[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: bin/51267 (NETBSD 3.1 crashes on continuous ping)
The following reply was made to PR bin/51267; it has been noted by GNATS.
From: "Greg A. Woods" <woods%planix.ca@localhost>
To: NetBSD GNATS <gnats-bugs%NetBSD.org@localhost>
Subject: Re: bin/51267 (NETBSD 3.1 crashes on continuous ping)
Date: Thu, 30 Jun 2016 13:32:17 -0700
Content-Type: text/plain; charset=ISO-8859-1
Turns out this is almost certainly due to the signal handlers in ping
calling non-reentrant functions (stdio, and malloc via stdio).
See the related question, which has been updated with additional
information, along with my answer here:
A good quick mostly fix would be to import OpenBSD's ping (and to keep
in mind tracking it as it appears they will end up with a merged
ping/ping6 at some point (soon?)).
I say "mostly" because it appears on quick inspection that rev. 1.139 of
OpenBSD ping still has a call to summary(signo) in a signal handler, and
though their summary() avoids malloc() and stdout if called from a
signal handler, I think on first glance it may still not be 100%
reentrant due to the libc calls it does still make. It's still 110%
better than what we have in NetBSD now though. (I think I've seen a
crash from a signal handler calling NetBSD's snprintf(), but I'm not
completely sure my memory is correct about that, and I have no notes
about it that I can find.)
The OpenBSD ping could have the SIGCONT feature patched into it, but
that's hardly a critical feature that would go missing.
BTW, this probably isn't a security-critical fix given that ping drops
privs before setting up signal handlers, and I don't think it opens any
avenues for remote exploitation.
Greg A. Woods
<woods%planix.com@localhost> +1 250 762-7675 http://www.planix.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (NetBSD)
-----END PGP SIGNATURE-----
Main Index |
Thread Index |