Comment 6 for bug 356978

I built a version of pptp with debug enabled, and caught the segmentation fault again. This time I get the following in the syslog file:

{{{
Nov 16 23:07:33 paul-ubuntu pptp[5592]: nm-pptp-service-5464 log[decaps_gre:pptp_gre.c:414]: buffering packet 1323 (expecting 1322, lost or reordered)
Nov 16 23:08:09 paul-ubuntu pptp[5598]: nm-pptp-service-5464 log[logecho:pptp_ctrl.c:677]: Echo Request received.
Nov 16 23:08:09 paul-ubuntu pptp[5598]: nm-pptp-service-5464 log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 6 'Echo-Reply'
Nov 16 23:08:09 paul-ubuntu pptp[5598]: nm-pptp-service-5464 log[pptp_read_some:pptp_ctrl.c:551]: read error: Connection reset by peer
Nov 16 23:08:09 paul-ubuntu pptp[5598]: nm-pptp-service-5464 log[callmgr_main:pptp_callmgr.c:258]: Closing connection (shutdown)
Nov 16 23:08:09 paul-ubuntu pptp[5598]: nm-pptp-service-5464 log[pptp_send_ctrl_packet:pptp_ctrl.c:622]: write error: Broken pipe
Nov 16 23:08:09 paul-ubuntu pptp[5598]: nm-pptp-service-5464 log[call_callback:pptp_callmgr.c:79]: Closing connection (call state)
Nov 16 23:08:09 paul-ubuntu kernel: [ 6282.854809] pptpcm[5598]: segfault at c0bbb964 ip 0804d3f0 sp bf8dcb40 error 5 in pptp[8048000+e000]
}}}

Then using gdb on the core bump extracted from apport's crash report I get the following:

{{{
(gdb) where
#0 0x0804d3f0 in pptp_fd_set (conn=0x96f6858, read_set=0xbf8dcc3c, write_set=0xbf8dcbbc, max_fd=0xbf8dce34) at pptp_ctrl.c:464
#1 0x08052e7f in callmgr_main (argc=3, argv=0xbf8dcf1c, envp=0xbf8de2dc) at pptp_callmgr.c:266
#2 0x0804a8e0 in launch_callmgr (inetaddr=..., phonenr=0x0, argc=5, argv=0xbf8de2c4, envp=0xbf8de2dc) at pptp.c:505
#3 0x0804a722 in open_callmgr (inetaddr=..., phonenr=0x0, argc=5, argv=0xbf8de2c4, envp=0xbf8de2dc, pty_fd=0, gre_fd=4) at pptp.c:474
#4 0x0804a225 in main (argc=5, argv=0xbf8de2c4, envp=0xbf8de2dc) at pptp.c:375
}}}

The call that causes the fault appears to be the one at pptp_callmgr.c line 266 where it is doing the 'shutdown' steps.