From owner-freebsd-current@FreeBSD.ORG Wed Oct 14 00:35:07 2009 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E2FAF1065670 for ; Wed, 14 Oct 2009 00:35:07 +0000 (UTC) (envelope-from des@des.no) Received: from tim.des.no (tim.des.no [194.63.250.121]) by mx1.freebsd.org (Postfix) with ESMTP id A5BC18FC13 for ; Wed, 14 Oct 2009 00:35:07 +0000 (UTC) Received: from ds4.des.no (des.no [84.49.246.2]) by smtp.des.no (Postfix) with ESMTP id 8DEF66D41B; Wed, 14 Oct 2009 00:35:06 +0000 (UTC) Received: by ds4.des.no (Postfix, from userid 1001) id 4EF54844C2; Wed, 14 Oct 2009 02:35:06 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: d@delphij.net References: <4AD5073B.5030100@delphij.net> Date: Wed, 14 Oct 2009 02:35:06 +0200 In-Reply-To: <4AD5073B.5030100@delphij.net> (Xin LI's message of "Tue, 13 Oct 2009 16:03:23 -0700") Message-ID: <8663aiert1.fsf@ds4.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.95 (berkeley-unix) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Cc: FreeBSD Current Subject: Re: sftp broken? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Oct 2009 00:35:08 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Xin LI writes: > The backtrace shows that the access violation happen inside libc > (glob*) but I have not yet got a clue why this would ever happen. It's trying to dereference a NULL function pointer: (gdb) frame 1 #1 0x0000000800ef9920 in glob2 (pathbuf=3D0x7fffffff5660,=20 pathend=3D0x7fffffff56a8, pathend_last=3D0x7fffffff7658,=20 pattern=3D0x7fffffff76a8, pglob=3D0x7fffffffd8d0, limit=3D0x7fffffffd72= 0) at /usr/src/lib/libc/gen/glob.c:844 844 return((*pglob->gl_lstat)(buf, sb)); (gdb) p pglob $1 =3D (glob_t *) 0x7fffffffd8d0 (gdb) p *pglob $2 =3D {gl_pathc =3D 0, gl_matchc =3D 0, gl_offs =3D 0, gl_flags =3D 216,=20 gl_pathv =3D 0x0, gl_errfunc =3D 0, gl_closedir =3D 0x408bfb ,=20 gl_readdir =3D 0x408b50 , gl_opendir =3D 0x408b20 ,=20 gl_lstat =3D 0, gl_stat =3D 0x7fffffffda00} The problem is that OpenSSH wants to use its own version of glob(3), but we don't compile it or link it in, so it calls ours with a struct pglob that has the wrong layout. The attached patch should fix that, I will commit it when I've tested it more thoroughly. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename=openssh-glob.diff Index: crypto/openssh/ssh_namespace.h =================================================================== --- crypto/openssh/ssh_namespace.h (revision 197801) +++ crypto/openssh/ssh_namespace.h (working copy) @@ -223,6 +223,8 @@ #define get_u32 ssh_get_u32 #define get_u64 ssh_get_u64 #define getrrsetbyname ssh_getrrsetbyname +#define glob ssh_glob +#define globfree ssh_globfree #define host_hash ssh_host_hash #define hostfile_read_key ssh_hostfile_read_key #define hpdelim ssh_hpdelim Index: secure/lib/libssh/Makefile =================================================================== --- secure/lib/libssh/Makefile (revision 197801) +++ secure/lib/libssh/Makefile (working copy) @@ -19,7 +19,7 @@ # compiled directly into sshd instead. # Portability layer -SRCS+= bsd-misc.c fmt_scaled.c getrrsetbyname.c \ +SRCS+= bsd-misc.c fmt_scaled.c getrrsetbyname.c glob.c \ openssl-compat.c port-tun.c strtonum.c vis.c xcrypt.c xmmap.c # FreeBSD additions SRCS+= version.c --=-=-=--