From martin@email.aon.at  Fri Feb  4 16:30:12 2005
Return-Path: <martin@email.aon.at>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 66D5116A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Fri,  4 Feb 2005 16:30:12 +0000 (GMT)
Received: from email.aon.at (warsl404pip7.highway.telekom.at [195.3.96.91])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2EE2843D46
	for <FreeBSD-gnats-submit@freebsd.org>; Fri,  4 Feb 2005 16:30:11 +0000 (GMT)
	(envelope-from martin@email.aon.at)
Received: (qmail 4656 invoked from network); 4 Feb 2005 16:30:09 -0000
Received: from m024p002.adsl.highway.telekom.at (HELO gandalf.xyzzy) ([62.47.170.226])
          (envelope-sender <martin@email.aon.at>)
          by smarthub02.highway.telekom.at (qmail-ldap-1.03) with SMTP
          for <FreeBSD-gnats-submit@freebsd.org>; 4 Feb 2005 16:30:09 -0000
Received: from gandalf.xyzzy (localhost.xyzzy [127.0.0.1])
	by gandalf.xyzzy (8.12.11/8.12.11) with ESMTP id j14GU8W5001635
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 4 Feb 2005 17:30:08 +0100 (CET)
	(envelope-from martin@gandalf.xyzzy)
Received: (from martin@localhost)
	by gandalf.xyzzy (8.12.11/8.12.11/Submit) id j14GU78R001634;
	Fri, 4 Feb 2005 17:30:07 +0100 (CET)
	(envelope-from martin)
Message-Id: <200502041630.j14GU78R001634@gandalf.xyzzy>
Date: Fri, 4 Feb 2005 17:30:07 +0100 (CET)
From: Martin Birgmeier <martin@email.aon.at>
Reply-To: Martin Birgmeier <martin@email.aon.at>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [patch] fixes to ppp dumping core when doing log/command substitutions
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         77104
>Category:       bin
>Synopsis:       [patch] fixes to ppp dumping core when doing log/command substitutions
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    brian
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Feb 04 16:30:17 GMT 2005
>Closed-Date:    Fri Feb 11 15:50:52 GMT 2005
>Last-Modified:  Fri Feb 11 15:50:52 GMT 2005
>Originator:     Martin Birgmeier
>Release:        FreeBSD 4.10-RELEASE i386
>Organization:
MBi at home
>Environment:
System: FreeBSD gandalf.xyzzy 4.10-RELEASE FreeBSD 4.10-RELEASE #0: Sun Jul 4 12:28:27 CEST 2004 root@gandalf.xyzzy:/d/6s4e/OBJ/FreeBSD/RELENG_4_10_0_RELEASE/src/sys/GANDALF i386

>Description:
	User ppp dumps core when using log substitutions

	In spite of what whoever is writing in
	http://www.freebsd.org/cgi/query-pr.cgi?pr=59995 at Mon Oct
	11 11:16:04 GMT 2004, the problem still persists, and the
	fix given there (and repeated here) for command.c is still
	valid and necessary for RELENG_4, RELENG_5, and HEAD.

	Hint: The reason why the fix is correct lies in the following
	line from command.c:

	    ntgt = realloc(tgt, ltgt += lnewstr - loldstr);

	Just think about it!

>How-To-Repeat:
	Start ppp; use logfile (or command) substitutions which expand the
	string (e.g., "HISADDR", which would be expanded to a string like
	"192.168.55.245")

>Fix:

*** usr.sbin/ppp/command.c.ORIG	Sat Dec  6 21:31:04 2003
--- usr.sbin/ppp/command.c	Sat Dec  6 21:32:06 2003
***************
*** 452,458 ****
        tgt = ntgt;
      }
      if (lnewstr > loldstr)
!       bcopy(word + loldstr, word + lnewstr, ltgt - pos - loldstr);
      bcopy(newstr, word, lnewstr);
    } while ((word = strstrword(word, oldstr)));
  
--- 452,458 ----
        tgt = ntgt;
      }
      if (lnewstr > loldstr)
!       bcopy(word + loldstr, word + lnewstr, ltgt - pos - lnewstr);
      bcopy(newstr, word, lnewstr);
    } while ((word = strstrword(word, oldstr)));
  

--
Martin Birgmeier

Vienna
Austria
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->brian 
Responsible-Changed-By: glebius 
Responsible-Changed-When: Sat Feb 5 19:35:52 GMT 2005 
Responsible-Changed-Why:  
Assign to ppp(8) maintainer. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=77104 
State-Changed-From-To: open->patched 
State-Changed-By: brian 
State-Changed-When: Tue Feb 8 10:30:50 GMT 2005 
State-Changed-Why:  
I've committed the fix to -current and will MFC in 3 days if there are no 
complaints. 
Thanks to the submitter for finding this! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=77104 
State-Changed-From-To: patched->closed 
State-Changed-By: brian 
State-Changed-When: Fri Feb 11 15:50:34 GMT 2005 
State-Changed-Why:  
This has now been committed to RELENG_5 

http://www.freebsd.org/cgi/query-pr.cgi?pr=77104 
>Unformatted:
