[PATCH] tunctl: fix segfault on ioctl failure
Natanael Copa
ncopa at alpinelinux.org
Fri Jan 17 08:32:17 UTC 2025
On Thu, 16 Jan 2025 21:53:08 +0900
Dominique Martinet <asmadeus at codewreck.org> wrote:
> From: Dominique Martinet <dominique.martinet at atmark-techno.com>
>
> libbb now takes "" instead of NULL as format string for nomsg functions,
> but this caller had not been updated making busybox segfault on tunctl
> commands when ioctl fails.
> This can be reproduced by running `tunctl -t tun0` in gdb and blocking
> with the tun open after being created, and running `tunctl -d tun0` in
> another shell: the later will fail with EBUSY after fixing:
> > tunctl: Device or resource busy
>
> function old new delta
> tunctl_main 393 409 +16
>
> Fixes: 4bd70463c7e7 ("libbb: pass "" rather than NULL as format string in _nomsg functions")
> Signed-off-by: Dominique Martinet <dominique.martinet at atmark-techno.com>
> ---
> Note this delta negates the benefit of the patch it fixes in term of
> size, so it might actually be better to just revert that one instead...
>
> networking/tunctl.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/networking/tunctl.c b/networking/tunctl.c
> index c17302eac1fb..cdb7eb659f35 100644
> --- a/networking/tunctl.c
> +++ b/networking/tunctl.c
> @@ -54,7 +54,7 @@
> #define TUNSETGROUP _IOW('T', 206, int)
> #endif
>
> -#define IOCTL(a, b, c) ioctl_or_perror_and_die(a, b, c, NULL)
> +#define IOCTL(a, b, c) ioctl_or_perror_and_die(a, b, c, "")
>
> #if 1
>
Acked-by: Natanael Copa <ncopa at alpinelinux.org>
Downstream report: https://gitlab.alpinelinux.org/alpine/aports/-/issues/16846
More information about the busybox
mailing list