Re: change mac address via ifconfig causes corrupted redzone

From: Ulrich Spoerlein <q_at_galgenberg.net>
Date: Sat, 14 Jan 2006 19:24:10 +0100
Rong-En Fan wrote:
> Hi all,
> 
> I'm running -current as of Jan 15 on i386. After upgrading, I saw
> following messages
> 
> # ifconfig fxp0 link aa:bb:cc:dd:ee:ff
> ifconfig: (malloc) Corrupted redzone 1 byte after 0xa000150 (size 18) (0x0)
> 
> I tried with MALLOC_OPTIONS=A to get a core dump, but the backtrace
> does not help (corrupted). My /etc/malloc.conf is 'aj'.

Problem does exist in RELENG_6 too, running it within valgrind give this

==4389== Invalid write of size 1
==4389==    at 0x3C031B24: strcpy (in /usr/local/lib/valgrind/vgpreload_memcheck.so)
==4389==    by 0x804B34C: (within /sbin/ifconfig)
==4389==    by 0x804A983: (within /sbin/ifconfig)
==4389==    by 0x8049645: (within /sbin/ifconfig)
==4389==  Address 0x3C11C0FE is 0 bytes after a block of size 18 alloc'd
==4389==    at 0x3C032183: malloc (in /usr/local/lib/valgrind/vgpreload_memcheck.so)
==4389==    by 0x804B331: (within /sbin/ifconfig)
==4389==    by 0x804A983: (within /sbin/ifconfig)
==4389==    by 0x8049645: (within /sbin/ifconfig)
==4389== 
==4389== Invalid read of size 1
==4389==    at 0x3C09579B: link_addr (in /lib/libc.so.6)
==4389==    by 0x804B35C: (within /sbin/ifconfig)
==4389==    by 0x804A983: (within /sbin/ifconfig)
==4389==    by 0x8049645: (within /sbin/ifconfig)
==4389==  Address 0x3C11C0FE is 0 bytes after a block of size 18 alloc'd
==4389==    at 0x3C032183: malloc (in /usr/local/lib/valgrind/vgpreload_memcheck.so)
==4389==    by 0x804B331: (within /sbin/ifconfig)
==4389==    by 0x804A983: (within /sbin/ifconfig)
==4389==    by 0x8049645: (within /sbin/ifconfig)

(yeah, sorry, no debugging symbols)

I'm pretty sure it's the link_getaddr in af_link.c, there are two
possible fixes, depending on the requirements of link_addr()

If link_addr *needs* a terminating '\0', then we need to
malloc(strlen(addr) + 2), if it doesn't need the terminating zero, we
should get away with strncpy(temp + 1, addr, strlen(addr))

I'm currently rebuilding world with debugging symbols and will report
back.

Ulrich Spoerlein
-- 
 PGP Key ID: F0DB9F44				Encrypted mail welcome!
Fingerprint: F1CE D062 0CA9 ADE3 349B  2FE8 980A C6B5 F0DB 9F44
Which is worse: ignorance or apathy?
Don't know. Don't care.
Received on Sat Jan 14 2006 - 17:24:17 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:50 UTC