From owner-freebsd-bugs@FreeBSD.ORG Mon Sep 1 22:20:17 2003 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B825416A4C2 for ; Mon, 1 Sep 2003 22:20:17 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id A82174401A for ; Mon, 1 Sep 2003 22:20:15 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h825KFUp066486 for ; Mon, 1 Sep 2003 22:20:15 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h825KFn6066484; Mon, 1 Sep 2003 22:20:15 -0700 (PDT) Resent-Date: Mon, 1 Sep 2003 22:20:15 -0700 (PDT) Resent-Message-Id: <200309020520.h825KFn6066484@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, "Kang Liu" Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A0A4C16A4BF for ; Mon, 1 Sep 2003 22:14:39 -0700 (PDT) Received: from bjpu.edu.cn (egw.bjpu.edu.cn [202.112.78.77]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8636743FFD for ; Mon, 1 Sep 2003 22:14:37 -0700 (PDT) (envelope-from liukang@bjpu.edu.cn) Received: (eyou gateway send program); Tue, 02 Sep 2003 13:15:46 +0800 Received: from unknown (HELO lkatschool) (unknown@202.112.78.224) by 202.112.78.77 with ; Tue, 02 Sep 2003 13:15:46 +0800 Message-Id: <000001c37110$b7e92070$e04e70ca@lkatschool> Date: Tue, 2 Sep 2003 13:11:50 +0800 From: "Kang Liu" To: cc: ipfw@FreeBSD.org Subject: bin/56298: [patch]run ipfw2 with incomplete options will make a coredump X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Sep 2003 05:20:17 -0000 >Number: 56298 >Category: bin >Synopsis: [patch]run ipfw2 with incomplete options will make a coredump >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Sep 01 22:20:15 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Kang Liu >Release: FreeBSD 4.9-PRERELEASE i386 >Organization: Beijing University of Technology >Environment: System: FreeBSD cnproxy.bjpu.edu.cn 4.9-PRERELEASE FreeBSD 4.9-PRERELEASE #33: Sun Aug 31 15:58:08 CST 2003 root@cnproxy.bjpu.edu.cn:/usr/obj/usr/src/sys/CNPROXY i386 >Description: run ipfw2 enable/disable with incomplete options will make a coredump with signal 10. this problem can be reproduced on the latest 5.1current, I do not have a 4.8 running ipfw2, but I think -stable with ipfw2 may have the same problem. The src has been freezed for 4.9, but this problem is so serious, Can anyone test and commit it? >How-To-Repeat: on a latest 5.1 machine,run: # ipfw disable (or ipfw enable) Bus error (core dumped) a ipfw.core would be produced In /var/log/message: date time hosename kernel: pid num (ipfw), uid 0: exited on signal 10 (core dumped) >Fix: I think a better way is to check "ac" instead of check "av". --- ipfw2.c.orig Tue Sep 2 12:54:28 2003 +++ ipfw2.c Tue Sep 2 12:54:54 2003 @@ -1643,7 +1643,7 @@ ac--; av++; - if (*av == NULL) { + if (ac == 0) { warnx("missing keyword to enable/disable\n"); } else if (strncmp(*av, "firewall", strlen(*av)) == 0) { sysctlbyname("net.inet.ip.fw.enable", NULL, 0, >Release-Note: >Audit-Trail: >Unformatted: