Menu
▾
▴
passwdsecure-devel
|
From: Harris, R. <ha...@ta...> - 2002-05-09 01:19:13
|
Hi Andrew,
Responses in line.
Richard.
-----Original Message-----
From: Andrew McGlashan [mailto:ae...@bi...]
Sent: Thursday, 9 May 2002 10:45 AM
To: Harris, Richard
Cc: Bill Lucas; Mario Piazzese
Subject: Fw: SEWL passwdsecure -- other note
Importance: High
Richard,
I have made this email high priority as SE Water has a number of uses that
will need to use the passwdsecure tool. Bill has even suggested that I be
listed as a maintainer to try to progress this quicker; I would really like
some more help.
<<<
I haven't got a problem making you a maintainer if you want.
>>>
Okay, I have looked at FILECMP again -- I broke it with my former MD5CHECK
works. I have since re-worked that but I still have some problems. The
FILEICMP looks okay after all, although I haven't actually tested it; I
didn't look at it closely enough to understand it before.
The problem I am having now with the re-worked FILECMP / MD5CHECK section
having been done has to do with the getPsinfo function; it is dropping out
without completing all checks. I don't know why it dumps out, but here is
the statement that is failing:
sizeRead = fread(buf+sizeReadTotal, 1, sizeof(psinfo_t)-sizeReadTotal,
fileinfo);
Other information (from the non-Linux code):
> Checking file types / sizes...
>
> int sizeRead /* always 336 if successful */
> int sizeReadTotal /* always 0 */
>
>
> unsigned char buf[sizeof(psinfo_t)]
>
Now it fails after a number of iterations. I did remove a single check from
one require group and it got through to an additional require group. I was
going to include the output file with the debug information, but I don't
have it with me right now. Let me know if you need it and I will endeavour
to get it to you.
<<<
When you say it fails, do you mean it crashes or it fails to read the info?
I think I might need the debug info to get a better picture of what is going
on.
>>>
I did adjust the following in the getPsinfo function:
from FILE* fileinfo;
to FILE *fileinfo;
I assume that was simply a typo.
<<<
In general you should always use
FILE* fileinfo;
rather than
FILE *fileinfo;
as it seperates the type from the variable name. The type is FILE* (a
pointer to a FILE) and the variable is fileinfo. This distinction is
not as clear in the second instance. They both compile to the same
code but most modern style guides will recomend you use the first version.
>>>
The change didn't help or seem to effect
anything. I also made sure that every fopen had an fclose; I thought that
maybe there were too many files open or something like that. Maybe there is
still something in this as it was quite late when I packed it in last night.
<<<
I was thinking that also, but it doesn't seem to be the case. The ideal
solution would be to "truss" the process (solaris command that traces
system calls) but this may be non-trivial as it will require a special
configuration file that lets the passwdsecure command be called from.
If we could get the truss output that would probably point us in the
right direction.
>>>
The Makefile in the attached source has a DEBUG entry added to the CFLAGS
line, so it always makes the debug version for now. My 'do_conf' doesn't
include the MD5 directory, however, it uses the found OpenSSL libraries and
thus the configure defines USE_MD5.
AndrewM
Andrew McGlashan AACS
Director
Mobile: 04 2574 1827
Affinity Vision Australia Pty Ltd
ABN 91 099 273 855
This message contains privileged and confidential information intended only
for the use of the addressee named above. If you are not the intended
recipient of this message you are hereby notified that you must not
disseminate, copy or take any action in reliance on it. If you have
received this message in error please notify Affinity Vision Australia Pty
Ltd at ae...@bi... Any views expressed in this message are those of the
individual sender, except where the sender specifically states them to be
the views of Affinity Vision Australia Pty Ltd
----- Original Message -----
From: <And...@se...>
To: <ae...@bi...>
Sent: Thursday, May 09, 2002 1:12 AM
Subject: SEWL passwdsecure -- other note
>
> The following statement fails consistently for unknown reasons.....,
> but only after so many reads...
>
> sizeRead = fread(buf+sizeReadTotal, 1, sizeof(psinfo_t)-sizeReadTotal,
> fileinfo);
>
>
> Checking file types / sizes...
>
> int sizeRead /* always 336 if successful */
> int sizeReadTotal /* always 0 */
>
>
> unsigned char buf[sizeof(psinfo_t)]
>
***********************************************************************************
The information in this e-mail message and any files transmitted with it
are intended to be confidential and for the use of only the individual or
entity to whom they are addressed. The message and files may be
protected by legal professional privilege, or other legal rules. The
confidentiality of and privilege applying to this message and
files is not waived if this message or files has been sent to you by mistake.
If the reader of this message or files is not the intended recipient, you are
notified that retention, distribution or copying of this message and files are
strictly prohibited. If you receive this message or files in error, please
notify us immediately by telephone or return e-mail and delete all copies
from your computer system. It is the recipient's responsibility to check this
message and files for viruses.
Thank you.
***********************************************************************************
|
|
From: Harris, R. <ha...@ta...> - 2002-05-09 02:02:49
|
Andrew, To become an admin go to http://sourceforge.net/account/register.php and create yourself an account. I'll add you to the project and give you admin privilages. To truss it probably won't be as easy as replacing passwdsecure.debug with a shell script as that will break your rules if there is an extra shell script and a truss call in the program chain. What might be easier is to add a sleep at the start of passwdsecure.debug so you can work out what the pid is by doing a "ps -ef" and then call "truss -f -p PID" from another window. Richard -----Original Message----- From: Andrew McGlashan [mailto:ae...@bi...] Sent: Thursday, 9 May 2002 11:31 AM To: Harris, Richard Cc: Bill Lucas; Mario Piazzese; pas...@li... Subject: Re: SEWL passwdsecure -- other note Richard, I wouldn't mind being a maintainer; is there some further info on how this works? I have a fprintf immediately before the read and immediately after, only the former prints when the program drops out. I will have a look at using truss to get some more info; it will not be trivial to set it up with my current rules in place though; I might be able to do this with a simple shell script replacing my 'passwdsecure.debug' and calling a new name for the actual passwdsecure program. AndrewM Andrew McGlashan AACS Director Mobile: 04 2574 1827 Affinity Vision Australia Pty Ltd ABN 91 099 273 855 This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you are hereby notified that you must not disseminate, copy or take any action in reliance on it. If you have received this message in error please notify Affinity Vision Australia Pty Ltd at ae...@bi... Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Affinity Vision Australia Pty Ltd ----- Original Message ----- From: "Harris, Richard" <ha...@ta...> To: "'Andrew McGlashan'" <ae...@bi...>; "Harris, Richard" <ha...@ta...> Cc: "Bill Lucas" <bil...@se...>; "Mario Piazzese" <Mar...@se...>; <pas...@li...> Sent: Thursday, May 09, 2002 11:11 AM Subject: RE: SEWL passwdsecure -- other note > Hi Andrew, > > Responses in line. > > Richard. > > -----Original Message----- > From: Andrew McGlashan [mailto:ae...