Date: Mon, 23 Jun 2008 19:00:12 GMT From: Jaakko Heinonen <jh@saunalahti.fi> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/124724: netstat coredump on -stable Message-ID: <200806231900.m5NJ0Cqi048427@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/124724; it has been noted by GNATS. From: Jaakko Heinonen <jh@saunalahti.fi> To: Garrett Cooper <yanefbsd@gmail.com> Cc: bug-followup@FreeBSD.org, heliar@at.nsu.ru Subject: Re: bin/124724: netstat coredump on -stable Date: Mon, 23 Jun 2008 21:58:56 +0300 Hi, On 2008-06-19, Garrett Cooper wrote: > > Same thing occurs on -CURRENT (backtrace): > > > > (gdb) bt > > #0 0x280960ff in kvm_nlist () from /lib/libkvm.so.4 > > #1 0x2809b25e in memstat_kvm_malloc () from /usr/lib/libmemstat.so.2 > > #2 0x2809a0fa in memstat_kvm_all () from /usr/lib/libmemstat.so.2 > > #3 0x08050aa8 in mbpr (kvmd=0x0, mbaddr=0) at mbuf.c:103 > > #4 0x080500eb in main (argc=1, argv=0xbfbfec40) at main.c:510 > > After doing some reading it appears that netstat is passing in an > invalid value to memstat_kvm_all, which subsequently calls > memstat_kvm_malloc for mbuf.c (kvmd = NULL). Calling malloc with NULL > for a pointer address of course is invalid coding. This happens when memf == NULL and nlistf != NULL (main.c). This situation (where memf == NULL and nlistf != NULL) doesn't make sense because kvm_openfiles(3) doesn't make use of nlistf value if memf is null (kvm_openfiles() call at line 674 in r179949). If both mentioned variables are NULL a live mode which copes with NULL values is enabled. The bug is also reproducible with following command line: $ netstat -m -N foo Segmentation fault: 11 Below is a fix that makes it to exit with an error message if memf == NULL and nlistf != NULL. After applying the fix: $ netstat -m foo netstat: no core file specified -- Jaakko Index: usr.bin/netstat/main.c =================================================================== --- usr.bin/netstat/main.c (revision 179949) +++ usr.bin/netstat/main.c (working copy) @@ -492,7 +492,12 @@ main(int argc, char *argv[]) * Discard setgid privileges if not the running kernel so that bad * guys can't print interesting stuff from kernel memory. */ - live = (nlistf == NULL && memf == NULL); + if (memf == NULL) { + if (nlistf != NULL) + errx(1, "no core file specified"); + live = 1; + } + if (!live) setgid(getgid());
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200806231900.m5NJ0Cqi048427>