 Relationships |
|
| Anonymous | Login | Signup for a new account | 11-10-2008 10:49 PST |
| Main | My View | View Issues | Change Log | Docs |
| Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | ||||||||
| ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||||
| 0000429 | [udhcp] | crash | always | 09-13-05 17:39 | 02-12-08 12:40 | ||||
| Reporter | patricktou | View Status | public | ||||||
| Assigned To | |||||||||
| Priority | normal | Resolution | fixed | ||||||
| Status | closed | ||||||||
| Summary | 0000429: incomplete padding of environ causes udhcp to crash with EFAULT Bad address when forking script | ||||||||
| Description |
In udhcpc/script.c: run_script(), the script is called by execle() passing the generated char **envp. If envp is not null terminated, the fork will fail, with errno set to "Bad address". This is caused by udhcpc/script.c:fill_envp() When envp is xcalloc()'d, it requests 5 spaces in addition to 1 for each option: 1 "interface=" 2 "path=" 3 "HOME=" 4 "ip=" 5 the ending null In the for loop generating the options, dhcp_options[].code == DHCP_SUBNET will take up 2 spaces, using up the ending null. This causes the generated envp to no longer be null terminated. |
||||||||
| Additional Information | |||||||||
| Attached Files | |||||||||
|
|
|||||||||
|
Relationships |
|
|
Notes |
|
|
(0004244) vda 02-12-08 12:40 |
Apparently fixed in svn: for (i = 0; dhcp_options[i].code; i++) { if (get_option(packet, dhcp_options[i].code)) { num_options++; if (dhcp_options[i].code == DHCP_SUBNET) num_options++; /* for mton */ } } |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 09-13-05 17:39 | patricktou | New Issue | |
| 02-12-08 12:40 | vda | Status | new => closed |
| 02-12-08 12:40 | vda | Note Added: 0004244 | |
| 02-12-08 12:40 | vda | Resolution | open => fixed |
| Copyright © 2000 - 2006 Mantis Group |  |
