#750 closed defect (fixed)

NULL pointer derefernce in wait_input().

Reported by: osv2 Owned by: Eric Norum
Priority: highest Milestone: 2
Component: network/legacy Version: 4.6
Severity: critical Keywords:
Cc: bugs@…, joel.sherrill@… Blocked By:
Blocking:

Description

The wait_input() routine in pppd/sys-rtems.c dereferences NULL pointer when called with 'timo' parameter NULL that should indicate indefinite timeout. It's in fact called with timeo=NULL when no more timeouts are left in the callouts queue, see pppd/rtemsmain.c/timeleft() routine.

Release:
4.6.99.1

How-To-Repeat:
The attached patch fixes that.

Attachments (1)

rtems-cvs-20050121-sys-rtems-wait_input.patch.gz (525 bytes) - added by osv2 on Dec 3, 2006 at 1:31:13 PM.
rtems-cvs-20050121-sys-rtems-wait_input.patch.gz

Download all attachments as: .zip

Change History (3)

comment:1 Changed on May 20, 2005 at 6:33:39 PM by Joel Sherrill

Status: assignedclosed

State-Changed-From-To: open->closed
State-Changed-Why: Patch applied.

Changed on Dec 3, 2006 at 1:31:13 PM by osv2

rtems-cvs-20050121-sys-rtems-wait_input.patch.gz

comment:2 Changed on Oct 10, 2017 at 6:44:19 AM by Sebastian Huber

Component: pppdnetwork/legacy
Note: See TracTickets for help on using tickets.