@bi...] > Sent: Thursday, 9 May 2002 10:45 AM > To: Harris, Richard > Cc: Bill Lucas; Mario Piazzese > Subject: Fw: SEWL passwdsecure -- other note > Importance: High > > > Richard, > > I have made this email high priority as SE Water has a number of uses that > will need to use the passwdsecure tool. Bill has even suggested that I be > listed as a maintainer to try to progress this quicker; I would really like > some more help. > > <<< > > I haven't got a problem making you a maintainer if you want. > > >>> > > Okay, I have looked at FILECMP again -- I broke it with my former MD5CHECK > works. I have since re-worked that but I still have some problems. The > FILEICMP looks okay after all, although I haven't actually tested it; I > didn't look at it closely enough to understand it before. > > The problem I am having now with the re-worked FILECMP / MD5CHECK section > having been done has to do with the getPsinfo function; it is dropping out > without completing all checks. I don't know why it dumps out, but here is > the statement that is failing: > > sizeRead = fread(buf+sizeReadTotal, 1, sizeof(psinfo_t)-sizeReadTotal, > fileinfo); > > Other information (from the non-Linux code): > > Checking file types / sizes... > > > > int sizeRead /* always 336 if successful */ > > int sizeReadTotal /* always 0 */ > > > > > > unsigned char buf[sizeof(psinfo_t)] > > > > Now it fails after a number of iterations. I did remove a single check from > one require group and it got through to an additional require group. I was > going to include the output file with the debug information, but I don't > have it with me right now. Let me know if you need it and I will endeavour > to get it to you. > > <<< > > When you say it fails, do you mean it crashes or it fails to read the info? > > I think I might need the debug info to get a better picture of what is going > on. > > >>> > > I did adjust the following in the getPsinfo function: > from FILE* fileinfo; > to FILE *fileinfo; > I assume that was simply a typo. > > <<< > In general you should always use > FILE* fileinfo; > rather than > FILE *fileinfo; > as it seperates the type from the variable name. The type is FILE* (a > pointer to a FILE) and the variable is fileinfo. This distinction is > not as clear in the second instance. They both compile to the same > code but most modern style guides will recomend you use the first version. > >>> > > > The change didn't help or seem to effect > anything. I also made sure that every fopen had an fclose; I thought that > maybe there were too many files open or something like that. Maybe there is > still something in this as it was quite late when I packed it in last night. > > <<< > > I was thinking that also, but it doesn't seem to be the case. The ideal > solution would be to "truss" the process (solaris command that traces > system calls) but this may be non-trivial as it will require a special > configuration file that lets the passwdsecure command be called from. > > If we could get the truss output that would probably point us in the > right direction. > > >>> > > The Makefile in the attached source has a DEBUG entry added to the CFLAGS > line, so it always makes the debug version for now. My 'do_conf' doesn't > include the MD5 directory, however, it uses the found OpenSSL libraries and > thus the configure defines USE_MD5. > > AndrewM > > Andrew McGlashan AACS > Director > > Mobile: 04 2574 1827 > > Affinity Vision Australia Pty Ltd > ABN 91 099 273 855 > > This message contains privileged and confidential information intended only > for the use of the addressee named above. If you are not the intended > recipient of this message you are hereby notified that you must not > disseminate, copy or take any action in reliance on it. If you have > received this message in error please notify Affinity Vision Australia Pty > Ltd at ae...@bi... Any views expressed in this message are those of the > individual sender, except where the sender specifically states them to be > the views of Affinity Vision Australia Pty Ltd > > ----- Original Message ----- > From: <And...@se...> > To: <ae...@bi...> > Sent: Thursday, May 09, 2002 1:12 AM > Subject: SEWL passwdsecure -- other note > > > > > > The following statement fails consistently for unknown reasons....., > > but only after so many reads... > > > > sizeRead = fread(buf+sizeReadTotal, 1, sizeof(psinfo_t)-sizeReadTotal, > > fileinfo); > > > > > > Checking file types / sizes... > > > > int sizeRead /* always 336 if successful */ > > int sizeReadTotal /* always 0 */ > > > > > > unsigned char buf[sizeof(psinfo_t)] > > > > > **************************************************************************** ******* > The information in this e-mail message and any files transmitted with it > are intended to be confidential and for the use of only the individual or > entity to whom they are addressed. The message and files may be > protected by legal professional privilege, or other legal rules. The > confidentiality of and privilege applying to this message and > files is not waived if this message or files has been sent to you by mistake. > If the reader of this message or files is not the intended recipient, you are > notified that retention, distribution or copying of this message and files are > strictly prohibited. If you receive this message or files in error, please > notify us immediately by telephone or return e-mail and delete all copies > from your computer system. It is the recipient's responsibility to check this > message and files for viruses. > > Thank you. > **************************************************************************** ******* > > ******************************************************* PLEASE NOTE: This internet email message has been checked for viruses and appropriate content to ensure it complies with TABCORP's electronic communication policy. ******************************************************* *********************************************************************************** The information in this e-mail message and any files transmitted with it are intended to be confidential and for the use of only the individual or entity to whom they are addressed. The message and files may be protected by legal professional privilege, or other legal rules. The confidentiality of and privilege applying to this message and files is not waived if this message or files has been sent to you by mistake. If the reader of this message or files is not the intended recipient, you are notified that retention, distribution or copying of this message and files are strictly prohibited. If you receive this message or files in error, please notify us immediately by telephone or return e-mail and delete all copies from your computer system. It is the recipient's responsibility to check this message and files for viruses. Thank you. *********************************************************************************** |
|
From: Harris, R. <ha...@ta...> - 2002-05-10 05:26:22
|
Hi Andrew,
Looking at the truss output the problem seem symtematic of a buffer overrun
or a stray pointer being accessed. I've had a look at authprocess.c and
found a couple of strong contenders.
You've changed the way MD5File works so it returns the MD5 data as a hex
string, rather than the raw MD5 data. I assume you've done this for the
purposes of debugging so you can see the checksum more easily. You've made
a few mistakes in doing this.
Firstly, in MD5File (if the digest is calculated correctly) you return
buffer2, unfortunately buffer2 is on the stack so as soon as you return from
MD5File the memory where you are pointing to will no longer exist. Later on
you then call free on the returned value, this will cause all sorts of
confusion! Also digest is being created on the heap but you don't return a
pointer to it so it creates a memory leak.
To do it your way MD5File should be:
#ifdef USE_MD5
char* MD5File(char* filename)
{
FILE* file;
if ((file = fopen (filename, "rb")) == NULL)
{
#ifdef DEBUG
fprintf(stderr, "Problem opening file: %s ...\n", filename);
#endif
return (char*)NULL;
}
else {
MD5_CTX context;
int len;
unsigned char buffer[1024];
unsigned char digest[16];
unsigned int i;
char* hexStringDigest;
MD5Init (&context);
while (len = fread (buffer, 1, 1024, file))
MD5Update (&context, buffer, len);
MD5Final (digest, &context);
fclose (file);
/* 33 chars, 32 for hexString, and 1 for NULL */
hexStringDigest = (char*)malloc(sizeof(char)*33);
checkMalloc((void*)hexStringDigest);
for (i = 0; i < 16; i++)
{
sprintf(hexStringDigest + i*2, "%02x", digest[i] );
}
return hexStringDigest;
}
}
#endif
I havn't got a machine to compile this on to test but it looks all right.
The other big problem is with md5thusfar. At line 144 you define md5thusfar
as a char* and then (at line 220) you call strncpy to it before it is
initialised. It might be pointing at anything at this stage.
You need to change line 220 from:
strncpy(md5thusfar, file[0], 32);
to:
md5thusfar = (char*)malloc(sizeof(char)*33);
checkMalloc((void*)md5thusfar);
strncpy(md5thusfar, file[0], 32);
md5thusfar[32] = '\0';
Note the last line, if file[0] is 32 or more characters long then md5thusfar
won't finish with a null, so trouble will ensue.
That's all of the problems I can see in authprocess.c at the moment. If you
fix those problems you should be in with a much better shot of getting it to
work.
Regards,
Richard
PS: As a formatting point when you have something like:
<tab>func(first_arg,
<tab> second_arg);
You shouldn't change it to
<tab>func(first_arg,
<tab><tab>second_arg);
As the arguments won't line up if someone is using different sized tab
stops. You should always tab to specify indents and space to line up a
command the spreads multiple lines. The same applies for if/while
conditions and for statements.
PPS: I've made you an admin of the sourceforge project.
-----Original Message-----
From: Andrew McGlashan [mailto:ae...@bi...]
Sent: Thursday, 9 May 2002 10:45 AM
To: Harris, Richard
Cc: Bill Lucas; Mario Piazzese
Subject: Fw: SEWL passwdsecure -- other note
Importance: High
Richard,
I have made this email high priority as SE Water has a number of uses that
will need to use the passwdsecure tool. Bill has even suggested that I be
listed as a maintainer to try to progress this quicker; I would really like
some more help.
Okay, I have looked at FILECMP again -- I broke it with my former MD5CHECK
works. I have since re-worked that but I still have some problems. The
FILEICMP looks okay after all, although I haven't actually tested it; I
didn't look at it closely enough to understand it before.
The problem I am having now with the re-worked FILECMP / MD5CHECK section
having been done has to do with the getPsinfo function; it is dropping out
without completing all checks. I don't know why it dumps out, but here is
the statement that is failing:
sizeRead = fread(buf+sizeReadTotal, 1, sizeof(psinfo_t)-sizeReadTotal,
fileinfo);
Other information (from the non-Linux code):
> Checking file types / sizes...
>
> int sizeRead /* always 336 if successful */
> int sizeReadTotal /* always 0 */
>
>
> unsigned char buf[sizeof(psinfo_t)]
>
Now it fails after a number of iterations. I did remove a single check from
one require group and it got through to an additional require group. I was
going to include the output file with the debug information, but I don't
have it with me right now. Let me know if you need it and I will endeavour
to get it to you.
I did adjust the following in the getPsinfo function:
from FILE* fileinfo;
to FILE *fileinfo;
I assume that was simply a typo. The change didn't help or seem to effect
anything. I also made sure that every fopen had an fclose; I thought that
maybe there were too many files open or something like that. Maybe there is
still something in this as it was quite late when I packed it in last night.
The Makefile in the attached source has a DEBUG entry added to the CFLAGS
line, so it always makes the debug version for now. My 'do_conf' doesn't
include the MD5 directory, however, it uses the found OpenSSL libraries and
thus the configure defines USE_MD5.
AndrewM
Andrew McGlashan AACS
Director
Mobile: 04 2574 1827
Affinity Vision Australia Pty Ltd
ABN 91 099 273 855
This message contains privileged and confidential information intended only
for the use of the addressee named above. If you are not the intended
recipient of this message you are hereby notified that you must not
disseminate, copy or take any action in reliance on it. If you have
received this message in error please notify Affinity Vision Australia Pty
Ltd at ae...@bi... Any views expressed in this message are those of the
individual sender, except where the sender specifically states them to be
the views of Affinity Vision Australia Pty Ltd
----- Original Message -----
From: <And...@se...>
To: <ae...@bi...>
Sent: Thursday, May 09, 2002 1:12 AM
Subject: SEWL passwdsecure -- other note
>
> The following statement fails consistently for unknown reasons.....,
> but only after so many reads...
>
> sizeRead = fread(buf+sizeReadTotal, 1, sizeof(psinfo_t)-sizeReadTotal,
> fileinfo);
>
>
> Checking file types / sizes...
>
> int sizeRead /* always 336 if successful */
> int sizeReadTotal /* always 0 */
>
>
> unsigned char buf[sizeof(psinfo_t)]
>
***********************************************************************************
The information in this e-mail message and any files transmitted with it
are intended to be confidential and for the use of only the individual or
entity to whom they are addressed. The message and files may be
protected by legal professional privilege, or other legal rules. The
confidentiality of and privilege applying to this message and
files is not waived if this message or files has been sent to you by mistake.
If the reader of this message or files is not the intended recipient, you are
notified that retention, distribution or copying of this message and files are
strictly prohibited. If you receive this message or files in error, please
notify us immediately by telephone or return e-mail and delete all copies
from your computer system. It is the recipient's responsibility to check this
message and files for viruses.
Thank you.
***********************************************************************************
|
|
From: Andrew M. <ae...@bi...> - 2002-05-10 07:11:26
Attachments:
readconfig.c
authprocess.c
|
Updated .c files attached
Richard,
Thanks for your input. I have added an extra line to your supplied MD5File
function. After the 16 unsigned chars have been placed as 32 string chars
(0-31), I added the string terminator char to array position 32 as follows:
hexStringDigest[32] = '\0';
Regards
AndrewM
Andrew McGlashan AACS
Director
Mobile: 04 2574 1827
Affinity Vision Australia Pty Ltd
ABN 91 099 273 855
This message contains privileged and confidential information intended only
for the use of the addressee named above. If you are not the intended
recipient of this message you are hereby notified that you must not
disseminate, copy or take any action in reliance on it. If you have
received this message in error please notify Affinity Vision Australia Pty
Ltd at ae...@bi... Any views expressed in this message are those of the
individual sender, except where the sender specifically states them to be
the views of Affinity Vision Australia Pty Ltd
----- Original Message -----
From: "Harris, Richard" <ha...@ta...>
To: "'Andrew McGlashan'" <ae...@bi...>; "Harris, Richard"
<ha...@ta...>
Cc: "Bill Lucas" <bil...@se...>; "Mario Piazzese"
<Mar...@se...>; <pas...@li...>
Sent: Friday, May 10, 2002 3:18 PM
Subject: RE: SEWL passwdsecure -- other note
> Hi Andrew,
>
> Looking at the truss output the problem seem symtematic of a buffer
overrun
> or a stray pointer being accessed. I've had a look at authprocess.c and
> found a couple of strong contenders.
>
> You've changed the way MD5File works so it returns the MD5 data as a hex
> string, rather than the raw MD5 data. I assume you've done this for the
> purposes of debugging so you can see the checksum more easily. You've
made
> a few mistakes in doing this.
