Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 29 Jul 2004 17:13:22 GMT
From:      bronek <bronek@anax.pl>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   misc/69768: SEGV in killall
Message-ID:  <200407291713.i6THDMth089747@www.freebsd.org>
Resent-Message-ID: <200407291720.i6THKToM061932@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         69768
>Category:       misc
>Synopsis:       SEGV in killall
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jul 29 17:20:29 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     bronek
>Release:        4.10-STABLE
>Organization:
>Environment:
FreeBSD bronek 4.10-STABLE FreeBSD 4.10-STABLE #17: Tue Jul 27 08:43:17 CEST 2004     root@bronek:/usr/obj/usr/src/sys/BRONEK  i386
>Description:
killall is Segmention Fault if killing process is zombie

bronek# grep -nR NSIG /usr/src | more
..
/usr/src/usr.bin/killall/killall.c:203:                                 if (sig < 0 || sig > NSIG)
..
/usr/src/usr.sbin/ppp/sig.c:68:  if (sig <= 0 || sig > NSIG) {

..
the same bug propably in sig.c, but not vuln.
>How-To-Repeat:
bronek# ps wuax | grep -w cu
uucp     419  0.0  0.3  1044  760  v0  IE+   1:09PM   0:00.02 cu -hl /dev/cuaa0
uucp     420  0.0  0.0     0    0  v0  Z+    1:09PM   0:00.00  (cu)
bronek# kill -9 419
bronek# kill -9 419
bronek# kill -9 420
420: No such process
bronek# kill -9 419
bronek# ps wuax | grep -w cu
uucp     419  0.0  0.3  1044  760  v0  IE+   1:09PM   0:00.02 cu -hl /dev/cuaa0
uucp     420  0.0  0.0     0    0  v0  Z+    1:09PM   0:00.00  (cu)
bronek# killall -9 cu
killall: kill -KILL 420: No such process
bronek# killall -32 cu
Segmentation fault (core dumped)

>Fix:
*** killall.c   xxx
--- killall.c   Fri Jul 23 14:31:42 2004
***************
*** 200,206 ****
                                        sig = strtol(*av, &ep, 10);
                                        if (!*av || *ep)
                                                errx(1, "illegal signal number: %s", *av);
!                                       if (sig < 0 || sig > NSIG)
                                                nosig(*av);
                                } else
                                        nosig(*av);
--- 200,206 ----
                                        sig = strtol(*av, &ep, 10);
                                        if (!*av || *ep)
                                                errx(1, "illegal signal number: %s", *av);
!                                       if (sig < 0 || sig >= NSIG)
                                                nosig(*av);
                                } else
                                        nosig(*av);

>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200407291713.i6THDMth089747>