[OpenAFS-devel] Corrupted ticket sent in rx packet from Windows 1.3.7700

Douglas E. Engert deengert@anl.gov
Wed, 19 Jan 2005 11:36:30 -0600 

Tesing on Solaris with 1.3.77 and a few printf statments shows
your fix is only part of the solution. The other part is that on the second time
in the loop, the (offset - l) must be zero, so the next chunck of the data
is copied to the beginning of the next iov_base. Otherwise it is copied
before the iov_base overlaying something!

This would explain the cache manager acting up some times requiring a reboot.


So far I can get the client side to send the correct data but  the server
still has problems with the ticket. It apearsto to have the same problem with
(offset - l) and out += j.

But it looks like on the server side the data that gets overlayed will
be in "out", so only this response will fail. I am seeing a
Unknown code asn1 6 (1859794438) which would mean the ticket was overlayed.

I will try and thest this in our test AFS cell.


--- ,rx_packet.c	Tue Dec  7 00:10:06 2004
+++ rx_packet.c	Wed Jan 19 11:14:21 2005
@@ -192,6 +192,8 @@
  	memcpy(out, (char *)(packet->wirevec[i].iov_base) + (offset - l), j);
  	resid -= j;
  	l += packet->wirevec[i].iov_len;
+	offset = l;
+	out += j;
  	i++;
      }

@@ -232,6 +234,8 @@
  	memcpy(b, in, j);
  	resid -= j;
  	l += packet->wirevec[i].iov_len;
+	offset = l;
+	in += j;
  	i++;
      }


Jeffrey Altman wrote:
> correction:
> 
> Index: rx_packet.c
> ===================================================================
> RCS file: /var/lib/cvs/openafs-1319/src/rx/rx_packet.c,v
> retrieving revision 1.1.1.1.2.1
> diff -u -r1.1.1.1.2.1 rx_packet.c
> --- rx_packet.c 5 Jan 2005 21:15:51 -0000       1.1.1.1.2.1
> +++ rx_packet.c 19 Jan 2005 04:54:53 -0000
> @@ -191,6 +191,7 @@
>         j = MIN(resid, packet->wirevec[i].iov_len - (offset - l));
>         memcpy(out, (char *)(packet->wirevec[i].iov_base) + (offset - 
> l), j);
>         resid -= j;
> +        out += j;
>         l += packet->wirevec[i].iov_len;
>         i++;
>      }
> @@ -231,6 +232,7 @@
>         j = MIN(resid, packet->wirevec[i].iov_len - (offset - l));
>         memcpy(b, in, j);
>         resid -= j;
> +       in += j;
>         l += packet->wirevec[i].iov_len;
>         i++;
>      }
> 

-- 

  Douglas E. Engert  <DEEngert@anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444