When we get an EN8 response while we're already sending the file using
the i protocol, this can happen:
In send.c, flocal_send_await_reply() is called. This function calls
flocal_send_fail() to process the aborted transfer. After this, we run
into the branch that calls ffileseekend() to force the end of the
actual transfer.
Now flocal_send_fail() frees qtrans, but qtrans is still used later!
I propose to fix this by moving the usfree_send(qtrans) out of
flocal_send_fail(), as in the patch I append to this mail.
...
I have found a race condition in the uucp 1.05 code. The typical result
is that the connections mysteriously fails with "conversation failed",
even while all files were transmitted. This is the problem:
At least for the i protocol, the code to send a packet can receive and
process packets after sending.
In several places in the code, we send a command and then prepare to
receive an answer.
Now the answer might already arrive during the call that sends the
command while we aren't ready to process it.
The general solution is IMHO first to do all preparations and only as a
last step to send out the command.
Reviewed by: John Dyson
Submitted by: Johannes Stille