From owner-freebsd-bugs  Tue Nov 19 19:50:09 1996
Return-Path: owner-bugs
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id TAA00449
          for bugs-outgoing; Tue, 19 Nov 1996 19:50:09 -0800 (PST)
Received: (from gnats@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id TAA00442;
          Tue, 19 Nov 1996 19:50:06 -0800 (PST)
Resent-Date: Tue, 19 Nov 1996 19:50:06 -0800 (PST)
Resent-Message-Id: <199611200350.TAA00442@freefall.freebsd.org>
Resent-From: gnats (GNATS Management)
Resent-To: freebsd-bugs
Resent-Reply-To: FreeBSD-gnats@freefall.FreeBSD.org, gdonl@tsc.tdk.com
Received: from w3.gv.tsc.tdk.com (gdonl@w3.gv.tsc.tdk.com [146.252.40.195])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id TAA00116
          for <FreeBSD-gnats-submit@freebsd.org>; Tue, 19 Nov 1996 19:44:17 -0800 (PST)
Received: (from gdonl@localhost) by w3.gv.tsc.tdk.com (8.8.3/8.8.3) id TAA00952; Tue, 19 Nov 1996 19:44:06 -0800 (PST)
Message-Id: <199611200344.TAA00952@w3.gv.tsc.tdk.com>
Date: Tue, 19 Nov 1996 19:44:06 -0800 (PST)
From: Don Lewis <Don.Lewis@tsc.tdk.com>
Reply-To: gdonl@tsc.tdk.com
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.2
Subject: bin/2067: dereference of uninitialized variable in tickadj
Sender: owner-bugs@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


>Number:         2067
>Category:       bin
>Synopsis:       An unitialized pointer is dereferenced in tickadj
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Nov 19 19:50:03 PST 1996
>Last-Modified:
>Originator:     Don Lewis
>Organization:
TDK Semiconductor Corp.
>Release:        FreeBSD 2.1.5-STABLE i386
>Environment:

	The bug is present in 2.1.5-STABLE through post 2.2 -current

>Description:

	The getoffsets() routine in tickadj dereferences the pointer
	"kname" without initializing it.

>How-To-Repeat:

	run tickadj

>Fix:
	
*** usr.sbin/xntpd/util/ORIGtickadj.c	Sun Nov 10 19:32:50 1996
--- usr.sbin/xntpd/util/tickadj.c	Tue Nov 19 19:33:11 1996
***************
*** 339,345 ****
  	unsigned long *dosync_off;
  	unsigned long *noprintf_off;
  {
! 	char **kname;
  
  #if defined(SYS_AUX3) || defined(SYS_AUX2)
  #define X_TICKADJ       0
--- 339,345 ----
  	unsigned long *dosync_off;
  	unsigned long *noprintf_off;
  {
! 	char **kname, *knm;
  
  #if defined(SYS_AUX3) || defined(SYS_AUX2)
  #define X_TICKADJ       0
***************
*** 445,450 ****
--- 445,451 ----
  	struct stat stbuf;
  
  #ifdef HAVE_GETBOOTFILE
+ 	kname = &knm;
  	*kname = getbootfile();
  	if (stat(*kname, &stbuf) == -1 || nlist(*kname, nl) == -1)
  		*kname = NULL;
>Audit-Trail:
>Unformatted: