From owner-freebsd-bugs  Sat Mar 11  0:17:26 2000
Delivered-To: freebsd-bugs@freebsd.org
Received: from field.videotron.net (field.videotron.net [205.151.222.108])
	by hub.freebsd.org (Postfix) with ESMTP
	id 33D3337B5AF; Sat, 11 Mar 2000 00:17:23 -0800 (PST)
	(envelope-from patrick@mindstep.com)
Received: from PATRAK ([24.201.61.127]) by field.videotron.net (Sun Internet Mail Server sims.3.5.1999.12.14.10.29.p8)
 with SMTP id <0FR900AA10CX34@field.videotron.net>; Sat, 11 Mar 2000 03:17:21 -0500 (EST)
Date: Sat, 11 Mar 2000 03:17:05 -0500
From: Patrick Bihan-Faou <patrick@mindstep.com>
Subject: Re: kern/17311: bug in the code handling ioctl SIOCGIFCONF
To: gnats-admin@FreeBSD.org, freebsd-bugs@FreeBSD.org
Message-id: <02a701bf8b32$3020e0f0$040aa8c0@local.mindstep.com>
MIME-version: 1.0
X-Mailer: Microsoft Outlook Express 5.00.2919.6700
Content-type: text/plain; charset=Windows-1252
Content-transfer-encoding: 7bit
X-MSMail-Priority: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700
References: <200003110720.XAA56125@freefall.freebsd.org>
X-Priority: 3
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Oops,

Here is the correct test code...


#include <errno.h>
#include <sys/types.h>
#include <sys/param.h>
#include <sys/time.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
#include <net/if.h>
#include <netinet/in.h>
#include <sys/sockio.h>

#define VERBOSE_CHECK_
int check55(char *start,char *end)
{
 int startoff=-1,endoff=0;
 int off=0,c=0;
 int ret = 0;

#ifdef VERY_VERBOSE_CHECK
 printf("%03d\t",off);
#endif
 for(;start<end;start++,off++)
 {
  if(*start != 0x55)
  {
   if(startoff<0)
   {
    startoff=off;
   }
   endoff=off;
  }
#ifdef VERY_VERBOSE_CHECK
  if(++c>=33)
  {
   printf("\n%03d\t",off);
   c=1;
  }
  printf("%02x ",*(unsigned char*)start);
#endif
 }
 if(startoff>=0)
 {
#ifdef VERBOSE_CHECK
  printf(" ** buffer changed from %d to %d => %d bytes modified
**\n",startoff,endoff, endoff - startoff + 1);
#endif
    ret = endoff-startoff+1;

 }

return ret;
}

main()
{
  struct ifconf ifc;
  char *x;
  struct ifreq *ifr;
  struct sockaddr_in *sin;
  int len,ret;
  int s;
  char buf[1024];
  int bug=0;
  int mod=0;

#define END_TEST 300

  if ((s = socket(AF_INET,SOCK_STREAM,0)) == -1) return -1;

  for (len=1;len<=END_TEST;len++) {
     ifc.ifc_buf = buf;
     ifc.ifc_len = len;
 memset(buf,0x55,sizeof(buf));
#ifdef VERBOSE_CHECK
 printf("\n[Try with len=%d]\n",len);
#else
 printf("try %4d\t", len);
#endif
     if ((ret=ioctl(s,SIOCGIFCONF,&ifc)) < 0)
 {
  printf("\n\n => ioctl failed (returned %d, errno=%d)\n",ret,errno);
 }
#ifdef VERBOSE_CHECK
 printf(" => ioctl succeeded, pretends it wrote %d bytes\n",ifc.ifc_len);
#else
 printf("pretends %4d\t\t", ifc.ifc_len);
#endif

 mod = check55(buf,buf+sizeof(buf));
 printf("modified %4d\t", mod);
 if (bug < 2 && mod < ifc.ifc_len)
 {
   bug = 2;
 }
 else if (bug < 1 && ifc.ifc_len > len)
 {
  bug = 1;
 }
 printf("bug %4d\n", bug);
  }

 switch (bug)
 {
     case 0:
         printf("\n\n*** Implementation OK (FIXED)*** \n\n");
         break;
     case 1:
         printf("\n\n*** Implementation corrupts buffer (RELENG_3)***\n\n");
         break;
     case 2:
         printf("\n\n*** Implementation returns incorrect ifc.ifc_len, but
buffer OK (HEAD)***\n\n");
         break;
     default:
         printf("\n\n*** Huh ??? %d ***", bug);
         break;
 }
   return bug;
}




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message