From owner-freebsd-security@freebsd.org Wed Sep 30 20:03:33 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C70C0A0C9B2 for ; Wed, 30 Sep 2015 20:03:33 +0000 (UTC) (envelope-from prvs=071588ecfe=rblayzor.bulk@inoc.net) Received: from mta3.alb.inoc.net (mta3.alb.inoc.net [IPv6:2607:f058:110:2::1:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8C4C311BF for ; Wed, 30 Sep 2015 20:03:33 +0000 (UTC) (envelope-from prvs=071588ecfe=rblayzor.bulk@inoc.net) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=inoc.net; s=201501; h=To:References:Message-Id:Content-Transfer-Encoding:Cc:Date: In-Reply-To:From:Subject:Mime-Version:Content-Type; bh=5cHNUv7oeqRJ7c7tG+LAVROMBiv5Y4mmXJU8imFifyo=; b=ptqkmXau5d0i5i7pPYKqHHwA5H ryzI15n3kuo/BYez35VG6vHuyqeE3C88MQHtHD6Uwv8ipMwyoHSkQ+C+KvhcYppuRY7ttVzGvPCeL B5Pp31x5GKftXAtNyha+nVy9vvxVBNt0rDMVrj2jSOZJRsZO86xmQfpYu3GbOwAOmHIlu8O9+nEtA ghFpFFDBSeOXXVO1yd+13dKqhmDxtnwr5mRUBBONip1IQvEMeNkZoNsa4q25OPk03y8KGFkyjCLyz 7Nz+bQvXkQq6FYQKGoHOa6vzs1pOOonuKjPHdcNODyRjDJTLROXzNrn/8YVopz3/p5d7jaSqqs3nF wQMaMksw==; Received: from [64.246.135.7] (helo=void.ops.inoc.net) by mail.inoc.net with ESMTPA (Exim 4.86) (envelope-from ) id 1ZhNb9-000L0B-QD by authid ; Wed, 30 Sep 2015 20:03:31 +0000 Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\)) Subject: Re: FreeBSD Security Advisory FreeBSD-SA-15:24.rpcbind From: Robert Blayzor In-Reply-To: <560C3DF2.5070608@delphij.net> Date: Wed, 30 Sep 2015 16:03:28 -0400 Cc: freebsd-security@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <20BCBD1F-D22E-4878-AB6C-CBE9F7FD4BF2@inoc.net> References: <20150929183942.569F311FD@freefall.freebsd.org> <560C33B7.70100@delphij.net> <560C39B3.1020806@delphij.net> <560C3DF2.5070608@delphij.net> To: d@delphij.net X-Mailer: Apple Mail (2.2104) X-Auth-Info: cmJsYXl6b3JAaW5vYy5uZXQ= X-Virus-Scanned: ClamAV 0.98.7/20949/Wed Sep 30 14:30:18 2015 X-Anti-Abuse: Please report to abuse@inoc.net X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Sep 2015 20:03:33 -0000 On Sep 30, 2015, at 3:54 PM, Xin Li wrote: >=20 > Can you make this change and see if it helps? >=20 > Index: rpcb_svc_com.c > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > --- rpcb_svc_com.c (revision 288421) > +++ rpcb_svc_com.c (working copy) > @@ -1052,7 +1052,7 @@ static bool_t > netbuf_copybuf(struct netbuf *dst, const struct netbuf *src) > { >=20 > - assert(dst->buf =3D=3D NULL); > + assert(dst->len =3D=3D 0 || dst->buf =3D=3D NULL); =85 Same result: Assertion failed: (dst->len =3D=3D 0 || dst->buf =3D=3D NULL), function = netbuf_copybuf, file rpcb_svc_com.c, line 1056. #0 0x0000000800d0164a in thr_kill () from /lib/libc.so.7 (gdb) bt #0 0x0000000800d0164a in thr_kill () from /lib/libc.so.7 #1 0x0000000800d01636 in raise () from /lib/libc.so.7 #2 0x0000000800d015b9 in abort () from /lib/libc.so.7 #3 0x0000000800d67f31 in __assert () from /lib/libc.so.7 #4 0x00000000004073aa in ?? () #5 0x0000000000404075 in ?? () #6 0x000000000040303f in ?? () #7 0x000000080062a000 in ?? () #8 0x0000000000000000 in ?? () -- Robert inoc.net!rblayzor Jabber: rblayzor.AT.inoc.net PGP Key: 78BEDCE1 @ pgp.mit.edu