netbsd-bugs: bin/15376: isdnd crashes when reading isdnd.rc with ppp-send-* settings

Subject: bin/15376: isdnd crashes when reading isdnd.rc with ppp-send-* settings
To: None <gnats-bugs@gnats.netbsd.org>
From: Joachim Kuebart <kuebart@mathematik.uni-ulm.de>
List: netbsd-bugs
Date: 01/26/2002 13:05:43

>Number:         15376
>Category:       bin
>Synopsis:       isdnd crashes when reading isdnd.rc with ppp-send-* settings
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Jan 26 04:06:00 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     Joachim Kuebart
>Release:        NetBSD 1.5ZA, January 2002
>Organization:
>Environment:
	
	
System: NetBSD yacht.domestic.de 1.5ZA NetBSD 1.5ZA (YACHT) #2: Fr Jan 18 15:51:59 CET 2002 joki@yacht.domestic.de:/home/joki/conf/compile/YACHT i386
Architecture: i386
Machine: i386
rc_config.c:
     $Id: rc_config.c,v 1.5 2002/01/04 12:24:33 martin Exp $
>Description:
	
	When there is ppp-send-* info in the isdnd.rc file, isdnd crashes
	due to Sig 11.

	This is due to the de-reference of NULL pointers that happens
	in set_isppp_auth(int entry) when the ppp-send-* info has not
	completely been read in yet. (Note that this function gets
	called after _every_ config line that affects auth settings).

	The error is based on the erroneous assumption that the ppp_send_name
	and ppp_send_password entries are always valid pointers.
	However, they are NULL while the corresponding config file
	lines have not yet been read.
>How-To-Repeat:
	
	Create an entry in isdnd.rc that sets ppp-send-auth to some
	value != none. Start isdnd and see watch it core dump.
>Fix:
	
	Apply the fix below to rc_config.c, rev 1.5 and recompile.
	The error is gone.

cvs server: Diffing .
Index: rc_config.c
===================================================================
RCS file: /cvsroot/basesrc/usr.sbin/isdn/isdnd/rc_config.c,v
retrieving revision 1.5
diff -u -r1.5 rc_config.c
--- rc_config.c	2002/01/04 12:24:33	1.5
+++ rc_config.c	2002/01/26 11:59:57
@@ -331,8 +331,8 @@
 		}
 		else if ((cep->ppp_send_auth == AUTH_CHAP 
 			  || cep->ppp_send_auth == AUTH_PAP)
-			 && cep->ppp_send_name[0] != 0
-			 && cep->ppp_send_password[0] != 0)
+			 && cep->ppp_send_name != NULL
+			 && cep->ppp_send_password != NULL)
 		{
 			spcfg.myauth = cep->ppp_send_auth == AUTH_PAP ? SPPP_AUTHPROTO_PAP : SPPP_AUTHPROTO_CHAP;
 			spcfg.myname = cep->ppp_send_name;
@@ -1289,12 +1289,12 @@
 
 		if((cep->ppp_send_auth == AUTH_PAP) || (cep->ppp_send_auth == AUTH_CHAP))
 		{
-			if(cep->ppp_send_name[0] == 0)
+			if(cep->ppp_send_name == NULL)
 			{
 				log(LL_ERR, "check_config: no remote authentification name in entry %d!", i);
 				error++;
 			}
-			if(cep->ppp_send_password[0] == 0)
+			if(cep->ppp_send_password == NULL)
 			{
 				log(LL_ERR, "check_config: no remote authentification password in entry %d!", i);
 				error++;
>Release-Note:
>Audit-Trail:
>Unformatted: