[19913] in Kerberos_V5_Development
Re: Crash in sendto_kdc.c
daemon@ATHENA.MIT.EDU (mogasale.tech)
Fri Apr 12 00:02:34 2019
MIME-Version: 1.0
In-Reply-To: <8e5b0c7d-02aa-8094-aaa2-1a32eaead84a@mit.edu>
From: "mogasale.tech" <mogasale.tech@gmail.com>
Date: Fri, 12 Apr 2019 09:31:55 +0530
Message-ID: <CALwnZ7Q+ZiDJJm17ap-SP6S489Ze4n0tv4KyVGvx+SQBGxHqjA@mail.gmail.com>
To: Greg Hudson <ghudson@mit.edu>
Cc: krbdev@mit.edu
Content-Type: text/plain; charset="utf-8"
Errors-To: krbdev-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Hi Greg,
Sorry for delayed confirmation, it took a while for us to catch hold of the
specific environments where we used to see these issues. Recently we could
test our application with the below suggested fix on environments where we
used to see regular crashes. With this fix, the issue looks resolved and
application is now running smooth with no crashes. Thanks for the valuable
suggestions.
I also see that the fix is already incorporated as part of krb5-1.17. Will
go ahead and use that. Thanks again.
Regards,
Rama
On Fri, 5 Oct 2018 at 01:31, Greg Hudson <ghudson@mit.edu> wrote:
> [Removing kfwdev from the CC line; we no longer have a separate Windows
> development team, so just krbdev is fine.]
>
> On 10/04/2018 08:47 AM, mogasale.tech wrote:
> > conn.out.sgbuf[0] = {len = 4, buff = ‘\0’}
> > conn.out.sgbuf[1] = {len = 1882, buff = ‘some data’}
> > conn.out.sgp = {len=??? buf=??? }
> > conn.out.sg_count = -10339
> > conn.out.msg_len_buf = ""
> > nwritten = 3199132154
>
> Thanks for the additional information. I think I finally know what is
> going wrong here: SOCKET_WRITEV() is trying to return -1, but due to the
> intricacies of the C type system, it is being treated as 2^32-1 on
> 64-bit Windows.
>
> The fix I would like to try is to edit src/include/port-sockets.h and
> change the first definition of SOCKET_WRITEV to:
>
> #define SOCKET_WRITEV(FD, SG, LEN, TMP) \
> (WSASend((FD), (SG), (LEN), &(TMP), 0, 0, 0) ? \
> (ssize_t)-1 : (ssize_t)(TMP))
>
> where the change is the addition of the (ssize_t) casts.
>
> Without the casts, the type of the conditional expression is unsigned
> 32-bit, because -1 has type int and TMP has type DWORD, and unsigned
> wins over signed for integer types of equal size. The quantity -1 in
> that type has the value 2^32-1. When that value is cast to ssize_t
> (signed 64-bit on 64-bit Windows), it retains the large positive value
> instead of reverting back to -1 as it would on 32-bit Windows.
>
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
