>Number:         10343
>Category:       bin
>Synopsis:       Last merge cause runtime fault
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Jun 12 06:47:00 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     Kazushi (Jam) Marukawa
>Release:        Mon Jun 12 08:37:09 CDT 2000
>Organization:
none
>Environment:
	
System: NetBSD sou.nerv.org 1.4ZB NetBSD 1.4ZB (sou) #2: Mon Jun 12 07:58:49 CDT 2000 jam@sou.nerv.org:/usr/src/sys/arch/i386/compile/sou i386


>Description:
interface_reference() expect the value of dereferenced first parameter is
NULL, but clparse.c forgets to initialize a variable which passed to
that function.

>How-To-Repeat:
Execute /sbin/dhclient.  It cause core dump anytime.

>Fix:
Apply following patch.

This variable is passed to interface_or_dummy() function.  Then, it
calls interface_reference().  So, we can put the initialization in
either this function or interface_or_dummy() function.  I don't know
where it should be initialized, but it's easiest for me that initializing
it when allocating in the stack.


Index: clparse.c
===================================================================
RCS file: /cvsroot/basesrc/usr.sbin/dhcp/client/clparse.c,v
retrieving revision 1.3
diff -u -r1.3 clparse.c
--- clparse.c	2000/06/10 18:17:18	1.3
+++ clparse.c	2000/06/12 13:13:28
@@ -634,7 +634,7 @@
 	int token;
 	const char *val;
 	struct client_state *client, **cp;
-	struct interface_info *ip;
+	struct interface_info *ip = 0;
 
 	token = next_token (&val, cfile);
 	if (token != STRING) {
>Release-Note:
>Audit-Trail:
>Unformatted: