Date: Fri, 30 Jun 2000 11:40:43 -0400 (EDT) From: demond@demond.dyn.dhs.org To: FreeBSD-gnats-submit@freebsd.org Subject: kern/19605: FreeBSD 4.0-RELEASE panics on incorrect use of ioctl() Message-ID: <200006301540.LAA15329@demond.dyn.dhs.org>
next in thread | raw e-mail | index | archive | help
>Number: 19605
>Category: kern
>Synopsis: FreeBSD 4.0-RELEASE panics on incorrect use of ioctl()
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Jun 30 08:40:01 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator: Lubomir Radev <demond@gmx.net>
>Release: FreeBSD 4.0-RELEASE i386
>Organization:
>Environment:
FreeBSD 4.0-RELEASE i386
>Description:
I tested this on several 4.0-RELEASE boxes (as unprivileged user):
#include <sys/types.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
#include <net/if.h>
main() {
struct ifconf ifc;
int sd = socket(PF_INET, SOCK_DGRAM, 0);
ioctl(sd, SIOCGIFCONF, (char *)&ifc);
}
The result: kernel panic & reboot.
Other FreeBSD versions don't seem to be affected.
>How-To-Repeat:
See above.
>Fix:
Wish I had time to investigate... The problem is obviously
caused by incorrect ioctl() use (not supplying proper buffer
in ifconf struct).
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200006301540.LAA15329>