Date: Thu, 10 Oct 2002 07:05:47 +0200 From: Poul-Henning Kamp <phk@critter.freebsd.dk> To: Giorgos Keramidas <keramida@freebsd.org> Cc: audit@freebsd.org Subject: Re: mdconfig core dump Message-ID: <29424.1034226347@critter.freebsd.dk> In-Reply-To: Your message of "Thu, 10 Oct 2002 01:05:33 %2B0300." <20021009220532.GA21391@hades.hell.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20021009220532.GA21391@hades.hell.gr>, Giorgos Keramidas writes: >Tonight, on a world compiled from last night's sources, mdconfig(8) >started dumping cores for me. The stack trace was: > >#0 0x080491da in strsep () >#1 0x08048961 in list (fd=3) at /usr/src/sbin/mdconfig/mdconfig.c:219 >#2 0x080487cc in main (argc=2, argv=0xbfbffaf0) at > /usr/src/sbin/mdconfig/mdconfig.c:176 >#3 0x08048139 in _start () > >Does the following look a reasonable change? It seems that strsep() >starts getting angry when fed a non-nul-terminated buffer. Absolutely. Commit it. > >%%% >Index: mdconfig.c >=================================================================== >RCS file: /home/ncvs/src/sbin/mdconfig/mdconfig.c,v >retrieving revision 1.23 >diff -u -r1.23 mdconfig.c >--- mdconfig.c 21 Aug 2002 15:15:15 -0000 1.23 >+++ mdconfig.c 9 Oct 2002 22:01:19 -0000 >@@ -211,8 +211,9 @@ > > if (sysctlbyname("kern.disks", NULL, &dll, NULL, 0) == -1) > err(1, "sysctlbyname: kern.disks"); >- if ( (disklist = malloc(dll)) == NULL) >+ if ( (disklist = malloc(dll + 1)) == NULL) > err(1, "malloc"); >+ bzero(disklist, dll + 1); > if (sysctlbyname("kern.disks", disklist, &dll, NULL, 0) == -1) > err(1, "sysctlbyname: kern.disks"); > >%%% > -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?29424.1034226347>