Date: Sat, 15 Aug 2020 17:49:47 +0000 From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 248444] /usr/sbin/jail crashes when parsing certain configuration files Message-ID: <bug-248444-29815-LkIOMGmByr@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-248444-29815@https.bugs.freebsd.org/bugzilla/> References: <bug-248444-29815@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D248444 Akos Somfai <akos.somfai@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |akos.somfai@gmail.com --- Comment #1 from Akos Somfai <akos.somfai@gmail.com> --- Created attachment 217233 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D217233&action= =3Dedit proposed patch for jail The issue is seen every time when the defined variable ("$interface" in the= bug report) is the same as one of the built-in jail.conf parameters excluding t= he leading "$". The crash is a use-after-free as variable data is free-ed at a point but referenced later from intparams. Having a variable with the same name as a built-in one is problematic anywa= ys -- the fix eliminates the crash and treats such entries as pure variables as expected by the leading "$". This is also according to the jail.conf description that says that "variables are only used for substitution, while parameters are used both for substitution and for passing to the kernel." --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-248444-29815-LkIOMGmByr>