From owner-freebsd-bugs  Sun Jun  4 13:06:59 1995
Return-Path: bugs-owner
Received: (from majordom@localhost)
          by freefall.cdrom.com (8.6.10/8.6.6) id NAA00893
          for bugs-outgoing; Sun, 4 Jun 1995 13:06:59 -0700
Received: from rowe.williams.edu (rowe.williams.edu [137.165.4.20])
          by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id NAA00887
          for <bugs@freebsd.org>; Sun, 4 Jun 1995 13:06:55 -0700
From: Craig.P.Loomis@williams.edu
Received: from hancock (hancock.cc.williams.edu) by rowe.williams.edu with SMTP id AA21000
  (5.65c/IDA-1.4.4 for <bugs@freebsd.org>); Sun, 4 Jun 1995 16:06:53 -0400
Received: from  by hancock (4.1/client-1.3)
	id AB11381; Sun, 4 Jun 95 16:06:39 EDT
X-Sender: cloomis@popserver.williams.edu
Message-Id: <v01510101abf7bb453e53@[129.121.128.99]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Sun, 4 Jun 1995 14:10:14 -0600
To: bugs@FreeBSD.org
Subject: segmentation fault in inetd
Sender: bugs-owner@FreeBSD.org
Precedence: bulk


  This is for FreeBSD-current, as of June 1.

  The tcpmux-related code in inetd.c:main() has a bug: a for loop variable
(sep) is set to NULL by code within the loop. When the loop is continued
and sep->se_next is referenced, the program crashes. One possible fix
follows.
  Also, a line like:

tcpmux  stream  tcp     nowait  root    internal

  should perhaps be put in /etc/inetd.conf so that tcpmux services can be
started. The man page mentions tcpmux/servicename lines, but doesn't make
it clear that the tcpmux service itself must be listed.
  Lastly, the Send-pr line in /usr/share/info/dir should have a period
where the second colon is:

* Send-pr: (send-pr).
                    ^

  Thank you for a *fine* system.

 - craig loomis
   Unaffiliated and loving it.


*** inetd.c-dist        Sun Jun  4 13:08:29 1995
--- inetd.c     Sun Jun  4 13:07:58 1995
***************
*** 372,381 ****
                             */
                            if (sep->se_bi &&
                                sep->se_bi->bi_fn == (void (*)()) tcpmux) {
!                                   sep = tcpmux(ctrl);
!                                   if (sep == NULL) {
                                            close(ctrl);
                                            continue;
                                    }
                            }
                    } else
--- 372,386 ----
                             */
                            if (sep->se_bi &&
                                sep->se_bi->bi_fn == (void (*)()) tcpmux) {
!                                   struct servtab *tsep;
!
!                                   tsep = tcpmux(ctrl);
!                                   if (tsep == NULL) {
                                            close(ctrl);
                                            continue;
+                                   }
+                                   else {
+                                           sep = tsep;
                                    }
                            }
                    } else