Bug 255491

Summary: null pointer dereference in ipfw.c
Product: Base System Reporter: haysen <haisheng.zhouz>
Component: binAssignee: Lutz Donnerhacke <donner>
Status: Closed FIXED    
Severity: Affects Many People CC: chris, donner, ipfw
Priority: ---    
Version: CURRENT   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
screenshots of Bug analysis none

Description haysen 2021-04-29 16:44:03 UTC 
Created attachment 224536 [details]
screenshots of  Bug analysis

when i use the command #ipfw -t add allow tcp from any to any out
there is a "Segmentation fault(core dumped)"

In this commad  "ipfw" and "-t"or"-T" and  "add" is needed.

It is because  lin 5362 of ipfw2.c  
  show_static_rule(&g_co, &sfo, &bp, rule, NULL); the last parameter is NULL

and then  line 2195 in ipfw2.c
  
  if (cntr->timestamp > 0) {   //the "cntr" is NULL
Comment 1 Lutz Donnerhacke freebsd_committer freebsd_triage 2021-04-30 14:20:18 UTC 
May you please test this patch?
https://reviews.freebsd.org/D30046
Comment 2 commit-hook freebsd_committer freebsd_triage 2021-05-02 19:47:51 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=bf7cc0f9cb6603a6bdd6131c8d1939724ce6e62d

commit bf7cc0f9cb6603a6bdd6131c8d1939724ce6e62d
Author:     Lutz Donnerhacke <donner@FreeBSD.org>
AuthorDate: 2021-04-30 14:12:47 +0000
Commit:     Lutz Donnerhacke <donner@FreeBSD.org>
CommitDate: 2021-05-02 19:28:46 +0000

    sbin/ipfw: Fix null pointer deference when printing counters

    ipfw -[tT] prints statistics of the last access. If the rule was never
    used, the counter might be not exist.  This happens unconditionally on
    inserting a new rule.  Avoid printing statistics in this case.

    PR:     255491
    Reported by:    Haisheng Zhouz
    Reviewed by:    ae
    MFC after:      1 week
    Differential Revision:  https://reviews.freebsd.org/D30046

 sbin/ipfw/ipfw2.c | 51 +++++++++++++++++++++++++++------------------------
 1 file changed, 27 insertions(+), 24 deletions(-)
Comment 3 commit-hook freebsd_committer freebsd_triage 2021-05-09 12:35:31 UTC 
A commit in branch stable/13 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=80b22e631506a3d6d783fa42424502d32d1f417f

commit 80b22e631506a3d6d783fa42424502d32d1f417f
Author:     Lutz Donnerhacke <donner@FreeBSD.org>
AuthorDate: 2021-04-30 14:12:47 +0000
Commit:     Lutz Donnerhacke <donner@FreeBSD.org>
CommitDate: 2021-05-09 12:33:28 +0000

    sbin/ipfw: Fix null pointer deference when printing counters

    ipfw -[tT] prints statistics of the last access. If the rule was never
    used, the counter might be not exist.  This happens unconditionally on
    inserting a new rule.  Avoid printing statistics in this case.

    PR:     255491
    Reported by:    Haisheng Zhouz
    Reviewed by:    ae
    Differential Revision:  https://reviews.freebsd.org/D30046

    (cherry picked from commit bf7cc0f9cb6603a6bdd6131c8d1939724ce6e62d)

 sbin/ipfw/ipfw2.c | 51 +++++++++++++++++++++++++++------------------------
 1 file changed, 27 insertions(+), 24 deletions(-)
Comment 4 commit-hook freebsd_committer freebsd_triage 2021-05-09 12:51:35 UTC 
A commit in branch stable/12 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=b1902474a7c51e025d734e8233f0e850291b92e7

commit b1902474a7c51e025d734e8233f0e850291b92e7
Author:     Lutz Donnerhacke <donner@FreeBSD.org>
AuthorDate: 2021-05-09 12:48:47 +0000
Commit:     Lutz Donnerhacke <donner@FreeBSD.org>
CommitDate: 2021-05-09 12:48:47 +0000

    sbin/ipfw: Fix null pointer deference when printing counters

    ipfw -[tT] prints statistics of the last access. If the rule was never
    used, the counter might be not exist.  This happens unconditionally on
    inserting a new rule.  Avoid printing statistics in this case.

    PR:             255491
    Reported by:    Haisheng Zhouz
    Reviewed by:    ae
    Differential Revision:  https://reviews.freebsd.org/D30046

    (cherry picked from commit bf7cc0f9cb6603a6bdd6131c8d1939724ce6e62d)

 sbin/ipfw/ipfw2.c | 51 +++++++++++++++++++++++++++------------------------
 1 file changed, 27 insertions(+), 24 deletions(-)
Comment 5 commit-hook freebsd_committer freebsd_triage 2021-05-09 12:59:37 UTC 
A commit in branch stable/11 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=552885bde60021ed6f1db46a95f9fb2557cbe1b6

commit 552885bde60021ed6f1db46a95f9fb2557cbe1b6
Author:     Lutz Donnerhacke <donner@FreeBSD.org>
AuthorDate: 2021-05-09 12:56:40 +0000
Commit:     Lutz Donnerhacke <donner@FreeBSD.org>
CommitDate: 2021-05-09 12:56:40 +0000

    ^sbin/ipfw: Fix null pointer deference when printing counters

    ipfw -[tT] prints statistics of the last access. If the rule was never
    used, the counter might be not exist.  This happens unconditionally on
    inserting a new rule.  Avoid printing statistics in this case.

    PR:             255491
    Reported by:    Haisheng Zhouz
    Reviewed by:    ae
    Differential Revision:  https://reviews.freebsd.org/D30046

    (cherry picked from commit bf7cc0f9cb6603a6bdd6131c8d1939724ce6e62d)

 sbin/ipfw/ipfw2.c | 51 +++++++++++++++++++++++++++------------------------
 1 file changed, 27 insertions(+), 24 deletions(-)