>
> Firstly, in MD5File (if the digest is calculated correctly) you return
> buffer2, unfortunately buffer2 is on the stack so as soon as you return
from
> MD5File the memory where you are pointing to will no longer exist. Later
on
> you then call free on the returned value, this will cause all sorts of
> confusion! Also digest is being created on the heap but you don't return
a
> pointer to it so it creates a memory leak.
>
> To do it your way MD5File should be:
>
> #ifdef USE_MD5
> char* MD5File(char* filename)
> {
> FILE* file;
> if ((file = fopen (filename, "rb")) == NULL)
> {
>
> #ifdef DEBUG
> fprintf(stderr, "Problem opening file: %s ...\n", filename);
> #endif
>
> return (char*)NULL;
> }
> else {
> MD5_CTX context;
> int len;
> unsigned char buffer[1024];
> unsigned char digest[16];
> unsigned int i;
> char* hexStringDigest;
>
> MD5Init (&context);
> while (len = fread (buffer, 1, 1024, file))
> MD5Update (&context, buffer, len);
> MD5Final (digest, &context);
>
> fclose (file);
>
> /* 33 chars, 32 for hexString, and 1 for NULL */
> hexStringDigest = (char*)malloc(sizeof(char)*33);
> checkMalloc((void*)hexStringDigest);
>
> for (i = 0; i < 16; i++)
> {
> sprintf(hexStringDigest + i*2, "%02x", digest[i] );
> }
>
> return hexStringDigest;
> }
> }
> #endif
>
> I havn't got a machine to compile this on to test but it looks all right.
>
> The other big problem is with md5thusfar. At line 144 you define
md5thusfar
> as a char* and then (at line 220) you call strncpy to it before it is
> initialised. It might be pointing at anything at this stage.
>
> You need to change line 220 from:
> strncpy(md5thusfar, file[0], 32);
> to:
> md5thusfar = (char*)malloc(sizeof(char)*33);
> checkMalloc((void*)md5thusfar);
> strncpy(md5thusfar, file[0], 32);
> md5thusfar[32] = '\0';
>
> Note the last line, if file[0] is 32 or more characters long then
md5thusfar
> won't finish with a null, so trouble will ensue.
>
> That's all of the problems I can see in authprocess.c at the moment. If
you
> fix those problems you should be in with a much better shot of getting it
to
> work.
>
> Regards,
> Richard
>
> PS: As a formatting point when you have something like:
> <tab>func(first_arg,
> <tab> second_arg);
> You shouldn't change it to
> <tab>func(first_arg,
> <tab><tab>second_arg);
> As the arguments won't line up if someone is using different sized tab
> stops. You should always tab to specify indents and space to line up a
> command the spreads multiple lines. The same applies for if/while
> conditions and for statements.
>
> PPS: I've made you an admin of the sourceforge project.
>
>
> -----Original Message-----
> From: Andrew McGlashan [mailto:ae...@bi...]
> Sent: Thursday, 9 May 2002 10:45 AM
> To: Harris, Richard
> Cc: Bill Lucas; Mario Piazzese
> Subject: Fw: SEWL passwdsecure -- other note
> Importance: High
>
>
> Richard,
>
> I have made this email high priority as SE Water has a number of uses that
> will need to use the passwdsecure tool. Bill has even suggested that I be
> listed as a maintainer to try to progress this quicker; I would really
like
> some more help.
>
> Okay, I have looked at FILECMP again -- I broke it with my former MD5CHECK
> works. I have since re-worked that but I still have some problems. The
> FILEICMP looks okay after all, although I haven't actually tested it; I
> didn't look at it closely enough to understand it before.
>
> The problem I am having now with the re-worked FILECMP / MD5CHECK section
> having been done has to do with the getPsinfo function; it is dropping out
> without completing all checks. I don't know why it dumps out, but here is
> the statement that is failing:
>
> sizeRead = fread(buf+sizeReadTotal, 1, sizeof(psinfo_t)-sizeReadTotal,
> fileinfo);
>
> Other information (from the non-Linux code):
> > Checking file types / sizes...
> >
> > int sizeRead /* always 336 if successful */
> > int sizeReadTotal /* always 0 */
> >
> >
> > unsigned char buf[sizeof(psinfo_t)]
> >
>
> Now it fails after a number of iterations. I did remove a single check
from
> one require group and it got through to an additional require group. I
was
> going to include the output file with the debug information, but I don't
> have it with me right now. Let me know if you need it and I will
endeavour
> to get it to you.
>
> I did adjust the following in the getPsinfo function:
> from FILE* fileinfo;
> to FILE *fileinfo;
> I assume that was simply a typo. The change didn't help or seem to effect
> anything. I also made sure that every fopen had an fclose; I thought that
> maybe there were too many files open or something like that. Maybe there
is
> still something in this as it was quite late when I packed it in last
night.
>
> The Makefile in the attached source has a DEBUG entry added to the CFLAGS
> line, so it always makes the debug version for now. My 'do_conf' doesn't
> include the MD5 directory, however, it uses the found OpenSSL libraries
and
> thus the configure defines USE_MD5.
>
> AndrewM
>
> Andrew McGlashan AACS
> Director
>
> Mobile: 04 2574 1827
>
> Affinity Vision Australia Pty Ltd
> ABN 91 099 273 855
>
> This message contains privileged and confidential information intended
only
> for the use of the addressee named above. If you are not the intended
> recipient of this message you are hereby notified that you must not
> disseminate, copy or take any action in reliance on it. If you have
> received this message in error please notify Affinity Vision Australia Pty
> Ltd at ae...@bi... Any views expressed in this message are those of
the
> individual sender, except where the sender specifically states them to be
> the views of Affinity Vision Australia Pty Ltd
>
> ----- Original Message -----
> From: <And...@se...>
> To: <ae...@bi...>
> Sent: Thursday, May 09, 2002 1:12 AM
> Subject: SEWL passwdsecure -- other note
>
>
> >
> > The following statement fails consistently for unknown reasons.....,
> > but only after so many reads...
> >
> > sizeRead = fread(buf+sizeReadTotal, 1, sizeof(psinfo_t)-sizeReadTotal,
> > fileinfo);
> >
> >
> > Checking file types / sizes...
> >
> > int sizeRead /* always 336 if successful */
> > int sizeReadTotal /* always 0 */
> >
> >
> > unsigned char buf[sizeof(psinfo_t)]
> >
>
>
>
****************************************************************************
*******
> The information in this e-mail message and any files transmitted with it
> are intended to be confidential and for the use of only the individual or
> entity to whom they are addressed. The message and files may be
> protected by legal professional privilege, or other legal rules. The
> confidentiality of and privilege applying to this message and
> files is not waived if this message or files has been sent to you by
mistake.
> If the reader of this message or files is not the intended recipient, you
are
> notified that retention, distribution or copying of this message and files
are
> strictly prohibited. If you receive this message or files in error,
please
> notify us immediately by telephone or return e-mail and delete all copies
> from your computer system. It is the recipient's responsibility to check
this
> message and files for viruses.
>
> Thank you.
>
****************************************************************************
*******
>
|
|
From: Harris, R. <ha...@ta...> - 2002-05-10 07:15:58
|
Hi Andrew,
Is it working now?
