Bug 19605
| Summary: | FreeBSD 4.0-RELEASE panics on incorrect use of ioctl() | ||
|---|---|---|---|
| Product: | Base System | Reporter: | demond <demond> |
| Component: | kern | Assignee: | freebsd-bugs (Nobody) <bugs> |
| Status: | Closed FIXED | ||
| Severity: | Affects Only Me | ||
| Priority: | Normal | ||
| Version: | 4.0-RELEASE | ||
| Hardware: | Any | ||
| OS: | Any | ||
State Changed From-To: open->closed This was fixed in rev 1.86 and rev 1.85.2.1 of sys/net/if.c. See also PR kern/17311. |
I tested this on several 4.0-RELEASE boxes (as unprivileged user): #include <sys/types.h> #include <sys/ioctl.h> #include <sys/socket.h> #include <net/if.h> main() { struct ifconf ifc; int sd = socket(PF_INET, SOCK_DGRAM, 0); ioctl(sd, SIOCGIFCONF, (char *)&ifc); } The result: kernel panic & reboot. Other FreeBSD versions don't seem to be affected. Fix: Wish I had time to investigate... The problem is obviously caused by incorrect ioctl() use (not supplying proper buffer in ifconf struct). How-To-Repeat: See above.