Date: Mon, 25 Apr 2016 14:42:35 -0500 From: Tim Zingelman <zingelman@fnal.gov> To: Rustam <rustamabd@gmail.com> Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: Signal 11 dumps in telnetd (freebsd 10.3 release) Message-ID: <Pine.SOL.4.64.1604251437180.16065@nova.fnal.gov> In-Reply-To: <6c6961526afe4f8b947fa11d585befd3@BY2PR09MB0754.namprd09.prod.outlook.com> References: <6c6961526afe4f8b947fa11d585befd3@BY2PR09MB0754.namprd09.prod.outlook.com>
next in thread | previous in thread | raw e-mail | index | archive | help
---559023410-959030623-1461613355=:16065 Content-Type: text/plain; charset="US-ASCII"; format=flowed See if the attached patch helps. It applies cleanly to ports/security/krb5-appl, but may need adjustment for the base system telnetd. - Tim On Sun, 24 Apr 2016, Rustam wrote: > I got a couple of dozen dumps in /usr/libexec/telnetd (signal 11), and I'm > wondering what those could be. > > FreeBSD 10.3-RELEASE, built from source. > > Dump stack trace: > telrcv+333 > ttloop+7C > doit+1687 > main+64D > > Dump is at address 0x0000000000404713: > > .text:0004046E2 loc_4046E2: > .text:0004046E2 test byte ptr cs:diagnostic, 10h ; jumptable > 0004046DB cases 11,12 > .text:0004046E9 jz short loc_4046F7 > .text:0004046EB mov edi, offset fmt ; "td: recv IAC" > .text:0004046F0 mov esi, ebx ; option > .text:0004046F2 call printoption > .text:0004046F7 loc_4046F7: > .text:0004046F7 call ptyflush > .text:0004046FC call init_termbuf > .text:000404701 cmp ebx, 0F7h > .text:000404707 mov eax, 6199D8h > .text:00040470C cmovz rax, r14 > .text:000404710 mov rax, [rax] > .text:000404713 mov al, [rax] ; <========== Signal 11 HERE > .text:000404715 cmp al, 0FFh > .text:000404717 jz loc_40495A ; jumptable 0004046DB > default case > .text:00040471D mov rcx, cs:pfrontp > .text:000404724 lea rdx, [rcx+1] > .text:000404728 mov cs:pfrontp, rdx > .text:00040472F mov [rcx], al > .text:000404731 mov cs:telrcv_state, 0 > .text:00040473B jmp loc_4049A0 > > > Regards, > > Rustam > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > ---559023410-959030623-1461613355=:16065 Content-Type: text/plain; charset="US-ASCII"; name="patch-telnet__telnetd__state.c" Content-Transfer-Encoding: BASE64 Content-ID: <Pine.SOL.4.64.1604251442350.16065@nova.fnal.gov> Content-Description: Content-Disposition: attachment; filename="patch-telnet__telnetd__state.c" LS0tIHRlbG5ldC90ZWxuZXRkL3N0YXRlLmMub3JpZwkyMDE2LTAyLTE5IDE0 OjQ0OjU3LjAwMDAwMDAwMCAtMDYwMA0KKysrIHRlbG5ldC90ZWxuZXRkL3N0 YXRlLmMJMjAxNi0wMi0xOSAxNDo0Nzo0NC4wMDAwMDAwMDAgLTA2MDANCkBA IC0yMjcsMTYgKzIyNywxOCBAQA0KIAkJCWNhc2UgRUM6DQogCQkJY2FzZSBF TDoNCiAJCQkgICAgew0KLQkJCQljY190IGNoOw0KKwkJCQljY190IGNoID0g KGNjX3QpKF9QT1NJWF9WRElTQUJMRSk7DQogDQogCQkJCURJQUcoVERfT1BU SU9OUywNCiAJCQkJCXByaW50b3B0aW9uKCJ0ZDogcmVjdiBJQUMiLCBjKSk7 DQogCQkJCXB0eWZsdXNoKCk7CS8qIGhhbGYtaGVhcnRlZCAqLw0KIAkJCQlp bml0X3Rlcm1idWYoKTsNCiAJCQkJaWYgKGMgPT0gRUMpDQotCQkJCQljaCA9 ICpzbGN0YWJbU0xDX0VDXS5zcHRyOw0KKwkJCQkJaWYgKHNsY3RhYltTTENf RUNdLnNwdHIpDQorCQkJCQkgIGNoID0gKnNsY3RhYltTTENfRUNdLnNwdHI7 DQogCQkJCWVsc2UNCi0JCQkJCWNoID0gKnNsY3RhYltTTENfRUxdLnNwdHI7 DQorCQkJCQlpZiAoc2xjdGFiW1NMQ19FTF0uc3B0cikNCisJCQkJCSAgY2gg PSAqc2xjdGFiW1NMQ19FTF0uc3B0cjsNCiAJCQkJaWYgKGNoICE9IChjY190 KShfUE9TSVhfVkRJU0FCTEUpKQ0KIAkJCQkJKnBmcm9udHArKyA9ICh1bnNp Z25lZCBjaGFyKWNoOw0KIAkJCQlicmVhazsNCg== ---559023410-959030623-1461613355=:16065--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SOL.4.64.1604251437180.16065>