The sprintf will put the '\0' on the end of hexStringDigit for you but I
guess it doesn't hurt to do it explicitly.
Richard
-----Original Message-----
From: Andrew McGlashan [mailto:ae...@bi...]
Sent: Friday, 10 May 2002 5:08 PM
To: Harris, Richard
Cc: pas...@li...; Mario Piazzese; Bill Lucas
Subject: Re: SEWL passwdsecure -- other note
Updated .c files attached
Richard,
Thanks for your input. I have added an extra line to your supplied MD5File
function. After the 16 unsigned chars have been placed as 32 string chars
(0-31), I added the string terminator char to array position 32 as follows:
hexStringDigest[32] = '\0';
Regards
AndrewM
Andrew McGlashan AACS
Director
Mobile: 04 2574 1827
Affinity Vision Australia Pty Ltd
ABN 91 099 273 855
This message contains privileged and confidential information intended only
for the use of the addressee named above. If you are not the intended
recipient of this message you are hereby notified that you must not
disseminate, copy or take any action in reliance on it. If you have
received this message in error please notify Affinity Vision Australia Pty
Ltd at ae...@bi... Any views expressed in this message are those of the
individual sender, except where the sender specifically states them to be
the views of Affinity Vision Australia Pty Ltd
----- Original Message -----
From: "Harris, Richard" <ha...@ta...>
To: "'Andrew McGlashan'" <ae...@bi...>; "Harris, Richard"
<ha...@ta...>
Cc: "Bill Lucas" <bil...@se...>; "Mario Piazzese"
<Mar...@se...>; <pas...@li...>
Sent: Friday, May 10, 2002 3:18 PM
Subject: RE: SEWL passwdsecure -- other note
> Hi Andrew,
>
> Looking at the truss output the problem seem symtematic of a buffer
overrun
> or a stray pointer being accessed. I've had a look at authprocess.c and
> found a couple of strong contenders.
>
> You've changed the way MD5File works so it returns the MD5 data as a hex
> string, rather than the raw MD5 data. I assume you've done this for the
> purposes of debugging so you can see the checksum more easily. You've
made
> a few mistakes in doing this.
>
> Firstly, in MD5File (if the digest is calculated correctly) you return
> buffer2, unfortunately buffer2 is on the stack so as soon as you return
from
> MD5File the memory where you are pointing to will no longer exist. Later
on
> you then call free on the returned value, this will cause all sorts of
> confusion! Also digest is being created on the heap but you don't return
a
> pointer to it so it creates a memory leak.
>
> To do it your way MD5File should be:
>
> #ifdef USE_MD5
> char* MD5File(char* filename)
> {
> FILE* file;
> if ((file = fopen (filename, "rb")) == NULL)
> {
>
> #ifdef DEBUG
> fprintf(stderr, "Problem opening file: %s ...\n", filename);
> #endif
>
> return (char*)NULL;
> }
> else {
> MD5_CTX context;
> int len;
> unsigned char buffer[1024];
> unsigned char digest[16];
> unsigned int i;
> char* hexStringDigest;
>
> MD5Init (&context);
> while (len = fread (buffer, 1, 1024, file))
> MD5Update (&context, buffer, len);
> MD5Final (digest, &context);
>
> fclose (file);
>
> /* 33 chars, 32 for hexString, and 1 for NULL */
> hexStringDigest = (char*)malloc(sizeof(char)*33);
> checkMalloc((void*)hexStringDigest);
>
> for (i = 0; i < 16; i++)
> {
> sprintf(hexStringDigest + i*2, "%02x", digest[i] );
> }
>
> return hexStringDigest;
> }
> }
> #endif
>
> I havn't got a machine to compile this on to test but it looks all right.
>
> The other big problem is with md5thusfar. At line 144 you define
md5thusfar
> as a char* and then (at line 220) you call strncpy to it before it is
> initialised. It might be pointing at anything at this stage.
>
> You need to change line 220 from:
> strncpy(md5thusfar, file[0], 32);
> to:
> md5thusfar = (char*)malloc(sizeof(char)*33);
> checkMalloc((void*)md5thusfar);
> strncpy(md5thusfar, file[0], 32);
> md5thusfar[32] = '\0';
>
> Note the last line, if file[0] is 32 or more characters long then
md5thusfar
> won't finish with a null, so trouble will ensue.
>
> That's all of the problems I can see in authprocess.c at the moment. If
you
> fix those problems you should be in with a much better shot of getting it
to
> work.
>
> Regards,
> Richard
>
> PS: As a formatting point when you have something like:
> <tab>func(first_arg,
> <tab> second_arg);
> You shouldn't change it to
> <tab>func(first_arg,
> <tab><tab>second_arg);
> As the arguments won't line up if someone is using different sized tab
> stops. You should always tab to specify indents and space to line up a
> command the spreads multiple lines. The same applies for if/while
> conditions and for statements.
>
> PPS: I've made you an admin of the sourceforge project.
>
>
> -----Original Message-----
> From: Andrew McGlashan [mailto:ae...@bi...]
> Sent: Thursday, 9 May 2002 10:45 AM
> To: Harris, Richard
> Cc: Bill Lucas; Mario Piazzese
> Subject: Fw: SEWL passwdsecure -- other note
> Importance: High
>
>
> Richard,
>
> I have made this email high priority as SE Water has a number of uses that
> will need to use the passwdsecure tool. Bill has even suggested that I be
> listed as a maintainer to try to progress this quicker; I would really
like
> some more help.
>
> Okay, I have looked at FILECMP again -- I broke it with my former MD5CHECK
> works. I have since re-worked that but I still have some problems. The
> FILEICMP looks okay after all, although I haven't actually tested it; I
> didn't look at it closely enough to understand it before.
>
> The problem I am having now with the re-worked FILECMP / MD5CHECK section
> having been done has to do with the getPsinfo function; it is dropping out
> without completing all checks. I don't know why it dumps out, but here is
> the statement that is failing:
>
> sizeRead = fread(buf+sizeReadTotal, 1, sizeof(psinfo_t)-sizeReadTotal,
> fileinfo);
>
> Other information (from the non-Linux code):
> > Checking file types / sizes...
> >
> > int sizeRead /* always 336 if successful */
> > int sizeReadTotal /* always 0 */
> >
> >
> > unsigned char buf[sizeof(psinfo_t)]
> >
>
> Now it fails after a number of iterations. I did remove a single check
from
> one require group and it got through to an additional require group. I
was
> going to include the output file with the debug information, but I don't
> have it with me right now. Let me know if you need it and I will
endeavour
> to get it to you.
>
> I did adjust the following in the getPsinfo function:
> from FILE* fileinfo;
> to FILE *fileinfo;
> I assume that was simply a typo. The change didn't help or seem to effect
> anything. I also made sure that every fopen had an fclose; I thought that
> maybe there were too many files open or something like that. Maybe there
is
> still something in this as it was quite late when I packed it in last
night.
>
> The Makefile in the attached source has a DEBUG entry added to the CFLAGS
> line, so it always makes the debug version for now. My 'do_conf' doesn't
> include the MD5 directory, however, it uses the found OpenSSL libraries
and
> thus the configure defines USE_MD5.
