence

I've chose the second one (see attached patch).
As result the log of the patched ppp contains:
ppp[16934]: Phase: Using interface: tun0
ppp[16934]: Phase: deflink: Created in closed state
ppp[16934]: Chat: deflink: Dial attempt 1 of 1
ppp[16934]: Chat: Send: ATCMD1^M
ppp[16934]: Chat: Expect(2): ERROR
ppp[16934]: Chat: Expect timeout
ppp[16934]: Chat: Send: ATCMD2^M
ppp[16934]: Chat: Expect(2): OK
ppp[16934]: Chat: Expect timeout
ppp[16934]: Warning: Chat script failed

So we have an expected behavior now.



Patch attached with submission follows:

patch-ppp-chat.c+++ usr.sbin/ppp/chat.c		2014-02-07 09:07:00.000000000 +0400
@@ -154,6 +154,11 @@ chat_UpdateSet(struct fdescriptor *d, fd
     else {
       /* c->state = CHAT_EXPECT; */
       c->argptr = &arg_term;
+      /*
+        We have to clear an input buffer, because it contains an output from the
+        previous (timeouted) command
+      */
+      c->bufstart = c->bufend;
     }
     c->TimedOut = 0;
   }
    set log Chat
    set device /dev/nmdm0A
    set dial "TIMEOUT 2 \"\" ATCMD1 ERROR-ATCMD2-OK ATD CONNECT"
    open
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->patched 
State-Changed-By: brueffer 
State-Changed-When: Fri Feb 14 21:34:50 CET 2014 
State-Changed-Why:  
Committed, thanks! 


Responsible-Changed-From-To: freebsd-bugs->brueffer 
Responsible-Changed-By: brueffer 
Responsible-Changed-When: Fri Feb 14 21:34:50 CET 2014 
Responsible-Changed-Why:  
MFC reminder. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=186530 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/186530: commit references a PR
Date: Fri, 14 Feb 2014 20:34:31 +0000 (UTC)

 Author: brueffer
 Date: Fri Feb 14 20:34:24 2014
 New Revision: 261900
 URL: http://svnweb.freebsd.org/changeset/base/261900
 
 Log:
   In chat_UpdateSet(), initialize the input buffer to prevent stale data
   from previous timed out commands.
   
   PR:		186530
   Submitted by:	Alexander Zagrebin <alexz at visp.ru>
   Reviewed by:	brian
   MFC after:	1 week
 
 Modified:
   head/usr.sbin/ppp/chat.c
 
 Modified: head/usr.sbin/ppp/chat.c
 ==============================================================================
 --- head/usr.sbin/ppp/chat.c	Fri Feb 14 20:11:06 2014	(r261899)
 +++ head/usr.sbin/ppp/chat.c	Fri Feb 14 20:34:24 2014	(r261900)
 @@ -154,6 +154,11 @@ chat_UpdateSet(struct fdescriptor *d, fd
      else {
        /* c->state = CHAT_EXPECT; */
        c->argptr = &arg_term;
 +      /*
 +	We have to clear the input buffer, because it contains output
 +	from the previous (timed out) command.
 +      */
 +      c->bufstart = c->bufend;
      }
      c->TimedOut = 0;
    }
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: patched->closed 
State-Changed-By: brueffer 
State-Changed-When: Fri Feb 21 10:29:21 CET 2014 
State-Changed-Why:  
Merge to stable branches done.  Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=186530 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/186530: commit references a PR
Date: Fri, 21 Feb 2014 09:26:03 +0000 (UTC)

 Author: brueffer
 Date: Fri Feb 21 09:25:52 2014
 New Revision: 262287
 URL: http://svnweb.freebsd.org/changeset/base/262287
 
 Log:
   MFC: r261900
   
   In chat_UpdateSet(), initialize the input buffer to prevent stale data
   from previous timed out commands.
   
