From andy@wantpackets.com  Sun Sep  1 17:28:57 2002
Return-Path: <andy@wantpackets.com>
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7037B37B400
	for <FreeBSD-gnats-submit@freebsd.org>; Sun,  1 Sep 2002 17:28:57 -0700 (PDT)
Received: from wantpackets.com (wantpackets.com [208.8.54.110])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E0C9343E3B
	for <FreeBSD-gnats-submit@freebsd.org>; Sun,  1 Sep 2002 17:28:56 -0700 (PDT)
	(envelope-from andy@wantpackets.com)
Received: from wantpackets.com (andy@wantpackets.com [208.8.54.110])
	by wantpackets.com (8.12.3/8.12.3) with ESMTP id g820Wxcm088301
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 1 Sep 2002 20:33:04 -0400 (EDT)
	(envelope-from andy@wantpackets.com)
Received: (from andy@localhost)
	by wantpackets.com (8.12.3/8.12.3/Submit) id g820Wwb4088299;
	Sun, 1 Sep 2002 20:32:58 -0400 (EDT)
	(envelope-from andy)
Message-Id: <200209020032.g820Wwb4088299@wantpackets.com>
Date: Sun, 1 Sep 2002 20:32:58 -0400 (EDT)
From: Andy@wantpackets.com
Reply-To: andy@wantpackets.com
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: incorrect ipfw parsing causes segfault	
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         42304
>Category:       bin
>Synopsis:       incorrect ipfw parsing causes segfault
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    maxim
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Sep 01 17:30:12 PDT 2002
>Closed-Date:    Thu Sep 26 00:22:44 PDT 2002
>Last-Modified:  Thu Sep 26 00:22:44 PDT 2002
>Originator:     Andy
>Release:        FreeBSD 4.6-RELEASE-p1 i386
>Organization:
>Environment:
System: FreeBSD wantpackets.com 4.6-RELEASE-p1 FreeBSD 4.6-RELEASE-p1 #1: Fri Jun 28 06:20:15 EDT 2002 andy@wantpackets.com:/usr/obj/usr/src/sys/WANTPACKETS i386


	
>Description:
	typing ipfw add unreach segfaults ipfw.  incorrect handling of null strings.
>How-To-Repeat:
	typing ipfw add unreach segfaults ipfw.
>Fix:
	
	Patch is here: 


--- ipfw.c	Sun Sep  1 20:13:46 2002
+++ ipfw.c-fixed	Sun Sep  1 20:16:22 2002
@@ -972,6 +972,9 @@
 	u_long val;
 	char *s;
 
+	if (str == '\0')
+		errx(EX_DATAERR, "you forgot to specify an icmp spec");
+
 	val = strtoul(str, &s, 0);
 	if (s != str && *s == '\0' && val < 0x100) {
 		*codep = val;
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->luigi 
Responsible-Changed-By: roam 
Responsible-Changed-When: Sun Sep 1 23:18:34 PDT 2002 
Responsible-Changed-Why:  
Over to the ipfw author/maintainer. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=42304 
State-Changed-From-To: open->patched 
State-Changed-By: maxim 
State-Changed-When: Wed Sep 25 04:26:56 PDT 2002 
State-Changed-Why:  
Fixed in rev. 1.124 src/sbin/ipfw/ipfw.c in -current. 


Responsible-Changed-From-To: luigi->maxim 
Responsible-Changed-By: maxim 
Responsible-Changed-When: Wed Sep 25 04:26:56 PDT 2002 
Responsible-Changed-Why:  
Hope to MFC it before 4.7-RELEASE. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=42304 
State-Changed-From-To: patched->closed 
State-Changed-By: maxim 
State-Changed-When: Thu Sep 26 00:21:32 PDT 2002 
State-Changed-Why:  
Fixed in rev. 1.124 and rev. 1.80.2.24 src/sbin/ipfw/ipfw.c 
in -current and -stable. Thanks. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=42304 
>Unformatted:
