From owner-freebsd-bugs@FreeBSD.ORG  Tue Jun 13 16:40:17 2006
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
X-Original-To: freebsd-bugs@hub.freebsd.org
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 21DA616A479
	for <freebsd-bugs@hub.freebsd.org>;
	Tue, 13 Jun 2006 16:40:17 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E406243D5A
	for <freebsd-bugs@hub.freebsd.org>;
	Tue, 13 Jun 2006 16:40:15 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k5DGeFtr033359
	for <freebsd-bugs@freefall.freebsd.org>; Tue, 13 Jun 2006 16:40:15 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k5DGeFUs033355;
	Tue, 13 Jun 2006 16:40:15 GMT (envelope-from gnats)
Resent-Date: Tue, 13 Jun 2006 16:40:15 GMT
Resent-Message-Id: <200606131640.k5DGeFUs033355@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Fabian Keil <freebsd-listen@fabiankeil.de>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4CFFC16A476
	for <freebsd-gnats-submit@FreeBSD.org>;
	Tue, 13 Jun 2006 16:31:19 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0DB8243D48
	for <freebsd-gnats-submit@FreeBSD.org>;
	Tue, 13 Jun 2006 16:31:19 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id k5DGVIwM005749
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 13 Jun 2006 16:31:18 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id k5DGVIko005748;
	Tue, 13 Jun 2006 16:31:18 GMT (envelope-from nobody)
Message-Id: <200606131631.k5DGVIko005748@www.freebsd.org>
Date: Tue, 13 Jun 2006 16:31:18 GMT
From: Fabian Keil <freebsd-listen@fabiankeil.de>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-2.3
Cc: 
Subject: bin/98905: [PATCH] devfs(8) segfaults if the ruleset doesn't end
	with a newline
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Jun 2006 16:40:17 -0000


>Number:         98905
>Category:       bin
>Synopsis:       [PATCH] devfs(8) segfaults if the ruleset doesn't end with a newline
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jun 13 16:40:14 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Fabian Keil
>Release:        RELENG_6
>Organization:
>Environment:
FreeBSD TP51.local 6.1-STABLE FreeBSD 6.1-STABLE #44: Fri Jun  9 20:00:13 CEST 2006     fk@TP51.local:/usr/obj/usr/src/sys/THINKPAD  i386
>Description:
devfs segfaults if the ruleset doesn't end with a newline.

The man page doesn't say if rulesets are required to
end with newlines, but at least the code looks as if
they are not supposed to.

Please note that I'm not using vanilla sources.
One of the patches I use is Jeremie Le Hen's SSP patch,
but the devfs code is the original one and the problem
looks like a "normal" segfault to me.
>How-To-Repeat:
fk@TP51 ~ $cat ~/test/pf-jail.rules
path pf hide
path pf unhidefk@TP51 ~ $
fk@TP51 ~ $sudo devfs rule -s 7 show
fk@TP51 ~ $sudo devfs rule -s 7 add - < ~/test/pf-jail.rules 
Segmentation fault: 11 (core dumped)
fk@TP51 ~ $sudo devfs rule -s 7 show
100 path pf hide

>Fix:
With:
http://www.fabiankeil.de/sourcecode/freebsd/devfs.c.diff
I get:
fk@TP51 ~ $cat ~/test/pf-jail.rules
path pf hide
path pf unhidefk@TP51 ~ $
fk@TP51 ~ $sudo devfs rule -s 7 show
fk@TP51 ~ $sudo devfs rule -s 7 add - < ~/test/pf-jail.rules 
fk@TP51 ~ $sudo devfs rule -s 7 show
100 path pf hide
200 path pf unhide

Not sure if strlcpy is allowed in the base or if
that's the best solution though.
>Release-Note:
>Audit-Trail:
>Unformatted: