From nobody@www.freebsd.org Fri Jun 21 03:57:07 2002 Return-Path: Received: from nwww.freebsd.org (www.FreeBSD.org [216.136.204.117]) by hub.freebsd.org (Postfix) with ESMTP id C0E4837B447 for ; Fri, 21 Jun 2002 03:56:26 -0700 (PDT) Received: from www.freebsd.org (localhost [127.0.0.1]) by nwww.freebsd.org (8.12.2/8.12.2) with ESMTP id g5LAuIhG087381 for ; Fri, 21 Jun 2002 03:56:18 -0700 (PDT) (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.12.2/8.12.2/Submit) id g5LAuI3i087380; Fri, 21 Jun 2002 03:56:18 -0700 (PDT) Message-Id: <200206211056.g5LAuI3i087380@www.freebsd.org> Date: Fri, 21 Jun 2002 03:56:18 -0700 (PDT) From: Peter N Lewis To: freebsd-gnats-submit@FreeBSD.org Subject: traceroute fd_set allocation bug X-Send-Pr-Version: www-1.0 >Number: 39617 >Category: bin >Synopsis: traceroute fd_set allocation bug >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Jun 21 04:00:09 PDT 2002 >Closed-Date: Mon Jul 08 05:24:54 PDT 2002 >Last-Modified: Mon Jul 08 05:24:54 PDT 2002 >Originator: Peter N Lewis >Release: N/A >Organization: Stairways Software >Environment: N/A >Description: traceroute.c does this: nfds = howmany(sock + 1, NFDBITS); if ((fdsp = malloc(nfds)) == NULL) err(1, "malloc"); memset(fdsp, 0, nfds); this is not valid since the fd_set is made up of fd_mask. nfds should be: nfds = howmany(sock + 1, NFDBITS) * sizeof(fd_mask); >How-To-Repeat: Run traceroute with pre-opened files such that sock (global variable s, the receiving socket) is greater than 7. In normal operation, it is usally 3 or 4 which is why this bug remains undetected. >Fix: nfds = howmany(sock + 1, NFDBITS) * sizeof(fd_mask); >Release-Note: >Audit-Trail: State-Changed-From-To: open->patched State-Changed-By: robert State-Changed-When: Sun Jun 23 14:55:58 PDT 2002 State-Changed-Why: A fix has been commited to -current. Thank you for submitting the bug report! http://www.freebsd.org/cgi/query-pr.cgi?pr=39617 State-Changed-From-To: patched->closed State-Changed-By: robert State-Changed-When: Mon Jul 8 05:24:10 PDT 2002 State-Changed-Why: Patched in both -current and -stable. http://www.freebsd.org/cgi/query-pr.cgi?pr=39617 >Unformatted: