From nobody@FreeBSD.org  Wed Apr 24 23:27:35 2002
Return-Path: <nobody@FreeBSD.org>
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 9EE5D37B426
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 24 Apr 2002 23:27:34 -0700 (PDT)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g3P6RYu59757;
	Wed, 24 Apr 2002 23:27:34 -0700 (PDT)
	(envelope-from nobody)
Message-Id: <200204250627.g3P6RYu59757@freefall.freebsd.org>
Date: Wed, 24 Apr 2002 23:27:34 -0700 (PDT)
From: David Xu <davidx@viasoft.com.cn>
To: freebsd-gnats-submit@FreeBSD.org
Subject: incorrect move pointer in environment string table
X-Send-Pr-Version: www-1.0

>Number:         37443
>Category:       kern
>Synopsis:       incorrect move pointer in environment string table
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Apr 24 23:30:01 PDT 2002
>Closed-Date:    Thu Aug 26 15:09:05 GMT 2004
>Last-Modified:  Thu Aug 26 15:09:05 GMT 2004
>Originator:     David Xu
>Release:        FreeBSD 5.0-CURRENT
>Organization:
Viatech
>Environment:
System: FreeBSD davidbsd.viasoft.com.cn 5.0-CURRENT FreeBSD 5.0-CURRENT #12: Thu Apr 25 13:28:32
 CST 2002 root@davidbsd.viasoft.com.cn:/usr/src/sys/i386/compile/xu i386      
>Description:
in file /sys/kern/subr_hints.c, when res_find() searches string in dynamic environment string table, it losts an 'else' to avoid moving
string pointer which should only be executed when using static 
environment table.  
      
>How-To-Repeat:

>Fix:
--- /usr/src/sys/kern/subr_hints.c.orig Thu Apr 25 13:24:34 2002
+++ /usr/src/sys/kern/subr_hints.c      Thu Apr 25 13:25:25 2002
@@ -150,12 +150,14 @@
                        break;
                if (use_kenv)
                        cp = kenvp[++i];
-               while (*cp != '\0')
+               else {
+                       while (*cp != '\0')
+                               cp++;
                        cp++;
-               cp++;
-               if (*cp == '\0') {
-                       cp = NULL;
-                       break;
+                       if (*cp == '\0') {
+                               cp = NULL;
+                               break;
+                       }
                }
        }
        if (use_kenv)

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: arved 
State-Changed-When: Thu Aug 26 15:06:43 GMT 2004 
State-Changed-Why:  
This was committed a week after this PR was written, in subr_hints.c rev 
1.5 and 1.6 by Peter on May 1 2002.  

http://www.freebsd.org/cgi/query-pr.cgi?pr=37443 
>Unformatted:
