From spoerlein@informatik.uni-wuerzburg.de  Mon Sep 12 08:10:38 2005
Return-Path: <spoerlein@informatik.uni-wuerzburg.de>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id F3D4A16A41F;
	Mon, 12 Sep 2005 08:10:37 +0000 (GMT)
	(envelope-from spoerlein@informatik.uni-wuerzburg.de)
Received: from wrzx28.rz.uni-wuerzburg.de (wrzx28.rz.uni-wuerzburg.de [132.187.3.28])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 674BF43D45;
	Mon, 12 Sep 2005 08:10:37 +0000 (GMT)
	(envelope-from spoerlein@informatik.uni-wuerzburg.de)
Received: from wrzx34.rz.uni-wuerzburg.de (wrzx34.rz.uni-wuerzburg.de [132.187.3.34])
	by wrzx28.rz.uni-wuerzburg.de (Postfix) with ESMTP
	id B4CFB13B8BC; Mon, 12 Sep 2005 10:10:35 +0200 (CEST)
Received: from virusscan (localhost [127.0.0.1])
	by wrzx34.rz.uni-wuerzburg.de (Postfix) with ESMTP
	id 93F78B2EAD; Mon, 12 Sep 2005 10:10:35 +0200 (CEST)
Received: from wrzx28.rz.uni-wuerzburg.de (wrzx28.rz.uni-wuerzburg.de [132.187.3.28])
	by wrzx34.rz.uni-wuerzburg.de (Postfix) with ESMTP
	id 724B458FC0; Mon, 12 Sep 2005 10:10:35 +0200 (CEST)
Received: from frodo.galgenberg.net (wwsx14.win-screen.uni-wuerzburg.de [132.187.253.14])
	by wrzx28.rz.uni-wuerzburg.de (Postfix) with ESMTP
	id 3B95713B8BC; Mon, 12 Sep 2005 10:10:35 +0200 (CEST)
Received: from coyote.q.local (gb-21-237.galgenberg.net [172.16.21.237])
	by frodo.galgenberg.net (8.13.1/8.13.1) with ESMTP id j8C8AYQ2041125;
	Mon, 12 Sep 2005 10:10:34 +0200 (CEST)
	(envelope-from spoerlein@informatik.uni-wuerzburg.de)
Received: from coyote.q.local (localhost [127.0.0.1])
	by coyote.q.local (8.13.3/8.13.1) with ESMTP id j8C8AYGC053260;
	Mon, 12 Sep 2005 10:10:34 +0200 (CEST)
	(envelope-from q@coyote.q.local)
Received: (from q@localhost)
	by coyote.q.local (8.13.3/8.13.1/Submit) id j8C8AYxL053259;
	Mon, 12 Sep 2005 10:10:34 +0200 (CEST)
	(envelope-from q)
Message-Id: <200509120810.j8C8AYxL053259@coyote.q.local>
Date: Mon, 12 Sep 2005 10:10:34 +0200 (CEST)
From: Ulrich Spoerlein <q@galgenberg.net>
Reply-To: Ulrich Spoerlein <q@galgenberg.net>
To: FreeBSD-gnats-submit@freebsd.org
Cc: grog@freebsd.org
Subject: [PATCH] usr.sbin/asf: Fix segfault on bogus input
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         86006
>Category:       bin
>Synopsis:       [PATCH] usr.sbin/asf: Fix segfault on bogus input
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Sep 12 08:20:12 GMT 2005
>Closed-Date:    Wed Sep 21 08:22:16 GMT 2005
>Last-Modified:  Wed Sep 21 08:22:16 GMT 2005
>Originator:     Ulrich Spoerlein
>Release:        FreeBSD 5.4-RELEASE-p2 i386
>Organization:
>Environment:
System: FreeBSD 5.4-RELEASE-p2
>Description:
asf(8) uses uninitialized variables. I notices this while ... umm ..
testing my keyboard with kbdmux.

Please also have a look at bin/71653 which is yet another bug in asf(8).
>How-To-Repeat:
$ asf
asf
Segmentation fault (core dumped)
>Fix:
--- asf.patch begins here ---
--- usr.sbin/asf/asf.c.orig	Mon Sep 12 09:58:03 2005
+++ usr.sbin/asf/asf.c	Mon Sep 12 10:02:44 2005
@@ -247,6 +247,9 @@
 	    quad_t bssaddr;
 
 	    tokens = tokenize(buf, token, MAXTOKEN);
+	    if (tokens < 4)
+	      continue;
+
 	    base = strtoll(token[2], NULL, 16);
 	    if (!dofind) {
 		strcpy(basetoken, token[4]);
--- asf.patch ends here ---
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: linimon 
State-Changed-When: Wed Sep 21 08:21:38 GMT 2005 
State-Changed-Why:  
Fixed by grog on 2005-09-21 05:20:03 UTC in asf.c. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=86006 
>Unformatted:
