misc/112126: netstat segfaults on unusual ICMP statistics
Christoph Weber-Fahr
cwf-ml at arcor.de
Fri Apr 27 14:40:11 UTC 2007
The following reply was made to PR bin/112126; it has been noted by GNATS.
From: Christoph Weber-Fahr <cwf-ml at arcor.de>
To: Maxim Konovalov <maxim at macomnet.ru>, bug-followup at freebsd.org
Cc:
Subject: Re: misc/112126: netstat segfaults on unusual ICMP statistics
Date: Fri, 27 Apr 2007 16:35:35 +0200
Hello,
Maxim Konovalov <maxim at macomnet.ru> wrote:
> On Fri, 27 Apr 2007, 03:50+0200, Christoph Weber-Fahr wrote:
>> Input histogram:
>> echo reply: 12
>> destination unreachable: 1
>> echo: 41
>> #20: 7
>> icmp traceroute: 16
>> mobile registration req: 25
>> #37: 31
>> 8
>> 15
>>
>> Note the last two untagged values. They
>> are created when the kernel, which in
>> the meantime has a ICM_MAXTYPE at, say, 49,
>> has logged 8 packets of type 44, and 15 of type 47.
> icmpstat.icps_outhist and icps_inhist are definde this way:
>
> u_long icps_outhist[ICMP_MAXTYPE + 1];
> u_long icps_inhist[ICMP_MAXTYPE + 1];
>
> How do you fit types > ICMP_MAXTYPE + 1 there?
Not at all. We are debating the case when ICMP_MAXTYPE
in the kernel gets raised without adapting netstat.
To test this you would not only have had modified ping, but also
recompiled a kernel with a modified ICMP_MAXTYPE.
My scenario above assumed ICMP_MAXTYPE to be 49.
Regards
Christoph Weber-Fahr
More information about the freebsd-bugs
mailing list