Package: bsdutils
Version: 1.3-1
It is trivial to make /bin/kill segfault:
$ /bin/kill -l
INT QUIT ILL TRAP ABRT UNUSED FPE KILL USR1 SEGV USR2 PIPE ALRM TERM STKFLT CHLD
Segmentation fault (core dumped)
The appended patch fixes the bug. I suspect the person who wrote the code
has had some bad memories about Pascal :)
PS NSIG is the largest valid signal number + 1.
--
A. B <=> True B. A <=> False
Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]>
PGP Key: [EMAIL PROTECTED] or any other key sites
--
--- kill.c.orig Wed Mar 22 05:57:31 1995
+++ kill.c Wed Oct 25 15:33:21 1995
@@ -57,8 +57,8 @@
"QUIT", /* 3 */
"ILL", /* 4 */
"TRAP", /* 5 */
- "ABRT", /* 6 */
- "UNUSED",/* 7 */
+ "IOT", /* 6 */
+ "BUS", /* 7 */
"FPE", /* 8 */
"KILL", /* 9 */
"USR1", /* 10 */
@@ -74,6 +74,15 @@
"TSTP", /* 20 */
"TTIN", /* 21 */
"TTOU", /* 22 */
+ "URG", /* 23 */
+ "XCPU", /* 24 */
+ "XFSZ", /* 25 */
+ "VTALRM",/* 26 */
+ "PROF", /* 27 */
+ "WINCH", /* 28 */
+ "IO",/* 29 */
+ "PWR", /* 30 */
+ "UNUSED",/* 31 */
NULL
};
#endif /* __linux__ */
@@ -105,7 +114,7 @@
if (isalpha(**argv)) {
if (!strncasecmp(*argv, "sig", 3))
*argv += 3;
- for (numsig = NSIG, p = sys_signame + 1; --numsig; ++p)
+ for (numsig = NSIG, p = sys_signame; --numsig; ++p)
if (!strcasecmp(*p, *argv)) {
numsig = p - sys_signame;
break;
@@ -116,7 +125,7 @@
numsig = strtol(*argv, &ep, 10);
if (!*argv || *ep)
errx(1, "illegal signal number: %s", *argv);
- if (numsig <= 0 || numsig > NSIG)
+ if (numsig <= 0 || numsig >= NSIG)
nosig(*argv);
} else
nosig(*argv);
@@ -156,7 +165,7 @@
const char *const *p;
int cnt;
- for (cnt = NSIG, p = sys_signame + 1; --cnt; ++p) {
+ for (cnt = NSIG, p = sys_signame; --cnt; ++p) {
(void)fprintf(fp, "%s ", *p);
if (cnt == NSIG / 2)
(void)fprintf(fp, "\n");
