From owner-freebsd-bugs  Fri Mar 10 23:40:10 2000
Delivered-To: freebsd-bugs@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP id 7386037B86E
	for <freebsd-bugs@FreeBSD.org>; Fri, 10 Mar 2000 23:40:04 -0800 (PST)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id XAA57372;
	Fri, 10 Mar 2000 23:40:04 -0800 (PST)
	(envelope-from gnats@FreeBSD.org)
Date: Fri, 10 Mar 2000 23:40:04 -0800 (PST)
Message-Id: <200003110740.XAA57372@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: Patrick Bihan-Faou <patrick@mindstep.com>
Subject: Re: kern/17311: bug in the code handling ioctl SIOCGIFCONF
Reply-To: Patrick Bihan-Faou <patrick@mindstep.com>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

The following reply was made to PR kern/17311; it has been noted by GNATS.

From: Patrick Bihan-Faou <patrick@mindstep.com>
To: freebsd-gnats-submit@FreeBSD.org,
	Patrick Bihan-Faou <patrick@mindstep.com>
Cc:  
Subject: Re: kern/17311: bug in the code handling ioctl SIOCGIFCONF
Date: Sat, 11 Mar 2000 02:39:35 -0500

 The following test code will provide better report on the version of the bug
 present in the system.
 
 
 #include <errno.h>
 #include <sys/types.h>
 #include <sys/param.h>
 #include <sys/time.h>
 #include <sys/ioctl.h>
 #include <sys/socket.h>
 #include <net/if.h>
 #include <netinet/in.h>
 #include <sys/sockio.h>
 
 #define VERBOSE_CHECK
 int check55(char *start,char *end,int mod)
 {
 	int	startoff=-1,endoff=0;
 	int	off=0,c=0;
 int ret = 0;
 
 #ifdef VERBOSE_CHECK
 	printf("%03d\t",off);
 #endif
 	for(;start<end;start++,off++)
 	{
 		if(*start != 0x55)
 		{
 			if(startoff<0)
 			{
 				startoff=off;
 			}
 			endoff=off;
 		}
 #ifdef VERBOSE_CHECK
 		if(++c>=33)
 		{
 			printf("\n%03d\t",off);
 			c=1;
 		}
 		printf("%02x ",*(unsigned char*)start);
 #endif
 	}
 	printf("\n");
 	if(startoff>=0)
 	{
 		printf("	** buffer changed from %d to %d => %d bytes modified
 **\n",startoff,endoff, endoff - startoff + 1);
 if (mod != (endoff-startoff+1))
     ret = 1;
 
  }
 
 return ret;
 }
 
 main()
 {
   struct ifconf ifc;
   char *x;
   struct ifreq *ifr;
   struct sockaddr_in *sin;
   int len,ret;
   int s;
   char buf[1024];
   int bug=0;
 
 #define END_TEST	300
 
   if ((s = socket(AF_INET,SOCK_STREAM,0)) == -1) return -1;
 
   for (len=1;len<=END_TEST;len++) {
     ifc.ifc_buf = buf;
     ifc.ifc_len = len;
 	memset(buf,0x55,sizeof(buf));
 	printf("\n");
 	printf("[Try with len=%d]\n",len);
     if ((ret=ioctl(s,SIOCGIFCONF,&ifc)) < 0)
 	{
 		printf(" => ioctl failed (returned %d, errno=%d)\n",ret,errno);
 	}
 	printf(" => ioctl succeeded, pretends it wrote %d bytes\n",ifc.ifc_len);
 
 if ((ifc.ifc_len > len) && bug < 1)
 {
  bug = 1;
 }
  printf("\n");
 if(check55(buf,buf+sizeof(buf),ifc.ifc_len) && bug > 0)
 {
  bug = 2;
 }
  printf("\n");
   }
 
 switch (bug)
 {
     case 0:
         printf("\n\n*** Implementation OK (FIXED) *** \n\n");
         break;
     case 1:
         printf("\n\n*** Implementation returns incorrect ifc.ifc_len, but
 buffer OK (HEAD) ***\n\n");
         break;
     case 2:
         printf("\n\n*** Implementation corrupts buffer (RELENG_3) ***\n\n");
         break;
     default:
         printf("\n\n*** Huh ??? %d ***", bug);
         break;
 }
   return bug;
 }
 
 
 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message