Date: Sat, 11 Mar 2000 03:17:05 -0500 From: Patrick Bihan-Faou <patrick@mindstep.com> To: gnats-admin@FreeBSD.org, freebsd-bugs@FreeBSD.org Subject: Re: kern/17311: bug in the code handling ioctl SIOCGIFCONF Message-ID: <02a701bf8b32$3020e0f0$040aa8c0@local.mindstep.com> References: <200003110720.XAA56125@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Oops,
Here is the correct test code...
#include <errno.h>
#include <sys/types.h>
#include <sys/param.h>
#include <sys/time.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
#include <net/if.h>
#include <netinet/in.h>
#include <sys/sockio.h>
#define VERBOSE_CHECK_
int check55(char *start,char *end)
{
int startoff=-1,endoff=0;
int off=0,c=0;
int ret = 0;
#ifdef VERY_VERBOSE_CHECK
printf("%03d\t",off);
#endif
for(;start<end;start++,off++)
{
if(*start != 0x55)
{
if(startoff<0)
{
startoff=off;
}
endoff=off;
}
#ifdef VERY_VERBOSE_CHECK
if(++c>=33)
{
printf("\n%03d\t",off);
c=1;
}
printf("%02x ",*(unsigned char*)start);
#endif
}
if(startoff>=0)
{
#ifdef VERBOSE_CHECK
printf(" ** buffer changed from %d to %d => %d bytes modified
**\n",startoff,endoff, endoff - startoff + 1);
#endif
ret = endoff-startoff+1;
}
return ret;
}
main()
{
struct ifconf ifc;
char *x;
struct ifreq *ifr;
struct sockaddr_in *sin;
int len,ret;
int s;
char buf[1024];
int bug=0;
int mod=0;
#define END_TEST 300
if ((s = socket(AF_INET,SOCK_STREAM,0)) == -1) return -1;
for (len=1;len<=END_TEST;len++) {
ifc.ifc_buf = buf;
ifc.ifc_len = len;
memset(buf,0x55,sizeof(buf));
#ifdef VERBOSE_CHECK
printf("\n[Try with len=%d]\n",len);
#else
printf("try %4d\t", len);
#endif
if ((ret=ioctl(s,SIOCGIFCONF,&ifc)) < 0)
{
printf("\n\n => ioctl failed (returned %d, errno=%d)\n",ret,errno);
}
#ifdef VERBOSE_CHECK
printf(" => ioctl succeeded, pretends it wrote %d bytes\n",ifc.ifc_len);
#else
printf("pretends %4d\t\t", ifc.ifc_len);
#endif
mod = check55(buf,buf+sizeof(buf));
printf("modified %4d\t", mod);
if (bug < 2 && mod < ifc.ifc_len)
{
bug = 2;
}
else if (bug < 1 && ifc.ifc_len > len)
{
bug = 1;
}
printf("bug %4d\n", bug);
}
switch (bug)
{
case 0:
printf("\n\n*** Implementation OK (FIXED)*** \n\n");
break;
case 1:
printf("\n\n*** Implementation corrupts buffer (RELENG_3)***\n\n");
break;
case 2:
printf("\n\n*** Implementation returns incorrect ifc.ifc_len, but
buffer OK (HEAD)***\n\n");
break;
default:
printf("\n\n*** Huh ??? %d ***", bug);
break;
}
return bug;
}
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?02a701bf8b32$3020e0f0$040aa8c0>