Hi all,
I was debugging a crash with the VTY and I am not fully understanding it but I
can easily reproduce it. The problem is triggered with the new VTY OML code
and here is what I know.
1.) we move from ENABLE_NODE to the OML node. and allocate memory
2.) when exiting the node we will free the data at vty->index.. and
set the pointer to NULL.
But I can easily produce a double free issue and this seems to be due.
cmd_execute_command:
1.) saves the vty->index to oindex and vty->node to onode
2.) tries calling vty_go_parent or such...
3.) tries more stuff...
4.) as stuff failed resets vty->index to oindex...
so the next exit command will do a double free... and the funny part is that
the code has one assumption everything > CONFIG_NODE is considered to be
config as well. This means that we should have two enum values in libosmovty,
one for Last_Enable, one for Last_Config and have enough space between them.
And the other part... maybe vty_go_parent should return CMD_SUCCESS?
thoughts?
[1] ./script | telnet localhost 4242 and see the bsc_hack/bsc_msc_io crash
#!/bin/sh
sleep 1
echo "enable"
sleep 1
echo "bts 0 oml class site-manager instance 0 0 0"
sleep 1
echo "end"
sleep 1
echo "bts 0 oml class site-manager instance 0 0 0"
sleep 1
echo "bts 0 oml class site-manager instance 0 0 0"
sleep 1
echo "exit"
sleep 1
echo "bts 0 oml class site-manager instance 0 0 0"
sleep 1
echo "end"
sleep 1
echo "exit"
sleep 1
echo "bts 0 oml class site-manager instance 0 0 0"
sleep 1
echo "enable"
sleep 1
echo "bts 0 oml class site-manager instance 0 0 0"
sleep 1
echo "bts 0 oml class site-manager instance 0 0 0"
sleep 1
echo "attribute get 0"
sleep 1
echo "bts 0 oml class site-manager instance 0 0 0"
sleep 1
echo "end"
sleep 1
echo "exit"
sleep 1
echo "bts 0 oml class site-manager instance 0 0 0"
sleep 1
echo "end"
sleep 1
echo "exit"
sleep 1
