From owner-freebsd-bugs  Fri Jun 30  8:40:12 2000
Delivered-To: freebsd-bugs@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP id A5D0637C072
	for <freebsd-bugs@FreeBSD.org>; Fri, 30 Jun 2000 08:40:01 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id IAA89210;
	Fri, 30 Jun 2000 08:40:01 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: from demond.dyn.dhs.org (HSE-Toronto-ppp116949.sympatico.ca [216.209.82.6])
	by hub.freebsd.org (Postfix) with ESMTP id 2879D37BB7B
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 30 Jun 2000 08:39:06 -0700 (PDT)
	(envelope-from demond@demond.dyn.dhs.org)
Received: (from demond@localhost)
	by demond.dyn.dhs.org (8.9.3/8.9.3) id LAA15329;
	Fri, 30 Jun 2000 11:40:43 -0400 (EDT)
	(envelope-from demond)
Message-Id: <200006301540.LAA15329@demond.dyn.dhs.org>
Date: Fri, 30 Jun 2000 11:40:43 -0400 (EDT)
From: demond@demond.dyn.dhs.org
Reply-To: demond@demond.dyn.dhs.org
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.2
Subject: kern/19605: FreeBSD 4.0-RELEASE panics on incorrect use of ioctl()
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         19605
>Category:       kern
>Synopsis:       FreeBSD 4.0-RELEASE panics on incorrect use of ioctl()
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jun 30 08:40:01 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     Lubomir Radev <demond@gmx.net>
>Release:        FreeBSD 4.0-RELEASE i386
>Organization:
>Environment:

	FreeBSD 4.0-RELEASE i386

>Description:

	I tested this on several 4.0-RELEASE boxes (as unprivileged user):

	#include <sys/types.h>
        #include <sys/ioctl.h>
        #include <sys/socket.h>
        #include <net/if.h>
        main() {
          struct ifconf ifc;
          int sd = socket(PF_INET, SOCK_DGRAM, 0);
          ioctl(sd, SIOCGIFCONF, (char *)&ifc);
        }

	The result: kernel panic & reboot.
	
	Other FreeBSD versions don't seem to be affected.

>How-To-Repeat:

	See above.

>Fix:

	Wish I had time to investigate... The problem is obviously 
	caused by incorrect ioctl() use (not supplying proper buffer
	in ifconf struct). 

>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message