From owner-freebsd-bugs  Mon Apr 10 16:24:54 2000
Delivered-To: freebsd-bugs@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP id DC9C037B80B
	for <freebsd-bugs@FreeBSD.org>; Mon, 10 Apr 2000 16:24:51 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id QAA19972;
	Mon, 10 Apr 2000 16:20:01 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: from gto.networkphysics.com (DNS1.networkphysics.com [63.194.71.40])
	by hub.freebsd.org (Postfix) with ESMTP id 67EA937B764
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 10 Apr 2000 16:12:28 -0700 (PDT)
	(envelope-from pavel@NetworkPhysics.COM)
Received: from cyclone.networkphysics.com (cyclone.networkphysics.com [10.1.0.46])
	by gto.networkphysics.com (8.9.3/8.9.3) with ESMTP id PAA34294
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 10 Apr 2000 15:49:22 -0700 (PDT)
	(envelope-from pavel@NetworkPhysics.COM)
Received: (from pavel@localhost)
	by cyclone.networkphysics.com (8.9.3/8.9.3) id PAA00657;
	Mon, 10 Apr 2000 15:49:22 -0700 (PDT)
	(envelope-from pavel@NetworkPhysics.COM)
Message-Id: <200004102249.PAA00657@cyclone.networkphysics.com>
Date: Mon, 10 Apr 2000 15:49:22 -0700 (PDT)
From: Tom Pavel <pavel@NetworkPhysics.COM>
Reply-To: pavel@alum.mit.edu
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.2
Subject: kern/17911: unitialized var in netgraph msg code
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         17911
>Category:       kern
>Synopsis:       unitialized var in netgraph msg code
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Apr 10 16:20:01 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     Tom Pavel
>Release:        FreeBSD 3.4-RELEASE i386
>Organization:
Network Physics, Inc.
>Environment:

	Netgraph code in 3.4 or 3-STABLE (same bug in current).  

	Using:
        $FreeBSD: src/sys/netgraph/ng_base.c,v 1.6.2.9 1999/12/08 19:44:03 julian Exp $

	running on i386:
	cyclone[44]% uname -a
	FreeBSD cyclone.networkphysics.com 3.4-RELEASE FreeBSD 3.4-RELEASE #7: Mon Apr 10 12:03:55 PDT 2000     root@cyclone.networkphysics.com:/usr/src/sys/compile/NGTEST  i386


>Description:

	The "off" variable in the NGM_ASCII2BINARY case of
	ng_generic_msg() is unitialized.  This can lead to a kernel
	panic in strtol() (from e.g. ng_int32_parse()) if the variable
	happens to be initialized to a (nonzero) nonsensical value.

>How-To-Repeat:

	Hook up some netgraph modules, send a bunch of ngctl msg
	commands with numeric arguments, and wait for the kernel stack
	to churn a bit.

>Fix:
	
--- /sys/netgraph/ng_base.c     Wed Dec  8 11:44:03 1999
+++ ng_base.c   Mon Apr 10 12:03:19 2000
@@ -1519,7 +1519,7 @@
                const struct ng_cmdlist *c;
                const struct ng_parse_type *argstype;
                struct ng_mesg *rp, *ascii, *binary;
-               int off;
+               int off = 0;
 
                /* Data area must contain at least a struct ng_mesg + '\0' */
                ascii = (struct ng_mesg *)msg->data;


Tom Pavel

Network Physics
pavel@networkphysics.com / pavel@alum.mit.edu 

>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message