Date: Mon, 18 Feb 2002 15:36:41 +0100 (CET) From: vita@fio.cz To: FreeBSD-gnats-submit@freebsd.org Subject: i386/35078: Uninitialized pointer dereference in func i386_parsedev in sys/boot/i386/libi386/devicename.c Message-ID: <200202181436.g1IEafJ21337@vita.private.fio.cz>
next in thread | raw e-mail | index | archive | help
>Number: 35078
>Category: i386
>Synopsis: Uninitialized pointer dereference in func i386_parsedev in sys/boot/i386/libi386/devicename.c
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Feb 18 06:40:01 PST 2002
>Closed-Date:
>Last-Modified:
>Originator: Vitezslav Novy
>Release: FreeBSD 4.5-RELEASE i386
>Organization:
>Environment:
System: FreeBSD vita.private.fio.cz 4.5-RELEASE FreeBSD 4.5-RELEASE #4: Tue Feb 12 16:07:24 CET 2002 root@vita.private.fio.cz:/usr/src/sys/compile/VITA i386
>Description:
When parsing device name without unit number, unset pointer cp is
dereferenced
>How-To-Repeat:
>Fix:
--- sys/boot/i386/libi386/devicename.c.orig Mon Feb 18 14:38:22 2002
+++ sys/boot/i386/libi386/devicename.c Mon Feb 18 14:41:25 2002
@@ -135,12 +135,13 @@
}
cp++;
}
- }
- if (*cp && (*cp != ':')) {
- err = EINVAL;
- goto fail;
- }
-
+ if (*cp && (*cp != ':')) {
+ err = EINVAL;
+ goto fail;
+ }
+ } else {
+ cp = np;
+ }
idev->d_kind.biosdisk.unit = unit;
idev->d_kind.biosdisk.slice = slice;
idev->d_kind.biosdisk.partition = partition;
@@ -158,11 +159,14 @@
err = EUNIT;
goto fail;
}
- }
- if (*cp && (*cp != ':')) {
- err = EINVAL;
- goto fail;
- }
+
+ if (*cp && (*cp != ':')) {
+ err = EINVAL;
+ goto fail;
+ }
+ } else {
+ cp = np;
+ }
if (dv->dv_type == DEVT_NET)
idev->d_kind.netif.unit = unit;
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200202181436.g1IEafJ21337>