   PR:		186530
   Submitted by:	Alexander Zagrebin <alexz at visp.ru>
   Reviewed by:	brian
 
 Modified:
   stable/10/usr.sbin/ppp/chat.c
 Directory Properties:
   stable/10/   (props changed)
 
 Modified: stable/10/usr.sbin/ppp/chat.c
 ==============================================================================
 --- stable/10/usr.sbin/ppp/chat.c	Fri Feb 21 09:22:37 2014	(r262286)
 +++ stable/10/usr.sbin/ppp/chat.c	Fri Feb 21 09:25:52 2014	(r262287)
 @@ -154,6 +154,11 @@ chat_UpdateSet(struct fdescriptor *d, fd
      else {
        /* c->state = CHAT_EXPECT; */
        c->argptr = &arg_term;
 +      /*
 +	We have to clear the input buffer, because it contains output
 +	from the previous (timed out) command.
 +      */
 +      c->bufstart = c->bufend;
      }
      c->TimedOut = 0;
    }
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/186530: commit references a PR
Date: Fri, 21 Feb 2014 09:27:56 +0000 (UTC)

 Author: brueffer
 Date: Fri Feb 21 09:27:48 2014
 New Revision: 262289
 URL: http://svnweb.freebsd.org/changeset/base/262289
 
 Log:
   MFC: r261900
   
   In chat_UpdateSet(), initialize the input buffer to prevent stale data
   from previous timed out commands.
   
   PR:		186530
   Submitted by:	Alexander Zagrebin <alexz at visp.ru>
   Reviewed by:	brian
 
 Modified:
   stable/8/usr.sbin/ppp/chat.c
 Directory Properties:
   stable/8/usr.sbin/ppp/   (props changed)
 
 Modified: stable/8/usr.sbin/ppp/chat.c
 ==============================================================================
 --- stable/8/usr.sbin/ppp/chat.c	Fri Feb 21 09:26:51 2014	(r262288)
 +++ stable/8/usr.sbin/ppp/chat.c	Fri Feb 21 09:27:48 2014	(r262289)
 @@ -154,6 +154,11 @@ chat_UpdateSet(struct fdescriptor *d, fd
      else {
        /* c->state = CHAT_EXPECT; */
        c->argptr = &arg_term;
 +      /*
 +	We have to clear the input buffer, because it contains output
 +	from the previous (timed out) command.
 +      */
 +      c->bufstart = c->bufend;
      }
      c->TimedOut = 0;
    }
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/186530: commit references a PR
Date: Fri, 21 Feb 2014 09:27:09 +0000 (UTC)

 Author: brueffer
 Date: Fri Feb 21 09:26:51 2014
 New Revision: 262288
 URL: http://svnweb.freebsd.org/changeset/base/262288
 
 Log:
   MFC: r261900
   
   In chat_UpdateSet(), initialize the input buffer to prevent stale data
   from previous timed out commands.
   
   PR:		186530
   Submitted by:	Alexander Zagrebin <alexz at visp.ru>
   Reviewed by:	brian
 
 Modified:
   stable/9/usr.sbin/ppp/chat.c
 Directory Properties:
   stable/9/usr.sbin/ppp/   (props changed)
 
 Modified: stable/9/usr.sbin/ppp/chat.c
 ==============================================================================
 --- stable/9/usr.sbin/ppp/chat.c	Fri Feb 21 09:25:52 2014	(r262287)
 +++ stable/9/usr.sbin/ppp/chat.c	Fri Feb 21 09:26:51 2014	(r262288)
 @@ -154,6 +154,11 @@ chat_UpdateSet(struct fdescriptor *d, fd
      else {
        /* c->state = CHAT_EXPECT; */
        c->argptr = &arg_term;
 +      /*
 +	We have to clear the input buffer, because it contains output
 +	from the previous (timed out) command.
 +      */
 +      c->bufstart = c->bufend;
      }
      c->TimedOut = 0;
    }
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
>Unformatted:
