From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 8941 invoked by alias); 2 Dec 2008 17:08:02 -0000 Received: (qmail 8917 invoked by uid 71); 2 Dec 2008 17:08:02 -0000 Resent-Date: 2 Dec 2008 17:08:02 -0000 Resent-Message-ID: <20081202170802.8916.qmail@sourceware.org> Resent-From: gdb-gnats@sources.redhat.com (GNATS Filer) Resent-To: nobody@sources.redhat.com Resent-Cc: gdb-prs@sources.redhat.com Resent-Reply-To: gdb-gnats@sources.redhat.com, richard.stuckey@arc.com Received: (qmail 3585 invoked by uid 48); 2 Dec 2008 17:04:33 -0000 Message-Id: <20081202170433.3584.qmail@sourceware.org> Date: Tue, 02 Dec 2008 17:08:00 -0000 From: richard.stuckey@arc.com Reply-To: richard.stuckey@arc.com To: gdb-gnats@sources.redhat.com X-Send-Pr-Version: gnatsweb-2.9.3 (1.1.1.1.2.31) Subject: remote/2560: valid reponse packet can be treated as 'ENN' error packet Mailing-List: contact gdb-prs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-prs-owner@sourceware.org X-SW-Source: 2008-q4/txt/msg00062.txt.bz2 >Number: 2560 >Category: remote >Synopsis: valid reponse packet can be treated as 'ENN' error packet >Confidential: no >Severity: serious >Priority: medium >Responsible: unassigned >State: open >Class: sw-bug >Submitter-Id: net >Arrival-Date: Tue Dec 02 17:08:01 UTC 2008 >Closed-Date: >Last-Modified: >Originator: ARC International >Release: insight 6.8 >Organization: >Environment: >Description: In file remote.c, the function remote_send is used to send a packet to the remote target and receive a response packet back to it. It checks whether the response packet is an 'ENN' error response with the test if ((*buf)[0] == 'E') error (_("Remote failure reply: %s"), *buf); This test is too weak: if the response packet contains valid data which happens to begin with an 'E' then it will be incorrectly treated as an error. The correct test is performed in the function packet_check_result in this file: if (buf[0] == 'E' && isxdigit (buf[1]) && isxdigit (buf[2]) && buf[3] == '\0') /* "Enn" - definitly an error. */ return PACKET_ERROR; In fact, this function should be used throughout this file to check all response packets; e.g. in the function remote_rcmd there is the code if (buf[0] == '\0') error (_("Target does not support this command.")); if (buf[0] == 'O' && buf[1] != 'K') { remote_console_output (buf + 1); /* 'O' message from stub. */ continue; } if (strcmp (buf, "OK") == 0) break; if (strlen (buf) == 3 && buf[0] == 'E' && isdigit (buf[1]) && isdigit (buf[2])) { error (_("Protocol error with Rcmd")); } where the tests essentially duplicate the code in packet_check_result (though strlen is a very inefficient means of checking that the 4th character in a buffer is a NUL!). >How-To-Repeat: >Fix: Replace all checks on the response packet with calls to packet_check_result and check the result of this function call. >Release-Note: >Audit-Trail: >Unformatted: