Bug 30440

Summary: possible null pointer deref in bpfdetach()
Product: Base System Reporter: cc <cc>
Component: kernAssignee: Matthew N. Dodd <mdodd>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 5.0-CURRENT   
Hardware: Any   
OS: Any   

Description cc 2001-09-08 21:30:01 UTC 
in net/bpf.c, bpfdetach(), stuct bpf_if *bp is used in a for loop, that,
if not terminated by break before, leaves bp == NULL.
evaluating (bp->bif_ifp == NULL) two lines later will cause a NULL pointer
dereference, resulting in trap 12.

Fix: 

RCS file: /usr/cvs/src/sys/net/bpf.c,v
retrieving revision 1.80
diff -r1.80 bpf.c
1267c1267
<       if (bp->bif_ifp == NULL) {
---
>       if (bp == NULL || bp->bif_ifp == NULL) {
How-To-Repeat: just call bpfdetach(ifp) with any ifp that has no bpf interface attached.
Comment 1 Matthew N. Dodd freebsd_committer freebsd_triage 2003-03-21 15:26:41 UTC 
State Changed
From-To: open->closed
Comment 2 Matthew N. Dodd freebsd_committer freebsd_triage 2003-03-21 15:26:41 UTC 
Responsible Changed
From-To: freebsd-bugs->mdodd

Comitted.