Summary:
Improper checks in an ioctl can lead to a kernel panic.
Details:
recently added calls to rtlabel_id2name() for "ifconfig rtlabel"
did not properly check the return value before using it.
rtlabel_id2name can return NULL if there is no label assigned
or the ID is invalid.
Impact:
local users can cause a kernel panic by using the SIOCGIFRTLABEL
ioctl on interfaces with no route label assigned.
ifconfig does not use that ioctl.
Workaround:
none
Fix:
A fix has been committed to OpenBSD-current and the OpenBSD 4.2-stable
branch.
A patch for OpenBSD 4.2 will appear at the URL below shortly.
ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/005_ifrtlabel.patch
Older OpenBSD versions are not affected.
Credits:
The bug was found by Chris Cappuccio who also provided an initial
fix. The final fix was done by Henning Brauer.
Locked
attachment0 (194 bytes)