"J.H.M. Dassen (Ray)" <[EMAIL PROTECTED]> writes:
> I've tried this with patches of my own applied (I've mailed them to Niels,
> and they'll hopefully be included in his next snapshot) on Linux/Intel,
> Linux/Alpha and Linux/PowerPC.
>
> Linux/Intel dies after Password check:
> Client version: SSH-2.0-lsh_0.0 lsh - a free ssh
> Server version: SSH-2.0-lshd_0.0 lsh - a free ssh
> handle_dh_reply()
> Recieved debug: Key exchange successful!
> Password for ray:
> Connection died, for reason 5.
> Connection died.
"reason 5" means protocol failure, i.e. probably the server sent a
message that the client couldn't decode. Running the client with -d
should dump all packets to stderr. Assuming that the error is not in
the transport layer, the last packet printed should be the packet
causing the problems (the bug could be in either the client or the
server).
> Linux/PowerPC gets a connection, but doesn't start a shell.
> Client:
> tervola jdassen 17:13 ~/lsh > ./lsh -v -p 4711 localhost
> Client version: SSH-2.0-lsh_0.0 lsh - a free ssh
> Server version: SSH-2.0-lshd_0.0 lsh - a free ssh
> handle_dh_reply()
> Recieved debug: Key exchange successful!
> Password for jdassen:
> User authentication successful.
> Garbage collecting while idle...
> Objects alive: 84, garbage collected: 46
> exec bash -i
> ls
> blaah
(i) break with ctrl-c; ctrl-d doesn't work]
> Server:
> tervola jdassen 17:09 ~/lsh > ./lshd -v -p 4711
> server_initiate()
> Client version: SSH-2.0-lsh_0.0 lsh - a free ssh
> handle_dh_init()
> Recieved debug: Key exchange successful!
(ii) Child 9134 died with exit code 0.
> Connection died, for reason 1.
Did (i) occur before (ii)? What did the configure test think about
your shutdown() function (On some linuxes, including 2.0.33 on sparc,
the shutdown() function doesn't work properly on AF_UNIX sockets. I
try to workaround this problem, but if that fails it may cause the
child process' stdin and stdout not to work).
Could you try #if 0'ing out the execle() call on line 168 of server.c,
to write a greeting to the client instead? If that works, then at
least stdout is working. (When debugging this, I used a shellscript as
login shell, and had this shell script do various things, like output
to stdin and stderr, output if id and env, etc, before starting a real
shell). You may also want to run the server with -d, to confirm that
the data and the EOF (when you press contrl-d) are really sent across
the channel.
WARNING: If you run lsh to log in with a real password, you should
obviously be CAREFUL about sharing the server's -d output, as one of
the packets will include the password.
> Linux/Alpha: both client and server dump core. The warnings I used
> (-Wall -Wpointer-arith -Wbad-function-cast -Wstrict-prototypes
> -Wmissing-prototypes -Wmissing-declarations -Wnested-externs
> -Wmissing-declarations -W -Wcast-qual -Wwrite-strings -Wcast-align)
> don't point to an obvious cause.
> Client:
> #0 0x15555923ca0 in memmove ()
> #1 0x1200116f0 in lsh_list_alloc (class=0x1201204b8, length=0,
> element_size=17179869220) at xalloc.c:171
> #2 0x1200116f0 in lsh_list_alloc (class=0x1201204b8, length=0,
> element_size=17179869220) at xalloc.c:171
This looks strange. There are two instances of the same stackframe
(lsh_list_alloc does *not* recurse or something like that), and the
element_size argument are ridiculous, as you note. The calls are
almost certainly instances of the macro
#define alloc_int_list(n) \
((struct int_list *) lsh_list_alloc(&CLASS(int_list), (n), sizeof(int)))
I would think that gdb is a little confused. I have one hypothesis,
for the crash, though: Underflow in the lines
struct list_header *lsh_list_alloc(struct lsh_class *class,
unsigned length, size_t
element_size)
{
struct list_header *list = xalloc(class->size
+ element_size * (length - 1));
if length is 0 and size_t is unsigned. Could you try this patch?
-------8<-----------
--- xalloc.c-orig Wed Dec 9 12:18:35 1998
+++ xalloc.c Mon Dec 14 10:32:55 1998
@@ -164,7 +164,8 @@
unsigned length, size_t
element_size)
{
struct list_header *list = xalloc(class->size
- + element_size * (length - 1));
+ + element_size * length
+ - element_size);
list->super.isa = class;
list->super.alloc_method = LSH_ALLOC_HEAP;
-----8<--------
Regards,
/Niels
PS. I haven't recieved your patches yet, so the above patches and line
numbers may not match yours perfectly.
