Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 21 Jan 2003 20:48:14 +0100
From:      Pawel Jakub Dawidek <nick@garage.freebsd.pl>
To:        FreeBSD-gnats-submit@FreeBSD.org
Cc:        Pawel Jakub Dawidek <nick@garage.freebsd.pl>
Subject:   bin/47313: Segfault in inetd(8).
Message-ID:  <20030121194814.GQ9430@garage.freebsd.pl>
next in thread | raw e-mail | index | archive | help 

>Number:         47313
>Category:       bin
>Synopsis:       Segfault in inetd(8).
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jan 21 11:50:02 PST 2003
>Closed-Date:
>Last-Modified:
>Originator:     Pawel Jakub Dawidek
>Release:        FreeBSD 4.7-STABLE i386
>Organization:
CerbNG group.
>Environment:
System: FreeBSD leila.mikrus.pw.edu.pl 4.7-STABLE FreeBSD 4.7-STABLE #20: Mon Jan 20 23:21:30 CET 2003 root@leila.mikrus.pw.edu.pl:/usr/obj/usr/src/sys/LEILA i386


>Description:
	In some causes inetd(8) coredumps. I'm running inetd(8)
	with '-wWl' flags.

	Problem is in line 736 in inetd.c. syslog(3) is called there
	and one of its argument is:

	(((struct sockaddr *)req.client->sin)->sa_family == AF_INET6 && !IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)req.client->sin)->sin6_addr)) ? "6" : "");

	And here req.client->sin could be NULL.

>How-To-Repeat:
	I'm not quite sure. With some changes we got:

	[...] leila inetd[1323]: warning: can't get client address: Connection reset by peer
	[...] leila inetd[1323]: WE GOT NULL! <orginally here we got core dump>
	[...] leila inetd[1323]: connection from unknown, service ftpd (tcp)

>Fix:
	I'm not sure if this is a fix. Maybe workaround only, because
	req.client->sin should never be NULL?


--- inetd.c.orig	Wed Aug 21 12:00:24 2002
+++ inetd.c	Tue Jan 21 20:28:25 2003
@@ -736,7 +736,8 @@
 				    syslog(allow_severity,
 				        "connection from %.500s, service %s (%s%s)",
 					eval_client(&req), service, sep->se_proto,
-					(((struct sockaddr *)req.client->sin)->sa_family == AF_INET6 && !IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)req.client->sin)->sin6_addr)) ? "6" : "");
+					(req.client->sin != NULL && ((struct sockaddr *)req.client->sin)->sa_family == AF_INET6 &&
+					 !IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)req.client->sin)->sin6_addr)) ? "6" : "");
 				}
 			    }
 			    if (sep->se_bi) {
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030121194814.GQ9430>