diff options
| author | Werner Koch <[email protected]> | 2015-06-16 10:12:03 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2015-06-16 16:11:31 +0000 |
| commit | 82c72e2db7bc5b633768d59822f2e2a353fa6e32 (patch) | |
| tree | abf68c09e43e5c4ac1ac6a324fe0cdf0f72e3ff8 /dirmngr/dirmngr.c | |
| parent | build: Distribute swdb.lst with the w32-source target. (diff) | |
| download | gnupg-82c72e2db7bc5b633768d59822f2e2a353fa6e32.tar.gz gnupg-82c72e2db7bc5b633768d59822f2e2a353fa6e32.zip | |
dirmngr: Avoid accessing uninitialized memory in log callback.
* dirmngr/dirmngr.c (pid_suffix_callback): Clear int_and_ptr_u before
use.
(start_connection_thread): Ditto.
(handle_connections): Ditto.
--
Example valgrind output:
==2921== Conditional jump or move depends on uninitialised value(s)
==2921== at 0x5BBDEF4: pthread_getspecific (pthread_getspecific.c:57)
==2921== by 0x40AAEE: pid_suffix_callback (dirmngr.c:614)
==2921== by 0x433F5A: do_logv (logging.c:684)
This is because on 64 bit systems "sizeof aptr > sizeof aint" and thus
Valgrind complains about this. It is no a real problem because we
don't use the unitialized bits.
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to '')
| -rw-r--r-- | dirmngr/dirmngr.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c index 3375a4a2f..a9efba9cc 100644 --- a/dirmngr/dirmngr.c +++ b/dirmngr/dirmngr.c @@ -297,7 +297,7 @@ union int_and_ptr_u /* The key used to store the current file descriptor in the thread local storage. We use this in conjunction with the - log_set_pid_suffix_cb feature.. */ + log_set_pid_suffix_cb feature. */ #ifndef HAVE_W32_SYSTEM static int my_tlskey_current_fd; #endif @@ -611,6 +611,7 @@ pid_suffix_callback (unsigned long *r_suffix) { union int_and_ptr_u value; + memset (&value, 0, sizeof value); value.aptr = npth_getspecific (my_tlskey_current_fd); *r_suffix = value.aint; return (*r_suffix != -1); /* Use decimal representation. */ @@ -1915,6 +1916,7 @@ start_connection_thread (void *arg) union int_and_ptr_u argval; gnupg_fd_t fd; + memset (&argval, 0, sizeof argval); argval.aptr = arg; fd = argval.afd; @@ -2054,12 +2056,14 @@ handle_connections (assuan_fd_t listen_fd) union int_and_ptr_u argval; npth_t thread; + memset (&argval, 0, sizeof argval); argval.afd = fd; snprintf (threadname, sizeof threadname-1, "conn fd=%d", FD2INT(fd)); threadname[sizeof threadname -1] = 0; - ret = npth_create (&thread, &tattr, start_connection_thread, argval.aptr); + ret = npth_create (&thread, &tattr, + start_connection_thread, argval.aptr); if (ret) { log_error ("error spawning connection handler: %s\n", |