From owner-freebsd-bugs@FreeBSD.ORG Wed Apr 10 18:40:00 2013 Return-Path: Delivered-To: freebsd-bugs@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id ACB1E1A6 for ; Wed, 10 Apr 2013 18:40:00 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 7997D13C for ; Wed, 10 Apr 2013 18:40:00 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.6/8.14.6) with ESMTP id r3AIe0NA095085 for ; Wed, 10 Apr 2013 18:40:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.6/8.14.6/Submit) id r3AIe0cc095084; Wed, 10 Apr 2013 18:40:00 GMT (envelope-from gnats) Resent-Date: Wed, 10 Apr 2013 18:40:00 GMT Resent-Message-Id: <201304101840.r3AIe0cc095084@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Sean Bruno Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 8100B146 for ; Wed, 10 Apr 2013 18:33:20 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22]) by mx1.freebsd.org (Postfix) with ESMTP id 726DA101 for ; Wed, 10 Apr 2013 18:33:20 +0000 (UTC) Received: from red.freebsd.org (localhost [127.0.0.1]) by red.freebsd.org (8.14.5/8.14.5) with ESMTP id r3AIXK0n053109 for ; Wed, 10 Apr 2013 18:33:20 GMT (envelope-from nobody@red.freebsd.org) Received: (from nobody@localhost) by red.freebsd.org (8.14.5/8.14.5/Submit) id r3AIXKBo053108; Wed, 10 Apr 2013 18:33:20 GMT (envelope-from nobody) Message-Id: <201304101833.r3AIXKBo053108@red.freebsd.org> Date: Wed, 10 Apr 2013 18:33:20 GMT From: Sean Bruno To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Subject: misc/177761: net-mgmt/net-snmp fails on certain kvm_read() calls via auto_nlist() X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Apr 2013 18:40:00 -0000 >Number: 177761 >Category: misc >Synopsis: net-mgmt/net-snmp fails on certain kvm_read() calls via auto_nlist() >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Apr 10 18:40:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Sean Bruno >Release: 10-current >Organization: FreeBSD Project >Environment: FreeBSD powernoodle 10.0-CURRENT FreeBSD 10.0-CURRENT #1 r248817M: Thu Mar 28 00:59:30 PDT 2013 sbruno@powernoodle:/usr/obj/usr/src/sys/POWERNOODLE amd64 >Description: a recent change to 9/stable and 10/current causes the following code snippet to fail .. snip ... static struct vmmeter sum; .. auto_nlist("cnt", (char *)&sum, sizeof sum); >How-To-Repeat: Generate a small agent library that returns the contents a kvm_read() of "cnt" in kernel space. Example code is a bit tricky, but can be supplied on request. >Fix: More or less, the memory was not zeroed in auto_nlist.c ... this indirectly casues the kvm_read() to get very bogus values and fail. zero the memory out via calloc() or the attached patch to bzero it. The diff is for 5.7.1 but is valid in my testing of 5.7.2 Patch attached with submission follows: --- //depot/yahoo/ybsd_common/usr.local/net-snmp-5.7.1/agent/auto_nlist.c 2012-09-06 19:09:48.000000000 0000 +++ /home/seanbru/net-snmp-5.7.1/agent/auto_nlist.c 2012-09-06 19:09:48.000000000 0000 @@ -53,6 +53,7 @@ } if (*ptr == 0) { *ptr = (struct autonlist *) malloc(sizeof(struct autonlist)); + bzero(*ptr, sizeof(struct autonlist)); it = *ptr; it->left = 0; it->right = 0; >Release-Note: >Audit-Trail: >Unformatted: