Bug 11110 - tftp segfaults on empty input line
tftp segfaults on empty input line
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: tftp (Show other bugs)
6.2
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Bill Nottingham
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-04-28 19:55 EDT by Philipp Rumpf
Modified: 2014-03-16 22:13 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-04-28 22:02:01 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Philipp Rumpf 2000-04-28 19:55:38 EDT
ltrace:
__libc_start_main(0x080497c0, 1, 0xbffffc04, 0x0804899c, 0x0804acdc
<unfinished ...>
__register_frame_info(0x0804c7c0, 0x0804c950, 0xbffffbc4, 0x080489c1,
0x4010448c) = 0x40104fc0
getservbyname(0x0804af40, 0x0804af91, 0x4010448c, 0xbffffbb8, 0x08048d1b) =
0x4010715c
socket(2, 2, 0)                                   = 3
bind(3, 0xbffffba8, 16, 0x4010448c, 2)            = 0
memcpy(0x0804cc60, "netascii", 9)                 = 0x0804cc60
signal(2, 0x0804a570)                             = NULL
__sigsetjmp(0x0804ce80, 1, 0x4010448c, 2, 0)      = 0
printf("%s> ", "tftp")                            = 6
fgets(tftp>
"\n", 200, 0x40102ba0)                      = 0x0804cc80
--- SIGSEGV (Segmentation fault) ---
+++ killed by SIGSEGV +++
Comment 1 Philipp Rumpf 2000-04-28 20:12:59 EDT
okay, found it.  makeargv() (note the charming 80's-style name) correctly sets
margv[0] == NULL (global variables, too!) command() passes this on to getcmd()
without checking it for NULL, and getcmd doesn't check it either.

My suggested fix is to insert

	if(name == NULL)
		return NULL;

in getcmd().
Comment 2 Philipp Rumpf 2000-04-28 22:02:59 EDT
Here is a slightly more useful patch (after talking to David Holland this seems
to be the same behavior ftp aso have)

diff -u -3 -r1.12 main.c
--- main.c      1999/09/29 02:01:31     1.12
+++ main.c      2000/04/29 00:41:18
@@ -613,6 +613,10 @@
                if (line[0] == 0)
                        continue;
                makeargv();
+               if (margc<1) {
+                       /* empty line */
+                       continue;
+               }
                c = getcmd(margv[0]);
                if (c == (struct cmd *)-1) {
                        printf("?Ambiguous command\n");

Note You need to log in before you can comment on or make changes to this bug.