Date: Wed, 24 Oct 2018 16:44:59 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 232642] sbin/ipfw show: segfault on parsing setdscp rules Message-ID: <bug-232642-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D232642 Bug ID: 232642 Summary: sbin/ipfw show: segfault on parsing setdscp rules Product: Base System Version: 11.0-STABLE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: bin Assignee: bugs@FreeBSD.org Reporter: sergey@akhmatov.ru Flags: maintainer-feedback? Created attachment 198583 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D198583&action= =3Dedit sbin/ipfw/ipfw2.c - fix ipfw show for rules with setdscp action ipfw show fails to show rules with "setdscp" action for DSCP code values without matching well-known class name. Steps to reproduce: # ipfw add 1000 setdscp 10 ip from any to any 01000 setdscp af11 ip from any to any # ipfw add 1001 setdscp 11 ip from any to any segmentation fault # ipfw show 1000 01000 0 0 setdscp af11 ip from any to any # ipfw show 1001 segmentation fault The bug was introduced in r331668. 11.2-RELEASE and 12.0-BETA1 are affected. Problem code in sbin/ipfw/ipfw2.c as follows: --- case O_SETDSCP: if (cmd->arg1 =3D=3D IP_FW_TARG) { bprintf(bp, "setdscp tablearg"); break; } s =3D match_value(f_ipdscp, cmd->arg1 & 0x3F); if (s !=3D NULL) bprintf(bp, "setdscp %s", s); else bprintf(bp, "setdscp %s", cmd->arg1 & 0x3F); --- cmd->arg1 is int, but is passed to "%s" format specifier. Changing it to "%= d" fixes things for me. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-232642-227>