netbsd-bugs: kern/3122: bad error handling in libsa/open.c

Subject: kern/3122: bad error handling in libsa/open.c
To: None <gnats-bugs@gnats.netbsd.org>
From: Matthias Drochner <drochner@zelz26.zel.kfa-juelich.de>
List: netbsd-bugs
Date: 01/17/1997 18:29:02

>Number:         3122
>Category:       kern
>Synopsis:       NULL pointer dereference on open error in F_NODEV case
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people (Kernel Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Jan 17 10:20:05 1997
>Last-Modified:
>Originator:     Matthias Drochner
>Organization:
		KFA Juelich	
>Release:        current
>Environment:
	NetBSD-current / libsa
System: NetBSD zelz26 1.2 NetBSD 1.2 (TULIP) #21: Thu Nov 14 22:05:19 MET 1996 drochner@zelz28:/home/drochner/netbsd/sys/arch/i386/compile/TULIP i386


>Description:
	If an error occurs in the filesystem open function, and the F_NODEV
flag was set in devopen(), a NULL pointer will be called.
(devopen() is obviously not supposed to set the f_dev field in the F_NODEV case.
Compare with close() which does even more checks than necessary!)
>How-To-Repeat:
	???
>Fix:
*** 119,125 ****
  	if (!error)
  		error = ENOENT;
  
! 	f->f_dev->dv_close(f);
  err:
  	f->f_flags = 0;
  	errno = error;
--- 119,126 ----
  	if (!error)
  		error = ENOENT;
  
! 	if(!(f->f_flags & F_NODEV))
! 	        f->f_dev->dv_close(f);
  err:
  	f->f_flags = 0;
  	errno = error;

>Audit-Trail:
>Unformatted: