Date: Tue, 2 Sep 2003 13:11:50 +0800 From: "Kang Liu" <liukang@bjpu.edu.cn> To: <FreeBSD-gnats-submit@freebsd.org> Cc: ipfw@freebsd.org Subject: [patch]run ipfw2 with incomplete options will make a coredump Message-ID: <000001c37110$b7e92070$e04e70ca@lkatschool>
next in thread | raw e-mail | index | archive | help
>Submitter-Id: current-users >Originator: Kang Liu >Organization: Beijing University of Technology >Confidential: no >Synopsis: [patch]run ipfw2 with incomplete options will make a coredump >Severity: critical >Priority: high >Category: bin >Class: sw-bug >Release: FreeBSD 4.9-PRERELEASE i386 >Environment: System: FreeBSD cnproxy.bjpu.edu.cn 4.9-PRERELEASE FreeBSD 4.9-PRERELEASE #33: Sun Aug 31 15:58:08 CST 2003 root@cnproxy.bjpu.edu.cn:/usr/obj/usr/src/sys/CNPROXY i386 >Description: run ipfw2 enable/disable with incomplete options will make a coredump with signal 10. this problem can be reproduced on the latest 5.1current, I do not have a 4.8 running ipfw2, but I think -stable with ipfw2 may have the same problem. The src has been freezed for 4.9, but this problem is so serious, Can anyone test and commit it? >How-To-Repeat: on a latest 5.1 machine,run: # ipfw disable (or ipfw enable) Bus error (core dumped) a ipfw.core would be produced In /var/log/message: date time hosename kernel: pid num (ipfw), uid 0: exited on signal 10 (core dumped) >Fix: I think a better way is to check "ac" instead of check "av". --- ipfw2.c.orig Tue Sep 2 12:54:28 2003 +++ ipfw2.c Tue Sep 2 12:54:54 2003 @@ -1643,7 +1643,7 @@ ac--; av++; - if (*av == NULL) { + if (ac == 0) { warnx("missing keyword to enable/disable\n"); } else if (strncmp(*av, "firewall", strlen(*av)) == 0) { sysctlbyname("net.inet.ip.fw.enable", NULL, 0,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000001c37110$b7e92070$e04e70ca>