Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 23 Jul 1999 12:28:41 -0700 (PDT)
From:      bright@rush.net
To:        freebsd-gnats-submit@freebsd.org
Subject:   kern/12780: tun code panics when 0 bytes written (PATCH included)
Message-ID:  <19990723192841.D25E31539D@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         12780
>Category:       kern
>Synopsis:       tun code panics when 0 bytes written (PATCH included)
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jul 23 12:30:01 PDT 1999
>Closed-Date:
>Last-Modified:
>Originator:     Alfred Perlstein
>Release:        current and stable
>Organization:
Win Telecom
>Environment:
FreeBSD thumper.reserved 4.0-CURRENT FreeBSD 4.0-CURRENT #0: Tue Jul  6 13:28:37 PDT 1999     bright@thumper.reserved:/usr/src/sys/compile/thumper  i386

>Description:
When 0 bytes are written to the tun device it panics when dereferencing a NULL pointer

this can happen in -stable (3.x) and -current (4.0)

My only concern is that possibly a routine higher up should have detected this (a write of 0 length) before it gets to tunwrite().

>How-To-Repeat:
Write 0 bytes to the tun device.
>Fix:
patch:

begin 644 tun.diff
M8W9S(&1I9F8Z($1I9F9I;F<@+@I);F1E>#H@:69?='5N+F,*/3T]/3T]/3T]
M/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]
M/3T]/3T]/3T]/3T]/0I20U,@9FEL93H@+VAO;64O;F-V<R]S<F,O<WES+VYE
M="]I9E]T=6XN8RQV"G)E=')I979I;F<@<F5V:7-I;VX@,2XU,0ID:69F("UU
M("UR,2XU,2!I9E]T=6XN8PHM+2T@:69?='5N+F,),3DY.2\P,2\Q-R`R,#HU
M,SHT-PDQ+C4Q"BLK*R!I9E]T=6XN8PDQ.3DY+S`W+S(S(#(P.C0R.C,T"D!`
M("TU,C$L-R`K-3(Q+#<@0$`*(`H@"5153D1%0E5'*"(E<R5D.B!T=6YW<FET
M95QN(BP@:69P+3YI9E]N86UE+"!I9G`M/FEF7W5N:70I.PH@"BT):68@*'5I
M;RT^=6EO7W)E<VED(#P@,"!\?"!U:6\M/G5I;U]R97-I9"`^(%153DU252D@
M>PHK"6EF("AU:6\M/G5I;U]R97-I9"`\/2`P('Q\('5I;RT^=6EO7W)E<VED
M(#X@5%5.35)5*2!["B`)"5153D1%0E5'*"(E<R5D.B!L96X])60A7&XB+"!I
M9G`M/FEF7VYA;64L(&EF<"T^:69?=6YI="P*(`D)("`@('5I;RT^=6EO7W)E
5<VED*3L*(`D)<F5T=7)N($5)3SL*
`
end


>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990723192841.D25E31539D>