From owner-freebsd-bugs Tue Nov 14 13:20:07 1995 Return-Path: owner-bugs Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id NAA14313 for bugs-outgoing; Tue, 14 Nov 1995 13:20:07 -0800 Received: from ibp.ibp.fr (ibp.ibp.fr [132.227.60.30]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id NAA14302 for ; Tue, 14 Nov 1995 13:20:01 -0800 Received: from blaise.ibp.fr (blaise.ibp.fr [132.227.60.1]) by ibp.ibp.fr (8.6.12/jtpda-5.0) with ESMTP id WAA21469 for ; Tue, 14 Nov 1995 22:19:52 +0100 Received: from (uucp@localhost) by blaise.ibp.fr (8.6.12/jtpda-5.0) with UUCP id WAA28768 for freebsd-bugs@FreeBSD.ORG; Tue, 14 Nov 1995 22:19:51 +0100 Received: (from roberto@localhost) by keltia.freenix.fr (8.7.1/keltia-uucp-2.6) id WAA08606 for freebsd-bugs@FreeBSD.ORG; Tue, 14 Nov 1995 22:17:47 +0100 (MET) From: Ollivier Robert Message-Id: <199511142117.WAA08606@keltia.freenix.fr> Subject: tftp client broken To: freebsd-bugs@FreeBSD.ORG (FreeBSD Bugs' list) Date: Tue, 14 Nov 1995 22:17:47 +0100 (MET) X-Operating-System: FreeBSD 2.2-CURRENT ctm#1327 X-Mailer: ELM [version 2.4 PL24 ME8b] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-bugs@FreeBSD.ORG Precedence: bulk Has anyone ever tried this on tftp: 359 [21:56] roberto@keltia:/tmp> tftp localhost warning: this program uses gets(), which is unsafe. tftp> c (to) Segmentation fault (core dumped) Reading tftp's code, it cannot run without coredumping. When in main.c, it analyzes the arguments, it calls setpeer() to set the hostname we'll connect to. Later, when you answer , it will call setpeer again but this time as there no argument, it will call gethostname(NULL) !! A friend of mine, playing with its Sun 3/80 as X-terminal call me about that. The tftp client's command handling is a mess... On a side note, it seems that our tftpd doesn't support the "-s" option to chroot() into... Here is the stack trace for tftp: Program received signal SIGSEGV, Segmentation fault. 0x12503 in strcasecmp () (gdb) where #0 0x12503 in strcasecmp () #1 0x4648 in _gethostbyhtname () #2 0x40e6 in gethostbyname () #3 0x1379 in setpeer (argc=1, argv=0x26170) at main.c:207 #4 0x2180 in command () at main.c:620 #5 0x1284 in main (argc=2, argv=0xefbfd504) at main.c:183 (gdb) frame 3 #3 0x1379 in setpeer (argc=1, argv=0x26170) at main.c:207 207 host = gethostbyname(argv[1]); (gdb) print argv[1] $1 = 0x0 (gdb) print argv $2 = (char **) 0x26170 (gdb) print argv[0] $3 = 0x261e8 "Connect" -- Ollivier ROBERT -=- The daemon is FREE! -=- roberto@keltia.frmug.fr.net FreeBSD keltia.freenix.fr 2.2-CURRENT #1: Sun Nov 12 16:47:05 MET 1995