bin/124724: [patch] netstat(1): netstat coredump on -stable

[Li yonggang]

The following reply was made to PR bin/124724; it has been noted by GNATS.

From: "Li yonggang" <leeygang at gmail.com>
To: "Jaakko Heinonen" <jh at saunalahti.fi>
Cc: bug-followup at freebsd.org
Subject: Re: bin/124724: [patch] netstat(1): netstat coredump on -stable
Date: Fri, 9 Jan 2009 15:23:36 +0000

 ------=_Part_245680_27460863.1231514616637
 Content-Type: text/plain; charset=ISO-8859-1
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline
 
 Thanks for your reply.
 your analysis is correct for netstat -m -N foo.
 but for netstat -m foo.I think it is caused by not checking the input,
 which is definitely not a good habit and bug latency.
 So a input check should be done as soon as possible.
 I combined the fixes of yours and mine to fix these 2 problems.
 
 I don't know why my diff can not show correctly, so I put it below as well:
 
 --- main.c	2009-01-09 15:05:05.000000000 +0000
 +++ ../main.c	2009-01-08 13:57:38.000000000 +0000
 @@ -341,6 +341,7 @@
  int	af;		/* address family */
  int	live;		/* true if we are examining a live system */
 
 +
  int
  main(int argc, char *argv[])
  {
 @@ -463,27 +464,11 @@
  		default:
  			usage();
  		}
 -	argv += optind;
 -	argc -= optind;
 -
 -#define	BACKWARD_COMPATIBILITY
 -#ifdef	BACKWARD_COMPATIBILITY
 -	if (*argv) {
 -		if (isdigit(**argv)) {
 -			interval = atoi(*argv);
 -			if (interval <= 0)
 -				usage();
 -			++argv;
 -			iflag = 1;
 -		}
 -		if (*argv) {
 -			nlistf = *argv;
 -			if (*++argv)
 -				memf = *argv;
 -		}
 -	}
 -#endif
 -
 +    /*
 +     * Check if params are parsed correctly
 +     * */
 +    if(*(argv += optind))
 +        usage();
  	/*
  	 * Discard setgid privileges if not the running kernel so that bad
  	 * guys can't print interesting stuff from kernel memory.
 
 
 
 On 1/9/09, Jaakko Heinonen <jh at saunalahti.fi> wrote:
 >
 > Hi,
 >
 > On 2009-01-09, Li yonggang wrote:
 >>  I think the root cause is that netstat does not check if the input is
 >>  correct.  so I think we should add some input checker while remove
 >>  the
 >>  BACKWARD_PATIBILITY code, which will lead to use incorrect input.
 >
 > Did you see my analysis and the patch for the problem?
 >
 > http://lists.freebsd.org/pipermail/freebsd-bugs/2008-June/031294.html
 >
 > Your patch doesn't address the "netstat -m -N foo" case. It also removes
 > the backward compatibility code. I don't know if that code has any real
 > value but I don't see need to remove it to fix this bug.
 >
 > --
 > Jaakko
 >
 
 ------=_Part_245680_27460863.1231514616637
 Content-Type: text/x-diff; name=main.diff
 Content-Transfer-Encoding: base64
 X-Attachment-Id: file0
 Content-Disposition: attachment; filename=main.diff
 
 LS0tIG1haW4uYwkyMDA5LTAxLTA5IDE1OjE3OjUxLjAwMDAwMDAwMCArMDAwMAorKysgLi4vbWFp
 bi5jCTIwMDktMDEtMDkgMTU6MTc6MDcuMDAwMDAwMDAwICswMDAwCkBAIC0zNDEsNiArMzQxLDcg
 QEAKIGludAlhZjsJCS8qIGFkZHJlc3MgZmFtaWx5ICovCiBpbnQJbGl2ZTsJCS8qIHRydWUgaWYg
 d2UgYXJlIGV4YW1pbmluZyBhIGxpdmUgc3lzdGVtICovCiAKKwogaW50CiBtYWluKGludCBhcmdj
 LCBjaGFyICphcmd2W10pCiB7CkBAIC00NjMsMzIgKzQ2NCwyMyBAQAogCQlkZWZhdWx0OgogCQkJ
 dXNhZ2UoKTsKIAkJfQotCWFyZ3YgKz0gb3B0aW5kOwotCWFyZ2MgLT0gb3B0aW5kOwotCi0jZGVm
 aW5lCUJBQ0tXQVJEX0NPTVBBVElCSUxJVFkKLSNpZmRlZglCQUNLV0FSRF9DT01QQVRJQklMSVRZ
 Ci0JaWYgKCphcmd2KSB7Ci0JCWlmIChpc2RpZ2l0KCoqYXJndikpIHsKLQkJCWludGVydmFsID0g
 YXRvaSgqYXJndik7Ci0JCQlpZiAoaW50ZXJ2YWwgPD0gMCkKLQkJCQl1c2FnZSgpOwotCQkJKyth
 cmd2OwotCQkJaWZsYWcgPSAxOwotCQl9Ci0JCWlmICgqYXJndikgewotCQkJbmxpc3RmID0gKmFy
 Z3Y7Ci0JCQlpZiAoKisrYXJndikKLQkJCQltZW1mID0gKmFyZ3Y7Ci0JCX0KLQl9Ci0jZW5kaWYK
 LQotCS8qCisgICAgLyoKKyAgICAgKiBQYXJhbXMgc2hvdWxkIGJlIHBhcnNlZCB3aXRob3V0IGVy
 cm9yLgorICAgICAqICovCisgICAgaWYoKihhcmd2ICs9IG9wdGluZCkpCisgICAgICAgIHVzYWdl
 KCk7CisgICAgLyoKKyAgICAgKiBrdm1fb3BlbmZpbGVzKDMpIGRvZXNuJ3QgbWFrZSB1c2Ugb2Yg
 bmxpc3RmIHZhbHVlIGlmIG1lbWYgaWYKKyAgICAgKiBudWxsLgorICAgICAqICovCisJaWYobmxp
 c3RmJiYhbWVtZikKKyAgICAgICAgZXJyeCgxLCJubyBjb3JlIGZpbGUgc3BlY2lmaWVkIik7Cisg
 ICAgLyoKIAkgKiBEaXNjYXJkIHNldGdpZCBwcml2aWxlZ2VzIGlmIG5vdCB0aGUgcnVubmluZyBr
 ZXJuZWwgc28gdGhhdCBiYWQKIAkgKiBndXlzIGNhbid0IHByaW50IGludGVyZXN0aW5nIHN0dWZm
 IGZyb20ga2VybmVsIG1lbW9yeS4KIAkgKi8KIAlsaXZlID0gKG5saXN0ZiA9PSBOVUxMICYmIG1l
 bWYgPT0gTlVMTCk7CisgICAgCiAJaWYgKCFsaXZlKQogCQlzZXRnaWQoZ2V0Z2lkKCkpOwogCg==
 
 ------=_Part_245680_27460863.1231514616637--