From dada@lend.tu-graz.ac.at  Sat Nov 29 01:55:16 1997
Received: from fcggsg07.icg.tu-graz.ac.at (fcggsg07.icg.tu-graz.ac.at [129.27.201.16])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id BAA21158
          for <FreeBSD-gnats-submit@freebsd.org>; Sat, 29 Nov 1997 01:55:13 -0800 (PST)
          (envelope-from dada@lend.tu-graz.ac.at)
Received: from lend.tu-graz.ac.at (isdn097.tu-graz.ac.at [129.27.240.97])
          by fcggsg07.icg.tu-graz.ac.at (8.8.4/8.8.4) with ESMTP
	  id KAA16983 for <FreeBSD-gnats-submit@freebsd.org>; Sat, 29 Nov 1997 10:55:01 +0100 (MET)
Received: (from dada@localhost)
	by lend.tu-graz.ac.at (8.8.5/8.8.5) id VAA01783;
	Fri, 28 Nov 1997 21:45:58 +0100 (CET)
Message-Id: <199711282045.VAA01783@lend.tu-graz.ac.at>
Date: Fri, 28 Nov 1997 21:45:58 +0100 (CET)
From: Martin Kammerhofer <dada@sbox.tu-graz.ac.at>
Reply-To: dada@sbox.tu-graz.ac.at
To: FreeBSD-gnats-submit@freebsd.org
Subject: kbdcontrol(1) can easily crash system
X-Send-Pr-Version: 3.2

>Number:         5174
>Category:       i386
>Synopsis:       kbdcontrol(1) can easily crash system
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    steve
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Nov 29 02:00:00 PST 1997
>Closed-Date:    Mon Dec 29 10:58:21 PST 1997
>Last-Modified:  Mon Dec 29 11:00:09 PST 1997
>Originator:     Martin Kammerhofer
>Release:        FreeBSD 2.2-STABLE i386
>Organization:
Graz University of Technology
>Environment:

syscons driver configured in kernel (as usual)

>Description:

Setting history buffer size to an unusual large number reboots the system.

Impact: Anyone with access to a /dev/ttyv? can crash the system. Fortunately
	this (usually) requires physical access to the console where you could
	press the big red button as well...

>How-To-Repeat:

kbdcontrol -h 300000 </dev/ttyv0

>Fix:
	
Add parameter checking to /usr/sbin/kbdcontrol.
>Release-Note:
>Audit-Trail:

From: Kazutaka YOKOTA <yokota@zodiac.mech.utsunomiya-u.ac.jp>
To: dada@sbox.tu-graz.ac.at
Cc: FreeBSD-gnats-submit@freebsd.org, yokota@zodiac.mech.utsunomiya-u.ac.jp
Subject: Re: i386/5174: kbdcontrol(1) can easily crash system 
Date: Mon, 01 Dec 1997 07:47:35 +0900

 >>Number:         5174
 >>Category:       i386
 >>Synopsis:       kbdcontrol(1) can easily crash system
 >>Confidential:   yes
 >>Severity:       serious
 >>Priority:       medium
 >>Responsible:    freebsd-bugs
 >>State:          open
 >>Class:          sw-bug
 >>Submitter-Id:   current-users
 >>Arrival-Date:   Sat Nov 29 02:00:00 PST 1997
 >>Last-Modified:
 >>Originator:     Martin Kammerhofer
 >>Organization:
 >Graz University of Technology
 >>Release:        FreeBSD 2.2-STABLE i386
 >>Environment:
 >
 >syscons driver configured in kernel (as usual)
 >
 >>Description:
 >
 >Setting history buffer size to an unusual large number reboots the system.
 >
 >Impact: Anyone with access to a /dev/ttyv? can crash the system. Fortunately
 >	this (usually) requires physical access to the console where you could
 >	press the big red button as well...
 
 This has been fixed in v1.235 of 3.0-CURRENT and v.1.182.2.27 
 of 2.2-STABLE.
 
 Kazu
State-Changed-From-To: open->closed 
State-Changed-By: steve 
State-Changed-When: Mon Dec 29 10:58:21 PST 1997 
State-Changed-Why:  
Already fixed in both the -current and -stable branches. 
>Unformatted:
