Date: Fri, 10 Mar 2000 23:40:04 -0800 (PST) From: Patrick Bihan-Faou <patrick@mindstep.com> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/17311: bug in the code handling ioctl SIOCGIFCONF Message-ID: <200003110740.XAA57372@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/17311; it has been noted by GNATS.
From: Patrick Bihan-Faou <patrick@mindstep.com>
To: freebsd-gnats-submit@FreeBSD.org,
Patrick Bihan-Faou <patrick@mindstep.com>
Cc:
Subject: Re: kern/17311: bug in the code handling ioctl SIOCGIFCONF
Date: Sat, 11 Mar 2000 02:39:35 -0500
The following test code will provide better report on the version of the bug
present in the system.
#include <errno.h>
#include <sys/types.h>
#include <sys/param.h>
#include <sys/time.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
#include <net/if.h>
#include <netinet/in.h>
#include <sys/sockio.h>
#define VERBOSE_CHECK
int check55(char *start,char *end,int mod)
{
int startoff=-1,endoff=0;
int off=0,c=0;
int ret = 0;
#ifdef VERBOSE_CHECK
printf("%03d\t",off);
#endif
for(;start<end;start++,off++)
{
if(*start != 0x55)
{
if(startoff<0)
{
startoff=off;
}
endoff=off;
}
#ifdef VERBOSE_CHECK
if(++c>=33)
{
printf("\n%03d\t",off);
c=1;
}
printf("%02x ",*(unsigned char*)start);
#endif
}
printf("\n");
if(startoff>=0)
{
printf(" ** buffer changed from %d to %d => %d bytes modified
**\n",startoff,endoff, endoff - startoff + 1);
if (mod != (endoff-startoff+1))
ret = 1;
}
return ret;
}
main()
{
struct ifconf ifc;
char *x;
struct ifreq *ifr;
struct sockaddr_in *sin;
int len,ret;
int s;
char buf[1024];
int bug=0;
#define END_TEST 300
if ((s = socket(AF_INET,SOCK_STREAM,0)) == -1) return -1;
for (len=1;len<=END_TEST;len++) {
ifc.ifc_buf = buf;
ifc.ifc_len = len;
memset(buf,0x55,sizeof(buf));
printf("\n");
printf("[Try with len=%d]\n",len);
if ((ret=ioctl(s,SIOCGIFCONF,&ifc)) < 0)
{
printf(" => ioctl failed (returned %d, errno=%d)\n",ret,errno);
}
printf(" => ioctl succeeded, pretends it wrote %d bytes\n",ifc.ifc_len);
if ((ifc.ifc_len > len) && bug < 1)
{
bug = 1;
}
printf("\n");
if(check55(buf,buf+sizeof(buf),ifc.ifc_len) && bug > 0)
{
bug = 2;
}
printf("\n");
}
switch (bug)
{
case 0:
printf("\n\n*** Implementation OK (FIXED) *** \n\n");
break;
case 1:
printf("\n\n*** Implementation returns incorrect ifc.ifc_len, but
buffer OK (HEAD) ***\n\n");
break;
case 2:
printf("\n\n*** Implementation corrupts buffer (RELENG_3) ***\n\n");
break;
default:
printf("\n\n*** Huh ??? %d ***", bug);
break;
}
return bug;
}
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200003110740.XAA57372>