[Bug 248444] /usr/sbin/jail crashes when parsing certain configuration files
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat Aug 15 17:49:47 UTC 2020
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248444
Akos Somfai <akos.somfai at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |akos.somfai at gmail.com
--- Comment #1 from Akos Somfai <akos.somfai at gmail.com> ---
Created attachment 217233
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=217233&action=edit
proposed patch for jail
The issue is seen every time when the defined variable ("$interface" in the bug
report) is the same as one of the built-in jail.conf parameters excluding the
leading "$". The crash is a use-after-free as variable data is free-ed at a
point but referenced later from intparams.
Having a variable with the same name as a built-in one is problematic anyways
-- the fix eliminates the crash and treats such entries as pure variables as
expected by the leading "$". This is also according to the jail.conf
description that says that "variables are only used for substitution, while
parameters are used both for substitution and for passing to the kernel."
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-jail
mailing list