Date: Thu, 10 Oct 2002 01:05:33 +0300 From: Giorgos Keramidas <keramida@freebsd.org> To: Poul-Henning Kamp <phk@freebsd.org> Cc: audit@freebsd.org Subject: mdconfig core dump Message-ID: <20021009220532.GA21391@hades.hell.gr>
next in thread | raw e-mail | index | archive | help
Tonight, on a world compiled from last night's sources, mdconfig(8)
started dumping cores for me. The stack trace was:
#0 0x080491da in strsep ()
#1 0x08048961 in list (fd=3) at /usr/src/sbin/mdconfig/mdconfig.c:219
#2 0x080487cc in main (argc=2, argv=0xbfbffaf0) at
/usr/src/sbin/mdconfig/mdconfig.c:176
#3 0x08048139 in _start ()
Does the following look a reasonable change? It seems that strsep()
starts getting angry when fed a non-nul-terminated buffer.
%%%
Index: mdconfig.c
===================================================================
RCS file: /home/ncvs/src/sbin/mdconfig/mdconfig.c,v
retrieving revision 1.23
diff -u -r1.23 mdconfig.c
--- mdconfig.c 21 Aug 2002 15:15:15 -0000 1.23
+++ mdconfig.c 9 Oct 2002 22:01:19 -0000
@@ -211,8 +211,9 @@
if (sysctlbyname("kern.disks", NULL, &dll, NULL, 0) == -1)
err(1, "sysctlbyname: kern.disks");
- if ( (disklist = malloc(dll)) == NULL)
+ if ( (disklist = malloc(dll + 1)) == NULL)
err(1, "malloc");
+ bzero(disklist, dll + 1);
if (sysctlbyname("kern.disks", disklist, &dll, NULL, 0) == -1)
err(1, "sysctlbyname: kern.disks");
%%%
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021009220532.GA21391>