From nobody@FreeBSD.org Thu Jul 29 17:13:41 2004 Return-Path: Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 984E416A4CE for ; Thu, 29 Jul 2004 17:13:41 +0000 (GMT) Received: from www.freebsd.org (www.freebsd.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 751C843D3F for ; Thu, 29 Jul 2004 17:13:41 +0000 (GMT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.12.11/8.12.11) with ESMTP id i6THDMre089748 for ; Thu, 29 Jul 2004 17:13:22 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.12.11/8.12.11/Submit) id i6THDMth089747; Thu, 29 Jul 2004 17:13:22 GMT (envelope-from nobody) Message-Id: <200407291713.i6THDMth089747@www.freebsd.org> Date: Thu, 29 Jul 2004 17:13:22 GMT From: bronek To: freebsd-gnats-submit@FreeBSD.org Subject: SEGV in killall X-Send-Pr-Version: www-2.3 >Number: 69768 >Category: misc >Synopsis: SEGV in killall >Confidential: no >Severity: non-critical >Priority: medium >Responsible: maxim >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Jul 29 17:20:29 GMT 2004 >Closed-Date: Thu Aug 05 04:07:22 GMT 2004 >Last-Modified: Thu Aug 05 04:07:22 GMT 2004 >Originator: bronek >Release: 4.10-STABLE >Organization: >Environment: FreeBSD bronek 4.10-STABLE FreeBSD 4.10-STABLE #17: Tue Jul 27 08:43:17 CEST 2004 root@bronek:/usr/obj/usr/src/sys/BRONEK i386 >Description: killall is Segmention Fault if killing process is zombie bronek# grep -nR NSIG /usr/src | more .. /usr/src/usr.bin/killall/killall.c:203: if (sig < 0 || sig > NSIG) .. /usr/src/usr.sbin/ppp/sig.c:68: if (sig <= 0 || sig > NSIG) { .. the same bug propably in sig.c, but not vuln. >How-To-Repeat: bronek# ps wuax | grep -w cu uucp 419 0.0 0.3 1044 760 v0 IE+ 1:09PM 0:00.02 cu -hl /dev/cuaa0 uucp 420 0.0 0.0 0 0 v0 Z+ 1:09PM 0:00.00 (cu) bronek# kill -9 419 bronek# kill -9 419 bronek# kill -9 420 420: No such process bronek# kill -9 419 bronek# ps wuax | grep -w cu uucp 419 0.0 0.3 1044 760 v0 IE+ 1:09PM 0:00.02 cu -hl /dev/cuaa0 uucp 420 0.0 0.0 0 0 v0 Z+ 1:09PM 0:00.00 (cu) bronek# killall -9 cu killall: kill -KILL 420: No such process bronek# killall -32 cu Segmentation fault (core dumped) >Fix: *** killall.c xxx --- killall.c Fri Jul 23 14:31:42 2004 *************** *** 200,206 **** sig = strtol(*av, &ep, 10); if (!*av || *ep) errx(1, "illegal signal number: %s", *av); ! if (sig < 0 || sig > NSIG) nosig(*av); } else nosig(*av); --- 200,206 ---- sig = strtol(*av, &ep, 10); if (!*av || *ep) errx(1, "illegal signal number: %s", *av); ! if (sig < 0 || sig >= NSIG) nosig(*av); } else nosig(*av); >Release-Note: >Audit-Trail: State-Changed-From-To: open->patched State-Changed-By: maxim State-Changed-When: Thu Jul 29 18:42:07 GMT 2004 State-Changed-Why: Fixed in -CURRENT, thanks! http://www.freebsd.org/cgi/query-pr.cgi?pr=69768 Responsible-Changed-From-To: freebsd-bugs->maxim Responsible-Changed-By: maxim Responsible-Changed-When: Thu Jul 29 18:42:35 GMT 2004 Responsible-Changed-Why: MFC reminder. http://www.freebsd.org/cgi/query-pr.cgi?pr=69768 State-Changed-From-To: patched->closed State-Changed-By: maxim State-Changed-When: Thu Aug 5 04:07:06 GMT 2004 State-Changed-Why: Fixed in -STABLE as well. http://www.freebsd.org/cgi/query-pr.cgi?pr=69768 >Unformatted: