From eugen@syslog.sd.rdtc.ru  Tue Jun 26 09:43:08 2012
Return-Path: <eugen@syslog.sd.rdtc.ru>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id E6EFB1065670
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 26 Jun 2012 09:43:08 +0000 (UTC)
	(envelope-from eugen@syslog.sd.rdtc.ru)
Received: from syslog.sd.rdtc.ru (unknown [IPv6:2a03:3100:4:17::17])
	by mx1.freebsd.org (Postfix) with ESMTP id 4E2938FC0A
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 26 Jun 2012 09:43:07 +0000 (UTC)
Received: from syslog.sd.rdtc.ru (localhost [127.0.0.1])
	by syslog.sd.rdtc.ru (8.14.5/8.14.5) with ESMTP id q5Q9gevT060025
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 26 Jun 2012 16:43:05 +0700 (NOVT)
	(envelope-from eugen@syslog.sd.rdtc.ru)
Received: (from eugen@localhost)
	by syslog.sd.rdtc.ru (8.14.5/8.14.5/Submit) id q5Q9ge33060024;
	Tue, 26 Jun 2012 16:42:40 +0700 (NOVT)
	(envelope-from eugen)
Message-Id: <201206260942.q5Q9ge33060024@syslog.sd.rdtc.ru>
Date: Tue, 26 Jun 2012 16:42:40 +0700 (NOVT)
From: Eugene Grosbein <egrosbein@rdtc.ru>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [patch] Stock ntpd segfaults when used with GPS pps source
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         169439
>Category:       bin
>Synopsis:       [patch] ntpd(8): Stock ntpd segfaults when used with GPS pps source
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jun 26 09:50:03 UTC 2012
>Closed-Date:    
>Last-Modified:  Wed Jun 27 03:44:00 UTC 2012
>Originator:     Eugene Grosbein
>Release:        FreeBSD 8.3-STABLE amd64
>Organization:
RDTC JSC
>Environment:
System: FreeBSD syslog.sd.rdtc.ru 8.3-STABLE FreeBSD 8.3-STABLE #4: Wed Jun 20 01:33:15 NOVT 2012 root@syslog.sd.rdtc.ru:/usr/local/obj/usr/local/src/sys/SYSLOG amd64

>Description:
	
	From my /etc/ntp.conf:

#       The GPS receiver on cuau3 at 4800 baud
#
#       mode 1 = use $GPRMC statements
#       time1 = trimming offset
#       flag3 1 = enable Kernel PPS discipline
#
server 127.127.20.1 mode 1 iburst maxpoll 9 prefer
fudge 127.127.20.1 time1 0.000 flag3 1 refid PPS

	ntpd segfaults while parsing configuration due to missing check for NULL pointer.

>How-To-Repeat:
	See above
>Fix:

--- contrib/ntp/ntpd/refclock_nmea.c.orig	2012-06-26 16:10:46.000000000 +0700
+++ contrib/ntp/ntpd/refclock_nmea.c	2012-06-26 16:11:12.000000000 +0700
@@ -257,7 +257,7 @@
 	pp = peer->procptr;
 	up = (struct nmeaunit *)pp->unitptr;
 #ifdef HAVE_PPSAPI
-	if (up->handle != 0)
+	if (up && up->handle != 0)
 		time_pps_destroy(up->handle);
 #endif /* HAVE_PPSAPI */
 	io_closeclock(&pp->io);


>Release-Note:
>Audit-Trail:
>Unformatted:
