Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 4 product line. The current stable release is 4.9. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 607368

Summary: null pointer dereference crashes tcsh
Product: Red Hat Enterprise Linux 4 Reporter: Bryan Mason <bmason>
Component: tcshAssignee: Vojtech Vitek <vvitek>
Status: CLOSED CURRENTRELEASE QA Contact: BaseOS QE - Apps <qe-baseos-apps>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 4.8CC: hripps, jwest, rvokal
Target Milestone: rcKeywords: Patch, ZStream
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Under certain circumstances, a null pointer may have been incorrectly dereferenced, causing the tcsh shell to terminate unexpectedly. With this update, the pointer is now checked properly and tcsh no longer crashes.
 Story Points: ---
Clone Of:
: 624450 (view as bug list) Environment:
Last Closed: 2012-06-14 20:54:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 614755    
Attachments:
Description Flags
Proposed Patch none

Description Bryan Mason 2010-06-23 22:51:39 UTC 
Description of problem:

    The potential exists for a null pointer dereference in pchild()
    sh.proc.c:

    417         if (jobflags & PFOREGND) {
    418             if (!(jobflags & (PSIGNALED | PSTOPPED | PPTIME) ||
    419 #ifdef notdef
    420                 jobflags & PAEXITED ||
    421 #endif /* notdef */
    422                 !eq(dcwd->di_name, fp->p_cwd->di_name))) {

Version-Release number of selected component (if applicable):

    tcsh-6.13-10_el4

Additional info:

    This was fixed upstream in tcsh-6.15.00:

        http://mx.gw.com/pipermail/tcsh/2007-September/003866.html

    Reference item #9:

        9. Avoid null pointer dereference in proc cwd (Kurt Miller)
Comment 1 Bryan Mason 2010-06-23 22:54:06 UTC 
Created attachment 426410 [details]
Proposed Patch

Patched adapted from upstream by Takuma Umeya (tumeya)
Comment 10 Jaromir Hradilek 2010-09-13 11:17:08 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Under certain circumstances, a null pointer may have been incorrectly dereferenced, causing the tcsh shell to terminate unexpectedly. With this update, the pointer is now checked properly and tcsh no longer crashes.