Patch: ifconfig - fix SIGSEGV

Thu, 05 Jun 2014 10:40:45 -0700 

Hi tech@,

when calling ifconfig(8) with a not supported option like below, it
segfaults.

        ifconfig [interface] -someParameterNotSupportedWithALeadingMinus
        ifconfig re0 -adaw
        ifconfig iwn0 -media


Here's a backtrace:

#0  strlcpy (dst=0x84c658 <_entbuf+24> "", src=0x0, siz=<optimized out>) at 
/usr/src/lib/libc/string/strlcpy.c:37
#1  0x0000000000413a45 in _fillhostent (h=0x200f7f800, r=0x84c620 <_hostent>, 
buf=<optimized out>, len=4096) at /usr/src/lib/libc/asr/gethostnamadr.c:73
#2  0x0000000000413ceb in _gethostbyname (h_errnop=<optimized out>, 
buflen=<optimized out>, buf=<optimized out>, ret=<optimized out>, af=<optimized 
out>, 
    name=<optimized out>) at /usr/src/lib/libc/asr/gethostnamadr.c:125
#3  gethostbyname2 (name=<optimized out>, af=2) at 
/usr/src/lib/libc/asr/gethostnamadr.c:152
#4  0x000000000040ae78 in in_getaddr (s=0x7f7ffffd6f93 "-asdf", which=1) at 
/usr/src/sbin/ifconfig/ifconfig.c:4556
#5  0x00000000004019b4 in setifaddr (addr=0x7f7ffffd6f93 "-asdf", param=0) at 
/usr/src/sbin/ifconfig/ifconfig.c:1112
#6  0x0000000000400b01 in main (argc=1, argv=0x7f7ffffd6d78) at 
/usr/src/sbin/ifconfig/ifconfig.c:738



And here a patch that fixes the problem for me. Hope this is the right
place to errx().


Another thing i observed is that when calling "ifconfig re0 awdawd"
it behaves like calling "ifconfig re0 up" but i have not looked into
this.

Tested against -current amd64

Regards,
Fabian


Index: ifconfig.c
===================================================================
RCS file: /cvs/src/sbin/ifconfig/ifconfig.c,v
retrieving revision 1.283
diff -u -p -r1.283 ifconfig.c
--- ifconfig.c  12 May 2014 08:47:37 -0000      1.283
+++ ifconfig.c  5 Jun 2014 17:17:17 -0000
@@ -4552,14 +4552,15 @@ in_getaddr(const char *s, int which)
                        errx(1, "%d: bad prefixlen", bits);
                in_getprefix(p, MASK);
                memcpy(&sin->sin_addr, &tsin.sin_addr, sizeof(sin->sin_addr));
-       } else if (inet_aton(s, &sin->sin_addr) == 0) {
+       } else if (inet_aton(s, &sin->sin_addr) == 1) {
                if ((hp = gethostbyname(s)))
                        memcpy(&sin->sin_addr, hp->h_addr, hp->h_length);
                else if ((np = getnetbyname(s)))
                        sin->sin_addr = inet_makeaddr(np->n_net, INADDR_ANY);
                else
                        errx(1, "%s: bad value", s);
-       }
+       } else
+               errx(1, "%s: bad value", s);
 }
 
 /* ARGSUSED */

Reply via email to