>
> AndrewM
>
> Andrew McGlashan AACS
> Director
>
> Mobile: 04 2574 1827
>
> Affinity Vision Australia Pty Ltd
> ABN 91 099 273 855
>
> This message contains privileged and confidential information intended
only
> for the use of the addressee named above. If you are not the intended
> recipient of this message you are hereby notified that you must not
> disseminate, copy or take any action in reliance on it. If you have
> received this message in error please notify Affinity Vision Australia Pty
> Ltd at ae...@bi... Any views expressed in this message are those of
the
> individual sender, except where the sender specifically states them to be
> the views of Affinity Vision Australia Pty Ltd
>
> ----- Original Message -----
> From: <And...@se...>
> To: <ae...@bi...>
> Sent: Thursday, May 09, 2002 1:12 AM
> Subject: SEWL passwdsecure -- other note
>
>
> >
> > The following statement fails consistently for unknown reasons.....,
> > but only after so many reads...
> >
> > sizeRead = fread(buf+sizeReadTotal, 1, sizeof(psinfo_t)-sizeReadTotal,
> > fileinfo);
> >
> >
> > Checking file types / sizes...
> >
> > int sizeRead /* always 336 if successful */
> > int sizeReadTotal /* always 0 */
> >
> >
> > unsigned char buf[sizeof(psinfo_t)]
> >
>
>
>
****************************************************************************
*******
> The information in this e-mail message and any files transmitted with it
> are intended to be confidential and for the use of only the individual or
> entity to whom they are addressed. The message and files may be
> protected by legal professional privilege, or other legal rules. The
> confidentiality of and privilege applying to this message and
> files is not waived if this message or files has been sent to you by
mistake.
> If the reader of this message or files is not the intended recipient, you
are
> notified that retention, distribution or copying of this message and files
are
> strictly prohibited. If you receive this message or files in error,
please
> notify us immediately by telephone or return e-mail and delete all copies
> from your computer system. It is the recipient's responsibility to check
this
> message and files for viruses.
>
> Thank you.
>
****************************************************************************
*******
>
*******************************************************
PLEASE NOTE: This internet email message
has been checked for viruses and appropriate
content to ensure it complies with TABCORP's
electronic communication policy.
*******************************************************
***********************************************************************************
The information in this e-mail message and any files transmitted with it
are intended to be confidential and for the use of only the individual or
entity to whom they are addressed. The message and files may be
protected by legal professional privilege, or other legal rules. The
confidentiality of and privilege applying to this message and
files is not waived if this message or files has been sent to you by mistake.
If the reader of this message or files is not the intended recipient, you are
notified that retention, distribution or copying of this message and files are
strictly prohibited. If you receive this message or files in error, please
notify us immediately by telephone or return e-mail and delete all copies
from your computer system. It is the recipient's responsibility to check this
message and files for viruses.
Thank you.
***********************************************************************************
|
|
From: Andrew M. <ae...@bi...> - 2002-05-10 12:17:31
|
Richard,
Everything is working fine now, thank you very much for your help.
I plan to upload 4 files to the sorceforge area when I work out how to do it
correctly, these are:
authprocess.h
authprocess.c
readconfig.c
passwdsecure.c
Regards
AndrewM
Andrew McGlashan AACS
Director
Mobile: 04 2574 1827
Affinity Vision Australia Pty Ltd
ABN 91 099 273 855
This message contains privileged and confidential information intended only
for the use of the addressee named above. If you are not the intended
recipient of this message you are hereby notified that you must not
disseminate, copy or take any action in reliance on it. If you have
received this message in error please notify Affinity Vision Australia Pty
Ltd at ae...@bi... Any views expressed in this message are those of the
individual sender, except where the sender specifically states them to be
the views of Affinity Vision Australia Pty Ltd
----- Original Message -----
From: "Harris, Richard" <ha...@ta...>
To: "'Andrew McGlashan'" <ae...@bi...>
Cc: <pas...@li...>; "Mario Piazzese"
<Mar...@se...>; "Bill Lucas" <bil...@se...>
Sent: Friday, May 10, 2002 5:08 PM
Subject: RE: SEWL passwdsecure -- other note
> Hi Andrew,
>
> Is it working now?
>
> The sprintf will put the '\0' on the end of hexStringDigit for you but I
> guess it doesn't hurt to do it explicitly.
>
> Richard
>
> -----Original Message-----
> From: Andrew McGlashan [mailto:ae...@bi...]
> Sent: Friday, 10 May 2002 5:08 PM
> To: Harris, Richard
> Cc: pas...@li...; Mario Piazzese; Bill Lucas
> Subject: Re: SEWL passwdsecure -- other note
>
>
> Updated .c files attached
>
> Richard,
>
> Thanks for your input. I have added an extra line to your supplied
MD5File
> function. After the 16 unsigned chars have been placed as 32 string chars
> (0-31), I added the string terminator char to array position 32 as
follows:
> hexStringDigest[32] = '\0';
>
> Regards
>
> AndrewM
>
> Andrew McGlashan AACS
> Director
>
> Mobile: 04 2574 1827
>
> Affinity Vision Australia Pty Ltd
> ABN 91 099 273 855
>
> This message contains privileged and confidential information intended
only
> for the use of the addressee named above. If you are not the intended
> recipient of this message you are hereby notified that you must not
> disseminate, copy or take any action in reliance on it. If you have
> received this message in error please notify Affinity Vision Australia Pty
> Ltd at ae...@bi... Any views expressed in this message are those of
the
> individual sender, except where the sender specifically states them to be
> the views of Affinity Vision Australia Pty Ltd
>
> ----- Original Message -----
> From: "Harris, Richard" <ha...@ta...>
> To: "'Andrew McGlashan'" <ae...@bi...>; "Harris, Richard"
> <ha...@ta...>
> Cc: "Bill Lucas" <bil...@se...>; "Mario Piazzese"
> <Mar...@se...>; <pas...@li...>
> Sent: Friday, May 10, 2002 3:18 PM
> Subject: RE: SEWL passwdsecure -- other note
>
>
> > Hi Andrew,
> >
> > Looking at the truss output the problem seem symtematic of a buffer
> overrun
> > or a stray pointer being accessed. I've had a look at authprocess.c and
> > found a couple of strong contenders.
> >
> > You've changed the way MD5File works so it returns the MD5 data as a hex
> > string, rather than the raw MD5 data. I assume you've done this for the
> > purposes of debugging so you can see the checksum more easily. You've
> made
> > a few mistakes in doing this.
> >
> > Firstly, in MD5File (if the digest is calculated correctly) you return
> > buffer2, unfortunately buffer2 is on the stack so as soon as you return
> from
> > MD5File the memory where you are pointing to will no longer exist.
Later
> on
> > you then call free on the returned value, this will cause all sorts of
> > confusion! Also digest is being created on the heap but you don't
return
> a
> > pointer to it so it creates a memory leak.
> >
> > To do it your way MD5File should be:
> >
> > #ifdef USE_MD5
> > char* MD5File(char* filename)
> > {
> > FILE* file;
> > if ((file = fopen (filename, "rb")) == NULL)
> > {
> >
> > #ifdef DEBUG
> > fprintf(stderr, "Problem opening file: %s ...\n", filename);
> > #endif
> >
> > return (char*)NULL;
> > }
> > else {
> > MD5_CTX context;
> > int len;
> > unsigned char buffer[1024];
> > unsigned char digest[16];
> > unsigned int i;
> > char* hexStringDigest;
> >
> > MD5Init (&context);
> > while (len = fread (buffer, 1, 1024, file))
> > MD5Update (&context, buffer, len);
> > MD5Final (digest, &context);
> >
> > fclose (file);
> >
> > /* 33 chars, 32 for hexString, and 1 for NULL */
> > hexStringDigest = (char*)malloc(sizeof(char)*33);
> > checkMalloc((void*)hexStringDigest);
> >
> > for (i = 0; i < 16; i++)
> > {
> > sprintf(hexStringDigest + i*2, "%02x", digest[i] );
> > }
> >
> > return hexStringDigest;
> > }
> > }
> > #endif
> >
> > I havn't got a machine to compile this on to test but it looks all
right.
> >
> > The other big problem is with md5thusfar. At line 144 you define
> md5thusfar
> > as a char* and then (at line 220) you call strncpy to it before it is
> > initialised. It might be pointing at anything at this stage.
> >
> > You need to change line 220 from:
> > strncpy(md5thusfar, file[0], 32);
> > to:
> > md5thusfar = (char*)malloc(sizeof(char)*33);
> > checkMalloc((void*)md5thusfar);
> > strncpy(md5thusfar, file[0], 32);
> > md5thusfar[32] = '\0';
> >
> > Note the last line, if file[0] is 32 or more characters long then
> md5thusfar
> > won't finish with a null, so trouble will ensue.
> >
> > That's all of the problems I can see in authprocess.c at the moment. If
> you
> > fix those problems you should be in with a much better shot of getting
it
> to
> > work.
> >
> > Regards,
> > Richard
> >
> > PS: As a formatting point when you have something like:
> > <tab>func(first_arg,
> > <tab> second_arg);
> > You shouldn't change it to
> > <tab>func(first_arg,
> > <tab><tab>second_arg);
> > As the arguments won't line up if someone is using different sized tab
> > stops. You should always tab to specify indents and space to line up a
> > command the spreads multiple lines. The same applies for if/while
> > conditions and for statements.
> >
> > PPS: I've made you an admin of the sourceforge project.
> >
> >
> > -----Original Message-----
> > From: Andrew McGlashan [mailto:ae...@bi...]
> > Sent: Thursday, 9 May 2002 10:45 AM
> > To: Harris, Richard
> > Cc: Bill Lucas; Mario Piazzese
> > Subject: Fw: SEWL passwdsecure -- other note
> > Importance: High
> >
> >
> > Richard,
> >
> > I have made this email high priority as SE Water has a number of uses
that
> > will need to use the passwdsecure tool. Bill has even suggested that I
be
> > listed as a maintainer to try to progress this quicker; I would really
> like
> > some more help.
> >
> > Okay, I have looked at FILECMP again -- I broke it with my former
MD5CHECK
> > works. I have since re-worked that but I still have some problems. The
> > FILEICMP looks okay after all, although I haven't actually tested it; I
> > didn't look at it closely enough to understand it before.
> >
> > The problem I am having now with the re-worked FILECMP / MD5CHECK
section
> > having been done has to do with the getPsinfo function; it is dropping
out
> > without completing all checks. I don't know why it dumps out, but here
is
> > the statement that is failing:
> >
> > sizeRead = fread(buf+sizeReadTotal, 1,
sizeof(psinfo_t)-sizeReadTotal,
> > fileinfo);
> >
> > Other information (from the non-Linux code):
> > > Checking file types / sizes...
> > >
> > > int sizeRead /* always 336 if successful */
> > > int sizeReadTotal /* always 0 */
> > >
> > >
> > > unsigned char buf[sizeof(psinfo_t)]
> > >
> >
> > Now it fails after a number of iterations. I did remove a single check
> from
> > one require group and it got through to an additional require group. I
> was
> > going to include the output file with the debug information, but I don't
> > have it with me right now. Let me know if you need it and I will
> endeavour
> > to get it to you.
> >
> > I did adjust the following in the getPsinfo function:
> > from FILE* fileinfo;
> > to FILE *fileinfo;
> > I assume that was simply a typo. The change didn't help or seem to
effect
> > anything. I also made sure that every fopen had an fclose; I thought
that
> > maybe there were too many files open or something like that. Maybe
there
> is
> > still something in this as it was quite late when I packed it in last
> night.
> >
> > The Makefile in the attached source has a DEBUG entry added to the
CFLAGS
> > line, so it always makes the debug version for now. My 'do_conf'
doesn't
> > include the MD5 directory, however, it uses the found OpenSSL libraries
> and
> > thus the configure defines USE_MD5.
> >
> > AndrewM
> >
> > Andrew McGlashan AACS
> > Director
> >
> > Mobile: 04 2574 1827
> >
> > Affinity Vision Australia Pty Ltd
> > ABN 91 099 273 855
> >
> > This message contains privileged and confidential information intended
> only
> > for the use of the addressee named above. If you are not the intended
> > recipient of this message you are hereby notified that you must not
> > disseminate, copy or take any action in reliance on it. If you have
> > received this message in error please notify Affinity Vision Australia
Pty
> > Ltd at ae...@bi... Any views expressed in this message are those of
> the
> > individual sender, except where the sender specifically states them to
be
> > the views of Affinity Vision Australia Pty Ltd
> >
> > ----- Original Message -----
> > From: <And...@se...>
> > To: <ae...@bi...>
> > Sent: Thursday, May 09, 2002 1:12 AM
> > Subject: SEWL passwdsecure -- other note
> >
> >
> > >
> > > The following statement fails consistently for unknown reasons.....,
> > > but only after so many reads...
> > >
> > > sizeRead = fread(buf+sizeReadTotal, 1, sizeof(psinfo_t)-sizeReadTotal,
> > > fileinfo);
> > >
> > >
> > > Checking file types / sizes...
> > >
> > > int sizeRead /* always 336 if successful */
> > > int sizeReadTotal /* always 0 */
> > >
> > >
> > > unsigned char buf[sizeof(psinfo_t)]
> > >
> >
> >
> >
>
****************************************************************************
> *******
> > The information in this e-mail message and any files transmitted with it
> > are intended to be confidential and for the use of only the individual
or
> > entity to whom they are addressed. The message and files may be
> > protected by legal professional privilege, or other legal rules. The
> > confidentiality of and privilege applying to this message and
> > files is not waived if this message or files has been sent to you by
> mistake.
> > If the reader of this message or files is not the intended recipient,
you
> are
> > notified that retention, distribution or copying of this message and
files
> are
> > strictly prohibited. If you receive this message or files in error,
> please
> > notify us immediately by telephone or return e-mail and delete all
copies
> > from your computer system. It is the recipient's responsibility to check
> this
> > message and files for viruses.
> >
> > Thank you.
