Mootja ~ Brainy >>

OpenBSD

Created:10-05-2013
Updated:20-09-2015


42 bugs fixed, 2 vulnerabilities.
12/07/2013
~~/~~/2013
~~/~~/2014
~~/~~/2015

12/07/2013 - Report 1

Note:
One year was given to the OpenBSD developers to fix the bugs listed below. Some of them remained unfixed one year later, so they are no longer available, are marked as "dead" and considered as fixed.


RED: #17, important
GREEN: #15, solved
BLUE: #2, dead

# 01 SYS/ARCH/
_01/ FIXED-rev1.4|MEMORY LEAK: alpha/eisa/eisa_machdep.c rev1.3
     At l.262, 'ecuio' is leaked in the loop. It has already been fixed
     in NetBSD, so you should have a look here.
_02/ FIXED-rev1.50|UNINITIALIZED VARIABLE: amd64/amd64/identcpu.c rev1.48
     At l.690, 'pkg_bits' may not be initialized.
_03/ FIXED-rev1.4|UNINITIALIZED VARIABLE: armish/stand/boot/devopen.c rev1.3
     At l.95, 'p' may not be initialized.
_04/ FIXED-rev1.71|UNINITIALIZED VARIABLE: hp300/dev/hd.c rev1.70
     At l.544, 'error' is not initialized.
_05/ FIXED-rev1.24|UNINITIALIZED VARIABLE: loongson/dev/bonito.c rev1.23
     At l.1070, 'pcimap' is not initialized.
_06/ DEAD|NO LONGER AVAILABLE: XX revXX
     NO LONGER AVAILABLE.
_07/ FIXED-rev1.2|UNINITIALIZED VARIABLE: macppc/stand/boot.mac/fixcoff.c rev1.1
     At l.146, 'i' is not initialized. I guess the guy meant '1'.
_08/ FIXED-rev1.2|UNINITIALIZED VARIABLE: mips64/mips64/cache_tfp.c rev1.1
     At l.109, 'eva' is not initialized.
_09/ FIXED-rev1.25|UNINITIALIZED VARIABLE: sparc/dev/zx.c rev1.24
     At l.513, 'tmp' may not be initialized.
_10/ FIXED-rev1.19|UNINITIALIZED VARIABLE: sparc64/dev/vdsp.c rev1.18
     At l.384, 'err' is not initialized.
_11/ FIXED-rev1.11|UNINITIALIZED VARIABLE: zaurus/dev/zaurus_flash.c rev1.10
     At l.897, 'parity' is not initialized.

# 02 SYS/DEV/
_01/ FIXED-rev1.31|UNINITIALIZED VARIABLE: ic/trm.c rev1.30
     At l.657, 'sc' may not be initialized.
_02/ FILE REMOVED|UNINITIALIZED VARIABLE: pci/noct.c rev1.22
     At l.1485, 'digits' is not initialized.
_03/ FIXED-rev1.45|UNINITIALIZED VARIABLE: pckbc/pms.c rev1.44
     At l.1444, 'w' may not be initialized.
_04/ FIXED-rev1.311|UNINITIALIZED VARIABLE: softraid.c rev1.310
     At l.1861, 'rv' may not be initialized.

# 03 SYS/KERN/
_01/ DEAD|NO LONGER AVAILABLE: XX revXX
     NO LONGER AVAILABLE.

# 04 USR.SBIN/NPPPD/
_01/ FIXED-rev1.11|UNINITIALIZED VARIABLE: npppd/npppd_config.c rev1.10
     At l.373, 'n' is not initialized. Actually, this variable is not
     used at all.

~ 2013 - Unsorted 1

_01/ FIXED-rev1.34|DEAD CODE: sys/dev/softraid_aoe.c rev1.33
     At l.393, dead code.
_02/ FIXED-rev1.56|UNINITIALIZED VARIABLE: sys/dev/ic/aac.c rev1.55
     At l.1265, 'error' may not be initialized.

~ 2014 - OpenSSH 1

_01/ FIXED-rev1.5|MEMORY LEAK: ssh/ssh-ed25519.c rev1.4
     Leak of 'b' with sshbuf_from() at l.129.

