Date: Fri, 30 Jun 2000 11:40:43 -0400 (EDT) From: demond@demond.dyn.dhs.org To: FreeBSD-gnats-submit@freebsd.org Subject: kern/19605: FreeBSD 4.0-RELEASE panics on incorrect use of ioctl() Message-ID: <200006301540.LAA15329@demond.dyn.dhs.org>
next in thread | raw e-mail | index | archive | help
>Number: 19605 >Category: kern >Synopsis: FreeBSD 4.0-RELEASE panics on incorrect use of ioctl() >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Jun 30 08:40:01 PDT 2000 >Closed-Date: >Last-Modified: >Originator: Lubomir Radev <demond@gmx.net> >Release: FreeBSD 4.0-RELEASE i386 >Organization: >Environment: FreeBSD 4.0-RELEASE i386 >Description: I tested this on several 4.0-RELEASE boxes (as unprivileged user): #include <sys/types.h> #include <sys/ioctl.h> #include <sys/socket.h> #include <net/if.h> main() { struct ifconf ifc; int sd = socket(PF_INET, SOCK_DGRAM, 0); ioctl(sd, SIOCGIFCONF, (char *)&ifc); } The result: kernel panic & reboot. Other FreeBSD versions don't seem to be affected. >How-To-Repeat: See above. >Fix: Wish I had time to investigate... The problem is obviously caused by incorrect ioctl() use (not supplying proper buffer in ifconf struct). >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200006301540.LAA15329>