From owner-freebsd-audit Wed Oct 9 22: 6: 2 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 07B8B37B401; Wed, 9 Oct 2002 22:06:01 -0700 (PDT) Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.86.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3D6A343E65; Wed, 9 Oct 2002 22:06:00 -0700 (PDT) (envelope-from phk@critter.freebsd.dk) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.12.6/8.12.6) with ESMTP id g9A55mpS029425; Thu, 10 Oct 2002 07:05:48 +0200 (CEST) (envelope-from phk@critter.freebsd.dk) To: Giorgos Keramidas Cc: audit@freebsd.org Subject: Re: mdconfig core dump In-Reply-To: Your message of "Thu, 10 Oct 2002 01:05:33 +0300." <20021009220532.GA21391@hades.hell.gr> Date: Thu, 10 Oct 2002 07:05:47 +0200 Message-ID: <29424.1034226347@critter.freebsd.dk> From: Poul-Henning Kamp Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In message <20021009220532.GA21391@hades.hell.gr>, Giorgos Keramidas writes: >Tonight, on a world compiled from last night's sources, mdconfig(8) >started dumping cores for me. The stack trace was: > >#0 0x080491da in strsep () >#1 0x08048961 in list (fd=3) at /usr/src/sbin/mdconfig/mdconfig.c:219 >#2 0x080487cc in main (argc=2, argv=0xbfbffaf0) at > /usr/src/sbin/mdconfig/mdconfig.c:176 >#3 0x08048139 in _start () > >Does the following look a reasonable change? It seems that strsep() >starts getting angry when fed a non-nul-terminated buffer. Absolutely. Commit it. > >%%% >Index: mdconfig.c >=================================================================== >RCS file: /home/ncvs/src/sbin/mdconfig/mdconfig.c,v >retrieving revision 1.23 >diff -u -r1.23 mdconfig.c >--- mdconfig.c 21 Aug 2002 15:15:15 -0000 1.23 >+++ mdconfig.c 9 Oct 2002 22:01:19 -0000 >@@ -211,8 +211,9 @@ > > if (sysctlbyname("kern.disks", NULL, &dll, NULL, 0) == -1) > err(1, "sysctlbyname: kern.disks"); >- if ( (disklist = malloc(dll)) == NULL) >+ if ( (disklist = malloc(dll + 1)) == NULL) > err(1, "malloc"); >+ bzero(disklist, dll + 1); > if (sysctlbyname("kern.disks", disklist, &dll, NULL, 0) == -1) > err(1, "sysctlbyname: kern.disks"); > >%%% > -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message