From owner-freebsd-bugs@FreeBSD.ORG Tue Jan 13 01:10:02 2009 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9C5C71065672 for ; Tue, 13 Jan 2009 01:10:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 8A81E8FC08 for ; Tue, 13 Jan 2009 01:10:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n0D1A2Bw039359 for ; Tue, 13 Jan 2009 01:10:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n0D1A25N039358; Tue, 13 Jan 2009 01:10:02 GMT (envelope-from gnats) Date: Tue, 13 Jan 2009 01:10:02 GMT Message-Id: <200901130110.n0D1A25N039358@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org From: "Li yonggang" Cc: Subject: Re: bin/130300: netstat crash when params is incorrect X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Li yonggang List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Jan 2009 01:10:02 -0000 The following reply was made to PR bin/130300; it has been noted by GNATS. From: "Li yonggang" To: "Ruslan Ermilov" Cc: bug-followup@freebsd.org Subject: Re: bin/130300: netstat crash when params is incorrect Date: Tue, 13 Jan 2009 01:02:06 +0000 the fix from Ruslan Ermilov works for netstat -m foo. but I still think there MUST be a check for illegal params input. because in netstat -m foo, the live variable will be set 0 by mistake, there is no any reason to continue, because the further call kread will use illegal input: foo. we should stop at usage() when illegal params input is found. this will apply for all the params input not only -m foo, which will help reduce the possibility of the regression like -m foo. %%% Index:main.c ================================================= --- main.c 2009-01-12 15:13:06.000000000 +0000 +++ ../main.c 2009-01-12 15:32:14.000000000 +0000 @@ -341,6 +341,7 @@ int af; /* address family */ int live; /* true if we are examining a live system */ + int main(int argc, char *argv[]) { @@ -463,28 +464,12 @@ default: usage(); } - argv += optind; - argc -= optind; - -#define BACKWARD_COMPATIBILITY -#ifdef BACKWARD_COMPATIBILITY - if (*argv) { - if (isdigit(**argv)) { - interval = atoi(*argv); - if (interval <= 0) - usage(); - ++argv; - iflag = 1; - } - if (*argv) { - nlistf = *argv; - if (*++argv) - memf = *argv; - } - } -#endif - - /* + /* + * Params should be parsed without error. + * */ + if(*(argv += optind)) + usage(); + /* * Discard setgid privileges if not the running kernel so that bad * guys can't print interesting stuff from kernel memory. */ %%% Thanks, Yonggang Li