NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: bin/51267 (NETBSD 3.1 crashes on continuous ping)

The following reply was made to PR bin/51267; it has been noted by GNATS.

From: "Greg A. Woods" <>
Subject: Re: bin/51267 (NETBSD 3.1 crashes on continuous ping)
Date: Thu, 30 Jun 2016 13:32:17 -0700

 Content-Type: text/plain; charset=ISO-8859-1
 Content-Transfer-Encoding: quoted-printable
 Turns out this is almost certainly due to the signal handlers in ping
 calling non-reentrant functions (stdio, and malloc via stdio).
 See the related question, which has been updated with additional
 information, along with my answer here:
 A good quick mostly fix would be to import OpenBSD's ping (and to keep
 in mind tracking it as it appears they will end up with a merged
 ping/ping6 at some point (soon?)).
 I say "mostly" because it appears on quick inspection that rev. 1.139 of
 OpenBSD ping still has a call to summary(signo) in a signal handler, and
 though their summary() avoids malloc() and stdout if called from a
 signal handler, I think on first glance it may still not be 100%
 reentrant due to the libc calls it does still make.  It's still 110%
 better than what we have in NetBSD now though.  (I think I've seen a
 crash from a signal handler calling NetBSD's snprintf(), but I'm not
 completely sure my memory is correct about that, and I have no notes
 about it that I can find.)
 The OpenBSD ping could have the SIGCONT feature patched into it, but
 that's hardly a critical feature that would go missing.
 BTW, this probably isn't a security-critical fix given that ping drops
 privs before setting up signal handlers, and I don't think it opens any
 avenues for remote exploitation.
 						Greg A. Woods
 						Planix, Inc.
 <>       +1 250 762-7675
 Content-Type: application/pgp-signature
 Content-Transfer-Encoding: 7bit
 Version: GnuPG v1.4.10 (NetBSD)

Home | Main Index | Thread Index | Old Index