From dunstan@freebsd.czest.pl  Fri Jan  6 18:31:40 2006
Return-Path: <dunstan@freebsd.czest.pl>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7D17C16A420
	for <FreeBSD-gnats-submit@freebsd.org>; Fri,  6 Jan 2006 18:31:40 +0000 (GMT)
	(envelope-from dunstan@freebsd.czest.pl)
Received: from freebsd.czest.pl (freebsd.czest.pl [80.48.250.4])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DA35643D60
	for <FreeBSD-gnats-submit@freebsd.org>; Fri,  6 Jan 2006 18:31:37 +0000 (GMT)
	(envelope-from dunstan@freebsd.czest.pl)
Received: from freebsd.czest.pl (freebsd.czest.pl [80.48.250.4])
	by freebsd.czest.pl (8.12.10/8.12.9) with ESMTP id k06IYuPx061062
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 6 Jan 2006 18:34:56 GMT
	(envelope-from dunstan@freebsd.czest.pl)
Received: (from dunstan@localhost)
	by freebsd.czest.pl (8.13.4/8.12.9/Submit) id k06IYtLd061061;
	Fri, 6 Jan 2006 18:34:56 GMT
	(envelope-from dunstan)
Message-Id: <200601061834.k06IYtLd061061@freebsd.czest.pl>
Date: Fri, 6 Jan 2006 18:34:56 GMT
From: "Wojciech A. Koszek" <dunstan@freebsd.czest.pl>
Reply-To: "Wojciech A. Koszek" <dunstan@freebsd.czest.pl>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [PATCH] kvm(3) should handle empty files properly
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         91411
>Category:       bin
>Synopsis:       [PATCH] kvm(3) should handle empty files properly
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    csjp
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jan 06 18:40:04 GMT 2006
>Closed-Date:    Mon Jan 30 13:47:04 GMT 2006
>Last-Modified:  Mon Jan 30 13:47:04 GMT 2006
>Originator:     Wojciech A. Koszek
>Release:        FreeBSD 7.0-CURRENT i386
>Organization:
>Environment:
System: FreeBSD dunstan.freebsd.czest.pl 7.0-CURRENT FreeBSD 7.0-CURRENT #4: Mon Jan 2 21:27:11 CET 2006 root@dunstan.freebsd.czest.pl:/usr/obj/usr/src/sys/LAPTOP i386

>Description:

Right now you will get segmentation fault with almost every application
linked with kvm(3) if the file which name was passed in kvm_open.. has 0
bytes:


root@dunstan:(/usr/src/lib/libkvm)# touch /tmp/Zzz
root@dunstan:(/usr/src/lib/libkvm)# ps -M /tmp/Zzz
zsh: segmentation fault  ps -M /tmp/Zzz


Besides ps(1), every program tries to properly handle error value returned
from kvm_open*, which should be NULL (and this behaviour is documented in
manual page).

>How-To-Repeat:

root@dunstan:(/usr/src/lib/libkvm)# touch /tmp/Zzz
root@dunstan:(/usr/src/lib/libkvm)# ps -M /tmp/Zzz
zsh: segmentation fault  ps -M /tmp/Zzz

>Fix:

Patch is here:
	http://freebsd.czest.pl/dunstan/FreeBSD/libkvm.0.patch

--- libkvm.0.patch begins here ---
(c) 2006 Wojciech A. Koszek <dunstan%FreeBSD.czest.pl>

Patch against FreeBSD 7.0-CURRENT, kern.osreldate: 700011.

diff --exclude=CVS -upr /usr/src/bin/ps/ps.c src/bin/ps/ps.c
--- /usr/src/bin/ps/ps.c	Wed Feb  9 18:37:38 2005
+++ src/bin/ps/ps.c	Wed Jan  4 23:00:47 2006
@@ -432,7 +432,7 @@ main(int argc, char *argv[])
 		xkeep = xkeep_implied;
 
 	kd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY, errbuf);
-	if (kd == 0)
+	if (kd == NULL)
 		errx(1, "%s", errbuf);
 
 	if (!_fmt)
diff --exclude=CVS -upr /usr/src/lib/libkvm/kvm.c src/lib/libkvm/kvm.c
--- /usr/src/lib/libkvm/kvm.c	Tue Jul 19 16:48:58 2005
+++ src/lib/libkvm/kvm.c	Wed Jan  4 22:59:11 2006
@@ -179,6 +179,15 @@ _kvm_open(kd, uf, mf, flag, errout)
 		_kvm_syserr(kd, kd->program, "%s", mf);
 		goto failed;
 	}
+	/*
+	 * Disallow access to 0-length files, since further initialization
+	 * will cause segmentation fault.
+	 */
+	if (S_ISREG(st.st_mode) && st.st_size <= 0) {
+		errno = EINVAL;
+		_kvm_syserr(kd, kd->program, "empty file");
+		goto failed;
+	}
 	if (fcntl(kd->pmfd, F_SETFD, FD_CLOEXEC) < 0) {
 		_kvm_syserr(kd, kd->program, "%s", mf);
 		goto failed;
@@ -225,10 +234,10 @@ failed:
 	/*
 	 * Copy out the error if doing sane error semantics.
 	 */
-	if (errout != 0)
+	if (errout != NULL)
 		strlcpy(errout, kd->errbuf, _POSIX2_LINE_MAX);
 	(void)kvm_close(kd);
-	return (0);
+	return (NULL);
 }
 
 kvm_t *
--- libkvm.0.patch ends here ---
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->csjp 
Responsible-Changed-By: csjp 
Responsible-Changed-When: Sun Jan 15 20:25:48 UTC 2006 
Responsible-Changed-Why:  
I will grab this one. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=91411 
State-Changed-From-To: open->patched 
State-Changed-By: csjp 
State-Changed-When: Sun Jan 15 20:30:24 UTC 2006 
State-Changed-Why:  
The fix has been merged into HEAD 

http://www.freebsd.org/cgi/query-pr.cgi?pr=91411 
State-Changed-From-To: patched->closed 
State-Changed-By: csjp 
State-Changed-When: Mon Jan 30 13:46:40 UTC 2006 
State-Changed-Why:  
Patched in RELENG_6 now 

http://www.freebsd.org/cgi/query-pr.cgi?pr=91411 
>Unformatted:
