Bug 255491 - null pointer dereference in ipfw.c
Summary: null pointer dereference in ipfw.c
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Many People
Assignee: Lutz Donnerhacke
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-04-29 16:44 UTC by haysen
Modified: 2021-05-09 12:59 UTC (History)
3 users (show)

See Also:

Attachments
screenshots of Bug analysis (128.81 KB, application/pdf)
2021-04-29 16:44 UTC, haysen 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description haysen 2021-04-29 16:44:03 UTC 
Created attachment 224536 [details]
screenshots of  Bug analysis

when i use the command #ipfw -t add allow tcp from any to any out
there is a "Segmentation fault(core dumped)"

In this commad  "ipfw" and "-t"or"-T" and  "add" is needed.

It is because  lin 5362 of ipfw2.c  
  show_static_rule(&g_co, &sfo, &bp, rule, NULL); the last parameter is NULL

and then  line 2195 in ipfw2.c
  
  if (cntr->timestamp > 0) {   //the "cntr" is NULL
Comment 1 Lutz Donnerhacke freebsd_committer freebsd_triage 2021-04-30 14:20:18 UTC 
May you please test this patch?
https://reviews.freebsd.org/D30046
Comment 2 commit-hook freebsd_committer freebsd_triage 2021-05-02 19:47:51 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=bf7cc0f9cb6603a6bdd6131c8d1939724ce6e62d

commit bf7cc0f9cb6603a6bdd6131c8d1939724ce6e62d
Author:     Lutz Donnerhacke <donner@FreeBSD.org>
AuthorDate: 2021-04-30 14:12:47 +0000
Commit:     Lutz Donnerhacke <donner@FreeBSD.org>
CommitDate: 2021-05-02 19:28:46 +0000

    sbin/ipfw: Fix null pointer deference when printing counters

    ipfw -[tT] prints statistics of the last access. If the rule was never
    used, the counter might be not exist.  This happens unconditionally on
    inserting a new rule.  Avoid printing statistics in this case.

    PR:     255491
    Reported by:    Haisheng Zhouz
    Reviewed by:    ae
    MFC after:      1 week
    Differential Revision:  https://reviews.freebsd.org/D30046

 sbin/ipfw/ipfw2.c | 51 +++++++++++++++++++++++++++------------------------
 1 file changed, 27 insertions(+), 24 deletions(-)
Comment 3 commit-hook freebsd_committer freebsd_triage 2021-05-09 12:35:31 UTC 
A commit in branch stable/13 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=80b22e631506a3d6d783fa42424502d32d1f417f

commit 80b22e631506a3d6d783fa42424502d32d1f417f
Author:     Lutz Donnerhacke <donner@FreeBSD.org>
AuthorDate: 2021-04-30 14:12:47 +0000
Commit:     Lutz Donnerhacke <donner@FreeBSD.org>
CommitDate: 2021-05-09 12:33:28 +0000

    sbin/ipfw: Fix null pointer deference when printing counters

    ipfw -[tT] prints statistics of the last access. If the rule was never
    used, the counter might be not exist.  This happens unconditionally on
    inserting a new rule.  Avoid printing statistics in this case.

    PR:     255491
    Reported by:    Haisheng Zhouz
    Reviewed by:    ae
    Differential Revision:  https://reviews.freebsd.org/D30046

    (cherry picked from commit bf7cc0f9cb6603a6bdd6131c8d1939724ce6e62d)

 sbin/ipfw/ipfw2.c | 51 +++++++++++++++++++++++++++------------------------
 1 file changed, 27 insertions(+), 24 deletions(-)
Comment 4 commit-hook freebsd_committer freebsd_triage 2021-05-09 12:51:35 UTC 
A commit in branch stable/12 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=b1902474a7c51e025d734e8233f0e850291b92e7

commit b1902474a7c51e025d734e8233f0e850291b92e7
Author:     Lutz Donnerhacke <donner@FreeBSD.org>
AuthorDate: 2021-05-09 12:48:47 +0000
Commit:     Lutz Donnerhacke <donner@FreeBSD.org>
CommitDate: 2021-05-09 12:48:47 +0000

    sbin/ipfw: Fix null pointer deference when printing counters

    ipfw -[tT] prints statistics of the last access. If the rule was never
    used, the counter might be not exist.  This happens unconditionally on
    inserting a new rule.  Avoid printing statistics in this case.

    PR:             255491
    Reported by:    Haisheng Zhouz
    Reviewed by:    ae
    Differential Revision:  https://reviews.freebsd.org/D30046

    (cherry picked from commit bf7cc0f9cb6603a6bdd6131c8d1939724ce6e62d)

 sbin/ipfw/ipfw2.c | 51 +++++++++++++++++++++++++++------------------------
 1 file changed, 27 insertions(+), 24 deletions(-)
Comment 5 commit-hook freebsd_committer freebsd_triage 2021-05-09 12:59:37 UTC 
A commit in branch stable/11 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=552885bde60021ed6f1db46a95f9fb2557cbe1b6

commit 552885bde60021ed6f1db46a95f9fb2557cbe1b6
Author:     Lutz Donnerhacke <donner@FreeBSD.org>
AuthorDate: 2021-05-09 12:56:40 +0000
Commit:     Lutz Donnerhacke <donner@FreeBSD.org>
CommitDate: 2021-05-09 12:56:40 +0000

    ^sbin/ipfw: Fix null pointer deference when printing counters

    ipfw -[tT] prints statistics of the last access. If the rule was never
    used, the counter might be not exist.  This happens unconditionally on
    inserting a new rule.  Avoid printing statistics in this case.

    PR:             255491
    Reported by:    Haisheng Zhouz
    Reviewed by:    ae
    Differential Revision:  https://reviews.freebsd.org/D30046

    (cherry picked from commit bf7cc0f9cb6603a6bdd6131c8d1939724ce6e62d)

 sbin/ipfw/ipfw2.c | 51 +++++++++++++++++++++++++++------------------------
 1 file changed, 27 insertions(+), 24 deletions(-)