From root@vita.private.fio.cz  Mon Feb 18 06:36:21 2002
Return-Path: <root@vita.private.fio.cz>
Received: from vita.private.fio.cz (sf-wall.fio.cz [195.250.140.9])
	by hub.freebsd.org (Postfix) with ESMTP id 984C937B405
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 18 Feb 2002 06:36:19 -0800 (PST)
Received: (from root@localhost)
	by vita.private.fio.cz (8.11.6/8.11.6) id g1IEafJ21337;
	Mon, 18 Feb 2002 15:36:41 +0100 (CET)
	(envelope-from root)
Message-Id: <200202181436.g1IEafJ21337@vita.private.fio.cz>
Date: Mon, 18 Feb 2002 15:36:41 +0100 (CET)
From: vita@fio.cz
Reply-To:
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: Uninitialized pointer dereference in func i386_parsedev in sys/boot/i386/libi386/devicename.c
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         35078
>Category:       i386
>Synopsis:       [i386] [patch] Uninitialized pointer dereference in func i386_parsedev in sys/boot/i386/libi386/devicename.c
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    remko
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Feb 18 06:40:01 PST 2002
>Closed-Date:    Mon Sep 11 10:07:27 GMT 2006
>Last-Modified:  Mon Sep 11 10:07:27 GMT 2006
>Originator:     Vitezslav Novy
>Release:        FreeBSD 4.5-RELEASE i386
>Organization:
>Environment:
System: FreeBSD vita.private.fio.cz 4.5-RELEASE FreeBSD 4.5-RELEASE #4: Tue Feb 12 16:07:24 CET 2002 root@vita.private.fio.cz:/usr/src/sys/compile/VITA i386


	
>Description:
	When parsing device name without unit number, unset pointer cp is
	dereferenced
	
>How-To-Repeat:
	
>Fix:
--- sys/boot/i386/libi386/devicename.c.orig	Mon Feb 18 14:38:22 2002
+++ sys/boot/i386/libi386/devicename.c	Mon Feb 18 14:41:25 2002
@@ -135,12 +135,13 @@
 		}
 		cp++;
 	    }
-	}
-	if (*cp && (*cp != ':')) {
-	    err = EINVAL;
-	    goto fail;
-	}
-
+	    if (*cp && (*cp != ':')) {
+	      err = EINVAL;
+	      goto fail;
+	    }
+	} else {
+	    cp = np;
+	}    
 	idev->d_kind.biosdisk.unit = unit;
 	idev->d_kind.biosdisk.slice = slice;
 	idev->d_kind.biosdisk.partition = partition;
@@ -158,11 +159,14 @@
 		err = EUNIT;
 		goto fail;
 	    }
-	}
-	if (*cp && (*cp != ':')) {
-	    err = EINVAL;
-	    goto fail;
-	}
+	
+	    if (*cp && (*cp != ':')) {
+	        err = EINVAL;
+	        goto fail;
+	    }
+	} else {
+	    cp = np;
+	}    
 
 	if (dv->dv_type == DEVT_NET)
 	    idev->d_kind.netif.unit = unit;

	


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: remko 
State-Changed-When: Sun Sep 3 09:43:03 UTC 2006 
State-Changed-Why:  
Can you tell me whether this had been resolved already? 
(I did not look this up in the code or anything yet). 


Responsible-Changed-From-To: freebsd-i386->remko 
Responsible-Changed-By: remko 
Responsible-Changed-When: Sun Sep 3 09:43:03 UTC 2006 
Responsible-Changed-Why:  
Grab the PR 

http://www.freebsd.org/cgi/query-pr.cgi?pr=35078 
State-Changed-From-To: feedback->closed 
State-Changed-By: remko 
State-Changed-When: Mon Sep 11 10:07:26 UTC 2006 
State-Changed-Why:  
feedback timeout 

http://www.freebsd.org/cgi/query-pr.cgi?pr=35078 
>Unformatted:
