From owner-freebsd-audit Wed Oct 9 15: 6:56 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F3E4C37B401 for ; Wed, 9 Oct 2002 15:06:54 -0700 (PDT) Received: from nic.upatras.gr (nic.upatras.gr [150.140.129.30]) by mx1.FreeBSD.org (Postfix) with SMTP id 3CE1043E6A for ; Wed, 9 Oct 2002 15:06:53 -0700 (PDT) (envelope-from keramida@freebsd.org) Received: (qmail 10959 invoked from network); 9 Oct 2002 21:59:54 -0000 Received: from upnet-dialinpool-45.upnet.gr (HELO hades.hell.gr) (@150.140.128.209) by nic.upatras.gr with SMTP; 9 Oct 2002 21:59:54 -0000 Received: from hades.hell.gr (hades [127.0.0.1]) by hades.hell.gr (8.12.6/8.12.6) with ESMTP id g99M5XjP021490; Thu, 10 Oct 2002 01:05:33 +0300 (EEST) (envelope-from keramida@freebsd.org) Received: (from keramida@localhost) by hades.hell.gr (8.12.6/8.12.6/Submit) id g99M5Xdl021489; Thu, 10 Oct 2002 01:05:33 +0300 (EEST) (envelope-from keramida@freebsd.org) Date: Thu, 10 Oct 2002 01:05:33 +0300 From: Giorgos Keramidas To: Poul-Henning Kamp Cc: audit@freebsd.org Subject: mdconfig core dump Message-ID: <20021009220532.GA21391@hades.hell.gr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Tonight, on a world compiled from last night's sources, mdconfig(8) started dumping cores for me. The stack trace was: #0 0x080491da in strsep () #1 0x08048961 in list (fd=3) at /usr/src/sbin/mdconfig/mdconfig.c:219 #2 0x080487cc in main (argc=2, argv=0xbfbffaf0) at /usr/src/sbin/mdconfig/mdconfig.c:176 #3 0x08048139 in _start () Does the following look a reasonable change? It seems that strsep() starts getting angry when fed a non-nul-terminated buffer. %%% Index: mdconfig.c =================================================================== RCS file: /home/ncvs/src/sbin/mdconfig/mdconfig.c,v retrieving revision 1.23 diff -u -r1.23 mdconfig.c --- mdconfig.c 21 Aug 2002 15:15:15 -0000 1.23 +++ mdconfig.c 9 Oct 2002 22:01:19 -0000 @@ -211,8 +211,9 @@ if (sysctlbyname("kern.disks", NULL, &dll, NULL, 0) == -1) err(1, "sysctlbyname: kern.disks"); - if ( (disklist = malloc(dll)) == NULL) + if ( (disklist = malloc(dll + 1)) == NULL) err(1, "malloc"); + bzero(disklist, dll + 1); if (sysctlbyname("kern.disks", disklist, &dll, NULL, 0) == -1) err(1, "sysctlbyname: kern.disks"); %%% To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message