mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2025-01-11 17:04:19 +01:00
1e8ee278b6
When we get an EN8 response while we're already sending the file using the i protocol, this can happen: In send.c, flocal_send_await_reply() is called. This function calls flocal_send_fail() to process the aborted transfer. After this, we run into the branch that calls ffileseekend() to force the end of the actual transfer. Now flocal_send_fail() frees qtrans, but qtrans is still used later! I propose to fix this by moving the usfree_send(qtrans) out of flocal_send_fail(), as in the patch I append to this mail. ... I have found a race condition in the uucp 1.05 code. The typical result is that the connections mysteriously fails with "conversation failed", even while all files were transmitted. This is the problem: At least for the i protocol, the code to send a packet can receive and process packets after sending. In several places in the code, we send a command and then prepare to receive an answer. Now the answer might already arrive during the call that sends the command while we aren't ready to process it. The general solution is IMHO first to do all preparations and only as a last step to send out the command. Reviewed by: John Dyson Submitted by: Johannes Stille |
||
---|---|---|
.. | ||
uucp | ||
Makefile | ||
Makefile.inc |