~ 2015 - Unsorted 2

_01/ FIXED-rev1.60|MEMORY LEAK: sys/compat/linux/linux_socket.c rev1.59
     Leak of 'm' with m_get() at l.974.
_02/ FIXED-rev1.37|MEMORY LEAK: sys/dev/sdmmc/sdmmc.c rev1.36
     Leak of 'data' with malloc() at l.788.
_03/ FIXED-rev1.283|MEMORY LEAK: sys/net/pf_ioctl.c rev1.282
     Leak of 'qs' with pool_get() at l.1027.
_04/ FIXED-rev1.15|MEMORY LEAK: sys/dev/ic/aic6915.c rev1.14
     Leak of 'm' with MGETHDR() at l.408.
_05/ FIXED-rev1.170|MEMORY LEAK: sys/dev/pci/hifn7751.c rev1.169
     Leak of 'm' with MGET() at l.2774.
_06/ FIXED-rev1.170|USE-AFTER-FREE: sys/dev/pci/hifn7751.c rev1.169
     Use-after-free with 'm0' after m_freem() at l.2763.
_07/ FIXED-rev1.134|MEMORY LEAK: sys/netinet/ip_icmp.c rev1.133
     Leak of 'rt' with rtalloc() at l.932.
_08/ FIXED-rev1.65|NO ERROR SET: sys/dev/ic/an.c rev1.64
     No error set at l.1034 & l.1061.
_09/ FIXED-rev1.76|MEMORY LEAK: sys/dev/ipmi.c rev1.75
     Leak of 'buf' with malloc() at l.1054.
_10/ FIXED-rev1.40|MEMORY LEAK: sys/dev/rasops/rasops.c rev1.39
     Leak of 'f' with malloc() at l.1170.
_11/ FIXED-rev1.16|MEMORY LEAK: sys/dev/ic/ti.c rev1.15
     Leak of 'm_new' with MGETHDR() at l.648.
_12/ FIXED-rev1.33|MEMORY LEAK: sys/arch/vax/if/if_qe.c rev1.32
     Leak of 'ring' with malloc() at l.164.
_13/ FIXED-rev1.29|USE-AFTER-FREE: sys/dev/pci/if_et.c rev1.28
     Use-after-free with 'm' after m_freem() at l.1884.
_14/ FIXED-rev1.9|UNINITIALIZED VARIABLE: sys/arch/hppa64/dev/apic.c rev1.8
     At l.176, 'cnt' is not initialized.
_15/ FIXED-rev1.112|USE-AFTER-FREE: sys/dev/pci/if_bnx.c rev1.111
     Use-after-free with 'm' after m_freem() at l.4488.
_16/ FIXED-rev1.163|MEMORY LEAK: sys/kern/kern_exec.c rev1.162
     Leak of 'pathbuf' with pool_get() at l.788.
_17/ FIXED-rev1.169|UNINITIALIZED VARIABLE: sys/netinet/if_ether.c rev1.165
     Uninitialized var 'la' at l.383.
_18/ FIXED-rev1.21|UNINITIALIZED VARIABLE: sys/net80211/ieee80211_pae_output.c rev1.20
     Uninitialized var 'k' at l.389.
_19/ FIXED-rev1.113|UNINITIALIZED VARIABLE: sys/arch/i386/i386/bios.c rev1.112
     Uninitialized var 'str' at l.485.
_20/ FIXED-rev1.15|UNINITIALIZED VARIABLE: sys/arch/sgi/dev/if_iec.c rev1.14
     Uninitialized var 'rseg' at l.438.
_21/ UNINITIALIZED VARIABLE: sys/arch/armv7/omap/ti_iic.c rev1.2
     Uninitialized var 'err' at l.298.
_22/ FIXED-rev1.40|OVERLAP: sys/arch/sparc64/dev/vdsp.c rev1.39
     Overlap at l.1521.
_23/ FIXED-rev1.3|USE-AFTER-FREE: sys/dev/sun/z8530ms.c rev1.2
     Double splx() of 's' at l.432.
_24/ MEMORY LEAK: sys/dev/ic/oosiop.c rev1.22
     Leak of 'cb' with mallocarray() at l.309.