From owner-freebsd-bugs@FreeBSD.ORG Mon Jun 23 19:00:12 2008 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A18A0106567B for ; Mon, 23 Jun 2008 19:00:12 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 8B1598FC23 for ; Mon, 23 Jun 2008 19:00:12 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m5NJ0Cth048428 for ; Mon, 23 Jun 2008 19:00:12 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m5NJ0Cqi048427; Mon, 23 Jun 2008 19:00:12 GMT (envelope-from gnats) Date: Mon, 23 Jun 2008 19:00:12 GMT Message-Id: <200806231900.m5NJ0Cqi048427@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org From: Jaakko Heinonen Cc: Subject: Re: bin/124724: netstat coredump on -stable X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Jaakko Heinonen List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Jun 2008 19:00:12 -0000 The following reply was made to PR bin/124724; it has been noted by GNATS. From: Jaakko Heinonen To: Garrett Cooper Cc: bug-followup@FreeBSD.org, heliar@at.nsu.ru Subject: Re: bin/124724: netstat coredump on -stable Date: Mon, 23 Jun 2008 21:58:56 +0300 Hi, On 2008-06-19, Garrett Cooper wrote: > > Same thing occurs on -CURRENT (backtrace): > > > > (gdb) bt > > #0 0x280960ff in kvm_nlist () from /lib/libkvm.so.4 > > #1 0x2809b25e in memstat_kvm_malloc () from /usr/lib/libmemstat.so.2 > > #2 0x2809a0fa in memstat_kvm_all () from /usr/lib/libmemstat.so.2 > > #3 0x08050aa8 in mbpr (kvmd=0x0, mbaddr=0) at mbuf.c:103 > > #4 0x080500eb in main (argc=1, argv=0xbfbfec40) at main.c:510 > > After doing some reading it appears that netstat is passing in an > invalid value to memstat_kvm_all, which subsequently calls > memstat_kvm_malloc for mbuf.c (kvmd = NULL). Calling malloc with NULL > for a pointer address of course is invalid coding. This happens when memf == NULL and nlistf != NULL (main.c). This situation (where memf == NULL and nlistf != NULL) doesn't make sense because kvm_openfiles(3) doesn't make use of nlistf value if memf is null (kvm_openfiles() call at line 674 in r179949). If both mentioned variables are NULL a live mode which copes with NULL values is enabled. The bug is also reproducible with following command line: $ netstat -m -N foo Segmentation fault: 11 Below is a fix that makes it to exit with an error message if memf == NULL and nlistf != NULL. After applying the fix: $ netstat -m foo netstat: no core file specified -- Jaakko Index: usr.bin/netstat/main.c =================================================================== --- usr.bin/netstat/main.c (revision 179949) +++ usr.bin/netstat/main.c (working copy) @@ -492,7 +492,12 @@ main(int argc, char *argv[]) * Discard setgid privileges if not the running kernel so that bad * guys can't print interesting stuff from kernel memory. */ - live = (nlistf == NULL && memf == NULL); + if (memf == NULL) { + if (nlistf != NULL) + errx(1, "no core file specified"); + live = 1; + } + if (!live) setgid(getgid());