From cc@gatekeeper.gate5.de  Sat Sep  8 13:20:54 2001
Return-Path: <cc@gatekeeper.gate5.de>
Received: from gatekeeper.gate5.de (gatekeeper.gate5.de [212.84.193.254])
	by hub.freebsd.org (Postfix) with ESMTP id 679B237B409
	for <FreeBSD-gnats-submit@freebsd.org>; Sat,  8 Sep 2001 13:20:53 -0700 (PDT)
Received: (from cc@localhost)
	by gatekeeper.gate5.de (8.11.6/8.11.4) id f88KKak01433;
	Sat, 8 Sep 2001 22:20:36 +0200 (CEST)
	(envelope-from cc)
Message-Id: <200109082020.f88KKak01433@gatekeeper.gate5.de>
Date: Sat, 8 Sep 2001 22:20:36 +0200 (CEST)
From: Christian Carstensen <cc@devcon.net>
Reply-To: Christian Carstensen <cc@devcon.net>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: possible null pointer deref in bpfdetach()
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         30440
>Category:       kern
>Synopsis:       possible null pointer deref in bpfdetach()
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    mdodd
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Sep 08 13:30:01 PDT 2001
>Closed-Date:    Fri Mar 21 07:27:10 PST 2003
>Last-Modified:  Fri Mar 21 07:27:10 PST 2003
>Originator:     Christian Carstensen
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
>Environment:
System: FreeBSD albert.gate5.de 5.0-CURRENT FreeBSD 5.0-CURRENT #25: Thu Sep 6 04:20:50 CEST 2001 root@albert.gate5.de:/usr/src/sys/i386/compile/ALBERT i386

>Description:
in net/bpf.c, bpfdetach(), stuct bpf_if *bp is used in a for loop, that,
if not terminated by break before, leaves bp == NULL.
evaluating (bp->bif_ifp == NULL) two lines later will cause a NULL pointer
dereference, resulting in trap 12.

>How-To-Repeat:
just call bpfdetach(ifp) with any ifp that has no bpf interface attached.

>Fix:
RCS file: /usr/cvs/src/sys/net/bpf.c,v
retrieving revision 1.80
diff -r1.80 bpf.c
1267c1267
<       if (bp->bif_ifp == NULL) {
---
>       if (bp == NULL || bp->bif_ifp == NULL) {

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: mdodd 
State-Changed-When: Fri Mar 21 07:26:41 PST 2003 
State-Changed-Why:  
Comitted. 


Responsible-Changed-From-To: freebsd-bugs->mdodd 
Responsible-Changed-By: mdodd 
Responsible-Changed-When: Fri Mar 21 07:26:41 PST 2003 
Responsible-Changed-Why:  
Comitted. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=30440 
>Unformatted:
