From liukang@bjpu.edu.cn  Mon Sep  1 22:14:39 2003
Return-Path: <liukang@bjpu.edu.cn>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A0A4C16A4BF
	for <freebsd-gnats-submit@freebsd.org>; Mon,  1 Sep 2003 22:14:39 -0700 (PDT)
Received: from bjpu.edu.cn (egw.bjpu.edu.cn [202.112.78.77])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8636743FFD
	for <freebsd-gnats-submit@freebsd.org>; Mon,  1 Sep 2003 22:14:37 -0700 (PDT)
	(envelope-from liukang@bjpu.edu.cn)
Received: (eyou gateway send program); Tue, 02 Sep 2003 13:15:46 +0800
Received: from unknown (HELO lkatschool) (unknown@202.112.78.224)
 by 202.112.78.77 with ; Tue, 02 Sep 2003 13:15:46 +0800
Message-Id: <000001c37110$b7e92070$e04e70ca@lkatschool>
Date: Tue, 2 Sep 2003 13:11:50 +0800
From: "Kang Liu" <liukang@bjpu.edu.cn>
To: <FreeBSD-gnats-submit@freebsd.org>
Cc: <ipfw@freebsd.org>
Subject: [patch]run ipfw2 with incomplete options will make a coredump

>Number:         56298
>Category:       bin
>Synopsis:       [patch]run ipfw2 with incomplete options will make a coredump
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    maxim
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Sep 01 22:20:15 PDT 2003
>Closed-Date:    Mon Sep 15 03:29:07 PDT 2003
>Last-Modified:  Mon Sep 15 03:29:07 PDT 2003
>Originator:     Kang Liu
>Release:        FreeBSD 4.9-PRERELEASE i386
>Organization:
Beijing University of Technology
>Environment:
System: FreeBSD cnproxy.bjpu.edu.cn 4.9-PRERELEASE FreeBSD 4.9-PRERELEASE #33: Sun Aug 31 15:58:08 CST 2003
root@cnproxy.bjpu.edu.cn:/usr/obj/usr/src/sys/CNPROXY i386
>Description:
run ipfw2 enable/disable with incomplete options will make a coredump with signal 10.
this problem can be reproduced on the latest 5.1current, I do not have a 4.8 running ipfw2, 
but I think -stable with ipfw2 may have the same problem.
The src has been freezed for 4.9, but this problem is so serious, Can anyone test and commit it?
>How-To-Repeat:
on a latest 5.1 machine,run:
# ipfw disable (or ipfw enable)
Bus error (core dumped)

a ipfw.core would be produced

In /var/log/message:
date time hosename kernel: pid num (ipfw), uid 0: exited on signal 10 (core dumped)

>Fix:
I think a better way is to check "ac" instead of check "av".

--- ipfw2.c.orig	Tue Sep  2 12:54:28 2003
+++ ipfw2.c	Tue Sep  2 12:54:54 2003
@@ -1643,7 +1643,7 @@
 	ac--;
 	av++;
 
-	if (*av == NULL) {
+	if (ac == 0) {
 		warnx("missing keyword to enable/disable\n");
 	} else if (strncmp(*av, "firewall", strlen(*av)) == 0) {
 		sysctlbyname("net.inet.ip.fw.enable", NULL, 0,

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->patched 
State-Changed-By: maxim 
State-Changed-When: Tue Sep 2 03:37:09 PDT 2003 
State-Changed-Why:  
Fixed in -CURRENT, thanks! 


Responsible-Changed-From-To: freebsd-bugs->maxim 
Responsible-Changed-By: maxim 
Responsible-Changed-When: Tue Sep 2 03:37:09 PDT 2003 
Responsible-Changed-Why:  
Hope I'll MFC the fix before 4.9-RELEASE. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=56298 
State-Changed-From-To: patched->closed 
State-Changed-By: luigi 
State-Changed-When: Mon Sep 15 03:28:46 PDT 2003 
State-Changed-Why:  
MFC completed 


http://www.freebsd.org/cgi/query-pr.cgi?pr=56298 
>Unformatted:
