From owner-freebsd-bugs  Sat Nov 29 02:00:03 1997
Return-Path: <owner-freebsd-bugs>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id CAA21471
          for bugs-outgoing; Sat, 29 Nov 1997 02:00:03 -0800 (PST)
          (envelope-from owner-freebsd-bugs)
Received: (from gnats@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id CAA21451;
          Sat, 29 Nov 1997 02:00:01 -0800 (PST)
          (envelope-from gnats)
Resent-Date: Sat, 29 Nov 1997 02:00:01 -0800 (PST)
Resent-Message-Id: <199711291000.CAA21451@hub.freebsd.org>
Resent-From: gnats (GNATS Management)
Resent-To: freebsd-bugs
Resent-Reply-To: FreeBSD-gnats@FreeBSD.ORG, dada@sbox.tu-graz.ac.at
Received: from fcggsg07.icg.tu-graz.ac.at (fcggsg07.icg.tu-graz.ac.at [129.27.201.16])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id BAA21158
          for <FreeBSD-gnats-submit@freebsd.org>; Sat, 29 Nov 1997 01:55:13 -0800 (PST)
          (envelope-from dada@lend.tu-graz.ac.at)
Received: from lend.tu-graz.ac.at (isdn097.tu-graz.ac.at [129.27.240.97])
          by fcggsg07.icg.tu-graz.ac.at (8.8.4/8.8.4) with ESMTP
	  id KAA16983 for <FreeBSD-gnats-submit@freebsd.org>; Sat, 29 Nov 1997 10:55:01 +0100 (MET)
Received: (from dada@localhost)
	by lend.tu-graz.ac.at (8.8.5/8.8.5) id VAA01783;
	Fri, 28 Nov 1997 21:45:58 +0100 (CET)
Message-Id: <199711282045.VAA01783@lend.tu-graz.ac.at>
Date: Fri, 28 Nov 1997 21:45:58 +0100 (CET)
From: Martin Kammerhofer <dada@sbox.tu-graz.ac.at>
Reply-To: dada@sbox.tu-graz.ac.at
To: FreeBSD-gnats-submit@FreeBSD.ORG
X-Send-Pr-Version: 3.2
Subject: i386/5174: kbdcontrol(1) can easily crash system
Sender: owner-freebsd-bugs@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk


>Number:         5174
>Category:       i386
>Synopsis:       kbdcontrol(1) can easily crash system
>Confidential:   yes
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Nov 29 02:00:00 PST 1997
>Last-Modified:
>Originator:     Martin Kammerhofer
>Organization:
Graz University of Technology
>Release:        FreeBSD 2.2-STABLE i386
>Environment:

syscons driver configured in kernel (as usual)

>Description:

Setting history buffer size to an unusual large number reboots the system.

Impact: Anyone with access to a /dev/ttyv? can crash the system. Fortunately
	this (usually) requires physical access to the console where you could
	press the big red button as well...

>How-To-Repeat:

kbdcontrol -h 300000 </dev/ttyv0

>Fix:
	
Add parameter checking to /usr/sbin/kbdcontrol.
>Audit-Trail:
>Unformatted: