Date: Wed, 21 Jan 2004 10:36:32 +0100 (CET) From: Frank Denis -Jedi/Sector One- <j@pureftpd.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: bin/61666: mount_nfs parsing bug, segmentation fault Message-ID: <200401210936.i0L9aWrP062410@static1.orbus.fr> Resent-Message-ID: <200401210940.i0L9eIjc062673@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 61666 >Category: bin >Synopsis: mount_nfs parsing bug, segmentation fault >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Jan 21 01:40:16 PST 2004 >Closed-Date: >Last-Modified: >Originator: Frank DENIS -Jedi/Sector One- >Release: FreeBSD 4.9-STABLE i386 >Organization: 42 Networks >Environment: System: FreeBSD static1.orbus.fr 4.9-STABLE FreeBSD 4.9-STABLE #0: Sat Nov 1 14:25:14 CET 2003 root@dax.orbus.fr:/usr/obj/usr/src/sys/J i386 >Description: There's a problem with the way mount_nfs(8) parses acregmin/acregmax/acdirmin and acdirmax. Look at the code : if (altflags & ALTF_ACREGMIN) { nfsargsp->flags |= NFSMNT_ACREGMIN; nfsargsp->acregmin = atoi(strstr(optarg, "acregmin=") + 9); } if (altflags & ALTF_ACREGMAX) { nfsargsp->flags |= NFSMNT_ACREGMAX; nfsargsp->acregmax = atoi(strstr(optarg, "acregmax=") + 9); } For instance if we use both acregmin and acregmax : - on the first round, the ALTF_ACREGMIN will be set, everything's allright. - on the next round (when optarg willl be "acregmax=xxx"), the first statement will also get evaluated because ALTF_ACREGMIN has been set. But strstr(optarg, "acregmin=") will be NULL. Dereferencing NULL + 9 produces an obvious segmentation fault. >How-To-Repeat: Try for instance to mount a filesystem with acregmin=2,acregmax=2. A segmentation fault occurs even when the command has not been started by root. >Fix: - >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200401210936.i0L9aWrP062410>