From owner-freebsd-bugs  Mon Feb 18  6:40:16 2002
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 8D21837B405
	for <freebsd-bugs@hub.freebsd.org>; Mon, 18 Feb 2002 06:40:01 -0800 (PST)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g1IEe1u09887;
	Mon, 18 Feb 2002 06:40:01 -0800 (PST)
	(envelope-from gnats)
Received: from vita.private.fio.cz (sf-wall.fio.cz [195.250.140.9])
	by hub.freebsd.org (Postfix) with ESMTP id 984C937B405
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 18 Feb 2002 06:36:19 -0800 (PST)
Received: (from root@localhost)
	by vita.private.fio.cz (8.11.6/8.11.6) id g1IEafJ21337;
	Mon, 18 Feb 2002 15:36:41 +0100 (CET)
	(envelope-from root)
Message-Id: <200202181436.g1IEafJ21337@vita.private.fio.cz>
Date: Mon, 18 Feb 2002 15:36:41 +0100 (CET)
From: vita@fio.cz
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.113
Subject: i386/35078: Uninitialized pointer dereference in func i386_parsedev in sys/boot/i386/libi386/devicename.c
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org


>Number:         35078
>Category:       i386
>Synopsis:       Uninitialized pointer dereference in func i386_parsedev in sys/boot/i386/libi386/devicename.c
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Feb 18 06:40:01 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     Vitezslav Novy
>Release:        FreeBSD 4.5-RELEASE i386
>Organization:
>Environment:
System: FreeBSD vita.private.fio.cz 4.5-RELEASE FreeBSD 4.5-RELEASE #4: Tue Feb 12 16:07:24 CET 2002 root@vita.private.fio.cz:/usr/src/sys/compile/VITA i386


	
>Description:
	When parsing device name without unit number, unset pointer cp is
	dereferenced
	
>How-To-Repeat:
	
>Fix:
--- sys/boot/i386/libi386/devicename.c.orig	Mon Feb 18 14:38:22 2002
+++ sys/boot/i386/libi386/devicename.c	Mon Feb 18 14:41:25 2002
@@ -135,12 +135,13 @@
 		}
 		cp++;
 	    }
-	}
-	if (*cp && (*cp != ':')) {
-	    err = EINVAL;
-	    goto fail;
-	}
-
+	    if (*cp && (*cp != ':')) {
+	      err = EINVAL;
+	      goto fail;
+	    }
+	} else {
+	    cp = np;
+	}    
 	idev->d_kind.biosdisk.unit = unit;
 	idev->d_kind.biosdisk.slice = slice;
 	idev->d_kind.biosdisk.partition = partition;
@@ -158,11 +159,14 @@
 		err = EUNIT;
 		goto fail;
 	    }
-	}
-	if (*cp && (*cp != ':')) {
-	    err = EINVAL;
-	    goto fail;
-	}
+	
+	    if (*cp && (*cp != ':')) {
+	        err = EINVAL;
+	        goto fail;
+	    }
+	} else {
+	    cp = np;
+	}    
 
 	if (dv->dv_type == DEVT_NET)
 	    idev->d_kind.netif.unit = unit;

	


>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message