[Bug 205928] Ipfw segmentation fault with nat command
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Tue Jan 5 18:25:03 UTC 2016
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=205928
Bug ID: 205928
Summary: Ipfw segmentation fault with nat command
Product: Base System
Version: 10.1-RELEASE
Hardware: amd64
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: bin
Assignee: freebsd-bugs at FreeBSD.org
Reporter: mk at steepath.eu
CC: freebsd-amd64 at FreeBSD.org
CC: freebsd-amd64 at FreeBSD.org
I was testing nat with ipfw, and during my test (reading example file), a
segmentation fault was found after executing one example command.
Here the bug:
----------------------------------------------------------------------
$ ipfw add nat
Segmentation fault
$ echo $?
139
----------------------------------------------------------------------
Here a small investigation:
----------------------------------------------------------------------
# cd /usr/src/sbin/ipfw
# make DEBUG_FLAGS=-g
$ gdb ./ipfw
(gdb) run add nat
Program received signal SIGSEGV, Segmentation fault.
0x0000000800b85fbb in strlen () from /lib/libc.so.7
(gdb) i r
rax 0x1b 27
rbx 0x6183f0 6390768
rcx 0x0 0
rdx 0x0 0
rsi 0x0 0
rdi 0x0 0
rbp 0x7fffffffd2e0 0x7fffffffd2e0
rsp 0x7fffffffd2e0 0x7fffffffd2e0
r8 0xfffff80235122920 -8786612704992
r9 0x0 0
r10 0x0 0
r11 0x246 582
r12 0x801406050 34380734544
r13 0x801406058 34380734552
r14 0x0 0
r15 0x3 3
rip 0x800b85fbb 0x800b85fbb <strlen+11>
eflags 0x10246 66118
cs 0x43 67
ss 0x3b 59
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
(gdb) bt
#0 0x0000000800b85fbb in strlen () from /lib/libc.so.7
#1 0x0000000000405c43 in ipfw_add (av=0x801406058) at ipfw2.c:527
#2 0x0000000000410182 in ipfw_main (oldac=<value optimized out>,
oldav=<value optimized out>)
at main.c:407
#3 0x000000000040f55b in main (ac=3, av=0x7fffffffe688) at
main.c:620
----------------------------------------------------------------------
after adding some c code into main.c:
----------------------------------------------------------------------
$ svnlite diff ipfw2.c
Index: ipfw2.c
===================================================================
--- ipfw2.c (revision 291749)
+++ ipfw2.c (working copy)
@@ -522,6 +522,7 @@
int
_substrcmp(const char *str1, const char* str2)
{
+ printf("str1: %s, str2: %s\n", str1, str2);
if (strncmp(str1, str2, strlen(str1)) != 0)
return 1;
@@ -2865,6 +2866,7 @@
* Some things that need to go out of order (prob, action etc.)
* go into actbuf[].
*/
+ printf("in\n");
static uint32_t rulebuf[255], actbuf[255], cmdbuf[255];
int rblen, ablen, cblen;
----------------------------------------------------------------------
This code return this:
----------------------------------------------------------------------
str1: add, str2: queue
str1: add, str2: flowset
str1: add, str2: sched
str1: add, str2: add
before:
in
str1: (null), str2: global
Segmentation fault
----------------------------------------------------------------------
So, ipfw try to compare a null-pointer to a const char* in strncmp() function.
I don't know if this segmentation fault is due to this last function, or linked
to another issue.
If you have any idea. ;)
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the freebsd-amd64
mailing list