[PATCH] Fix segfault in getprotobyname()

Atsushi Nemoto anemo at mba.ocn.ne.jp
Wed Apr 18 09:28:39 UTC 2007


I found ping (in busybox) segfault when linked with uClibc-0.9.29_rc1.

The getprotoent_r() in uClibc does not return proper error value if it
failed (due to wrong name or missing /etc/protocols file, etc).  Then
NULL will be passed to strcmp() and crash.

This bug is introduced by this commit:

> Author: andersen
> Date: 2006-12-07 15:24:02 -0800 (Thu, 07 Dec 2006)
> New Revision: 16801
> 
> Log:
> Major cleanup of internal mutex locking.  Be more consistant in how we do
> things, and avoid potential deadlocks caused when a thread holding a uClibc
> internal lock get canceled and terminates without releasing the lock.  This
> change also provides a single place, bits/uClibc_mutex.h, for thread libraries
> to modify to change all instances of internal locking.

Here is a patch.  I hope it is not too late for final 0.9.29.  Thank you.

diff -urNp uClibc-0.9.29_rc1.org/libc/inet/getproto.c uClibc-0.9.29_rc1/libc/inet/getproto.c
--- uClibc-0.9.29_rc1.org/libc/inet/getproto.c	2006-12-08 08:24:02.000000000 +0900
+++ uClibc-0.9.29_rc1/libc/inet/getproto.c	2007-04-18 18:00:12.000000000 +0900
@@ -195,7 +195,7 @@ again:
     rv = 0;
 DONE:
     __UCLIBC_MUTEX_UNLOCK(mylock);
-    return 0;
+    return rv;
 }
 libc_hidden_def(getprotoent_r)
 



More information about the uClibc mailing list