> >
>
****************************************************************************
> *******
> >
>
>
> *******************************************************
> PLEASE NOTE: This internet email message
> has been checked for viruses and appropriate
> content to ensure it complies with TABCORP's
> electronic communication policy.
> *******************************************************
>
>
>
>
****************************************************************************
*******
> The information in this e-mail message and any files transmitted with it
> are intended to be confidential and for the use of only the individual or
> entity to whom they are addressed. The message and files may be
> protected by legal professional privilege, or other legal rules. The
> confidentiality of and privilege applying to this message and
> files is not waived if this message or files has been sent to you by
mistake.
> If the reader of this message or files is not the intended recipient, you
are
> notified that retention, distribution or copying of this message and files
are
> strictly prohibited. If you receive this message or files in error,
please
> notify us immediately by telephone or return e-mail and delete all copies
> from your computer system. It is the recipient's responsibility to check
this
> message and files for viruses.
>
> Thank you.
>
****************************************************************************
*******
>
|
|
From: Andrew M. <ae...@bi...> - 2002-05-09 01:35:46
|
Richard, I wouldn't mind being a maintainer; is there some further info on how this works? I have a fprintf immediately before the read and immediately after, only the former prints when the program drops out. I will have a look at using truss to get some more info; it will not be trivial to set it up with my current rules in place though; I might be able to do this with a simple shell script replacing my 'passwdsecure.debug' and calling a new name for the actual passwdsecure program. AndrewM Andrew McGlashan AACS Director Mobile: 04 2574 1827 Affinity Vision Australia Pty Ltd ABN 91 099 273 855 This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you are hereby notified that you must not disseminate, copy or take any action in reliance on it. If you have received this message in error please notify Affinity Vision Australia Pty Ltd at ae...@bi... Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Affinity Vision Australia Pty Ltd ----- Original Message ----- From: "Harris, Richard" <ha...@ta...> To: "'Andrew McGlashan'" <ae...@bi...>; "Harris, Richard" <ha...@ta...> Cc: "Bill Lucas" <bil...@se...>; "Mario Piazzese" <Mar...@se...>; <pas...@li...> Sent: Thursday, May 09, 2002 11:11 AM Subject: RE: SEWL passwdsecure -- other note > Hi Andrew, > > Responses in line. > > Richard. > > -----Original Message----- > From: Andrew McGlashan [mailto:ae...@bi...] > Sent: Thursday, 9 May 2002 10:45 AM > To: Harris, Richard > Cc: Bill Lucas; Mario Piazzese > Subject: Fw: SEWL passwdsecure -- other note > Importance: High > > > Richard, > > I have made this email high priority as SE Water has a number of uses that > will need to use the passwdsecure tool. Bill has even suggested that I be > listed as a maintainer to try to progress this quicker; I would really like > some more help. > > <<< > > I haven't got a problem making you a maintainer if you want. > > >>> > > Okay, I have looked at FILECMP again -- I broke it with my former MD5CHECK > works. I have since re-worked that but I still have some problems. The > FILEICMP looks okay after all, although I haven't actually tested it; I > didn't look at it closely enough to understand it before. > > The problem I am having now with the re-worked FILECMP / MD5CHECK section > having been done has to do with the getPsinfo function; it is dropping out > without completing all checks. I don't know why it dumps out, but here is > the statement that is failing: > > sizeRead = fread(buf+sizeReadTotal, 1, sizeof(psinfo_t)-sizeReadTotal, > fileinfo); > > Other information (from the non-Linux code): > > Checking file types / sizes... > > > > int sizeRead /* always 336 if successful */ > > int sizeReadTotal /* always 0 */ > > > > > > unsigned char buf[sizeof(psinfo_t)] > > > > Now it fails after a number of iterations. I did remove a single check from > one require group and it got through to an additional require group. I was > going to include the output file with the debug information, but I don't > have it with me right now. Let me know if you need it and I will endeavour > to get it to you. > > <<< > > When you say it fails, do you mean it crashes or it fails to read the info? > > I think I might need the debug info to get a better picture of what is going > on. > > >>> > > I did adjust the following in the getPsinfo function: > from FILE* fileinfo; > to FILE *fileinfo; > I assume that was simply a typo. > > <<< > In general you should always use > FILE* fileinfo; > rather than > FILE *fileinfo; > as it seperates the type from the variable name. The type is FILE* (a > pointer to a FILE) and the variable is fileinfo. This distinction is > not as clear in the second instance. They both compile to the same > code but most modern style guides will recomend you use the first version. > >>> > > > The change didn't help or seem to effect > anything. I also made sure that every fopen had an fclose; I thought that > maybe there were too many files open or something like that. Maybe there is > still something in this as it was quite late when I packed it in last night. > > <<< > > I was thinking that also, but it doesn't seem to be the case. The ideal > solution would be to "truss" the process (solaris command that traces > system calls) but this may be non-trivial as it will require a special > configuration file that lets the passwdsecure command be called from. > > If we could get the truss output that would probably point us in the > right direction. > > >>> > > The Makefile in the attached source has a DEBUG entry added to the CFLAGS > line, so it always makes the debug version for now. My 'do_conf' doesn't > include the MD5 directory, however, it uses the found OpenSSL libraries and > thus the configure defines USE_MD5. > > AndrewM > > Andrew McGlashan AACS > Director > > Mobile: 04 2574 1827 > > Affinity Vision Australia Pty Ltd > ABN 91 099 273 855 > > This message contains privileged and confidential information intended only > for the use of the addressee named above. If you are not the intended > recipient of this message you are hereby notified that you must not > disseminate, copy or take any action in reliance on it. If you have > received this message in error please notify Affinity Vision Australia Pty > Ltd at ae...@bi... Any views expressed in this message are those of the > individual sender, except where the sender specifically states them to be > the views of Affinity Vision Australia Pty Ltd > > ----- Original Message ----- > From: <And...@se...> > To: <ae...@bi...> > Sent: Thursday, May 09, 2002 1:12 AM > Subject: SEWL passwdsecure -- other note > > > > > > The following statement fails consistently for unknown reasons....., > > but only after so many reads... > > > > sizeRead = fread(buf+sizeReadTotal, 1, sizeof(psinfo_t)-sizeReadTotal, > > fileinfo); > > > > > > Checking file types / sizes... > > > > int sizeRead /* always 336 if successful */ > > int sizeReadTotal /* always 0 */ > > > > > > unsigned char buf[sizeof(psinfo_t)] > > > > > **************************************************************************** ******* > The information in this e-mail message and any files transmitted with it > are intended to be confidential and for the use of only the individual or > entity to whom they are addressed. The message and files may be > protected by legal professional privilege, or other legal rules. The > confidentiality of and privilege applying to this message and > files is not waived if this message or files has been sent to you by mistake. > If the reader of this message or files is not the intended recipient, you are > notified that retention, distribution or copying of this message and files are > strictly prohibited. If you receive this message or files in error, please > notify us immediately by telephone or return e-mail and delete all copies > from your computer system. It is the recipient's responsibility to check this > message and files for viruses. > > Thank you. > **************************************************************************** ******* > > |
Thanks for helping keep SourceForge clean.
X