Bug 12957

Summary: rpc.rusersd dumps core with signal 11 when receiving rusers command from HP-UX
Product: Base System Reporter: Andre Albsmeier <Andre.Albsmeier>
Component: binAssignee: freebsd-bugs (Nobody) <bugs>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 3.2-STABLE   
Hardware: Any   
OS: Any   

Description Andre Albsmeier 1999-08-04 10:30:01 UTC 
On the HP machine we run the "rusers" command. We see some output of
users being logged in at remote machines. After about 1 minute, rpc.rusersd
on the FreeBSD machine crashes with signal 11. This has been observed
on multiple FreeBSD machines. When "rusers" is being run on a FreeBSD
machine, everything works.

I don't know if the HP-UX rusers command does something wrong; however,
the daemon should not crash under FreeBSD.

Fix: 

Unknown. I can easily reproduce the problem, so if someone got fixes/patches
I will try them out happily. 

Here is the gdb session I ran on the corefile:

root@schlappy:/>gdb /usr/libexec/rpc.rusersd rpc.rusersd.core         
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd"...
Core was generated by `rpc.rusersd'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/lib/librpcsvc.so.2...done.
Reading symbols from /usr/lib/libutil.so.2...done.
Reading symbols from /usr/lib/libc.so.3...done.
Reading symbols from /usr/libexec/ld-elf.so.1...done.
#0  0x280cd97a in xdr_string () from /usr/lib/libc.so.3
(gdb) where
#0  0x280cd97a in xdr_string () from /usr/lib/libc.so.3
#1  0x28067540 in xdr_utmp () from /usr/lib/librpcsvc.so.2
#2  0x2806758f in xdr_utmpidle () from /usr/lib/librpcsvc.so.2
#3  0x280b8036 in xdr_array () from /usr/lib/libc.so.3
#4  0x2806763c in xdr_utmpidlearr () from /usr/lib/librpcsvc.so.2
#5  0x280c93ba in xdr_accepted_reply () from /usr/lib/libc.so.3
#6  0x280cd91c in xdr_union () from /usr/lib/libc.so.3
#7  0x280c94d4 in xdr_replymsg () from /usr/lib/libc.so.3
#8  0x280ab636 in svcudp_create () from /usr/lib/libc.so.3
#9  0x280abf27 in svc_sendreply () from /usr/lib/libc.so.3
#10 0x80491bc in rusers_service (rqstp=0xbfbfdc98, transp=0x804e000)
    at /src/src-3/libexec/rpc.rusersd/rusers_proc.c:388
#11 0x280ac3aa in svc_getreqset2 () from /usr/lib/libc.so.3
#12 0x28089690 in svc_run () from /usr/lib/libc.so.3
#13 0x8048c45 in main (argc=1, argv=0xbfbfdd54)
    at /src/src-3/libexec/rpc.rusersd/rusersd.c:109
#14 0x8048a3d in _start ()
How-To-Repeat: 
Set up a 3.2-STABLE machine with rpc.rusersd enabled. Issue a "rusers" command
on a HP-UX 10.20 machine which is attached to the same wire. Meanwhile, do a
"tail -f /var/log/messages" on the FreeBSD machine and wait.
Comment 1 Andre Albsmeier 2001-05-29 19:43:43 UTC 
This PR can be closed.

I can't reproduce the problem anymore.

	-Andre
Comment 2 Peter Pentchev freebsd_committer freebsd_triage 2001-05-29 19:52:11 UTC 
State Changed
From-To: open->closed

Closed at submitter's request.