Date: Mon, 12 Sep 2005 10:10:34 +0200 (CEST) From: Ulrich Spoerlein <q@galgenberg.net> To: FreeBSD-gnats-submit@FreeBSD.org Cc: grog@FreeBSD.org Subject: bin/86006: [PATCH] usr.sbin/asf: Fix segfault on bogus input Message-ID: <200509120810.j8C8AYxL053259@coyote.q.local> Resent-Message-ID: <200509120820.j8C8KCT0007324@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 86006
>Category: bin
>Synopsis: [PATCH] usr.sbin/asf: Fix segfault on bogus input
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Sep 12 08:20:12 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Ulrich Spoerlein
>Release: FreeBSD 5.4-RELEASE-p2 i386
>Organization:
>Environment:
System: FreeBSD 5.4-RELEASE-p2
>Description:
asf(8) uses uninitialized variables. I notices this while ... umm ..
testing my keyboard with kbdmux.
Please also have a look at bin/71653 which is yet another bug in asf(8).
>How-To-Repeat:
$ asf
asf
Segmentation fault (core dumped)
>Fix:
--- asf.patch begins here ---
--- usr.sbin/asf/asf.c.orig Mon Sep 12 09:58:03 2005
+++ usr.sbin/asf/asf.c Mon Sep 12 10:02:44 2005
@@ -247,6 +247,9 @@
quad_t bssaddr;
tokens = tokenize(buf, token, MAXTOKEN);
+ if (tokens < 4)
+ continue;
+
base = strtoll(token[2], NULL, 16);
if (!dofind) {
strcpy(basetoken, token[4]);
--- asf.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200509120810.j8C8AYxL053259>