Date: Sat, 11 Sep 2004 19:03:14 +0200 (CEST) From: Dan Lukes <dan@obluda.cz> To: FreeBSD-gnats-submit@FreeBSD.org Subject: bin/71602: [PATCH] uninitialized "len" used instead of "slen" within usr.sbin/setkey code Message-ID: <200409111703.i8BH3EMm002458@kulesh.obluda.cz> Resent-Message-ID: <200409111710.i8BHAHSg016003@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 71602
>Category: bin
>Synopsis: [PATCH] uninitialized "len" used instead of "slen" within usr.sbin/setkey code
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Sep 11 17:10:17 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator: Dan Lukes
>Release: FreeBSD 5.3-BETA3 i386
>Organization:
Obludarium
>Environment:
System: FreeBSD kulesh.obluda.cz 5.3-BETA3 FreeBSD 5.3-BETA3 #8: Sun Sep 5 07:06:40 CEST 2004 dan@kulesh.obluda.cz:/usr/obj/usr/src/sys/Dan i386
$FreeBSD: usr.sbin/setkey/parse.y,v 1.7 2004/05/13 15:46:28 ume
$FreeBSD: usr.sbin/setkey/Makefile,v 1.11 2003/11/05 09:47:54 ume
>Description:
usr.sbin/setkey/parse.y:992: warning: 'len' might be used uninitialized in this function
* This warning point to true error as there should not be used uninitialized 'len'
* but 'slen' variable
usr.sbin/setkey/parse.y:1186: warning: 'p2' might be used uninitialized in this function
* This warning point to real error as p2 can be used uninitialised
* really. There are other error also near it - 'p' is incremented, but 'l'
* not.
In advance, I'm eliminating those warnings:
usr.sbin/setkey/parse.y:1023: warning: dereferencing type-punned pointer will break strict-aliasing rules
usr.sbin/setkey/parse.y:1039: warning: dereferencing type-punned pointer will break strict-aliasing rules
>How-To-Repeat:
N/A
>Fix:
*** usr.sbin/setkey/Makefile.ORIG Fri Nov 14 03:55:16 2003
--- usr.sbin/setkey/Makefile Tue Sep 7 19:35:13 2004
***************
*** 31,37 ****
MAN= setkey.8
SRCS= setkey.c parse.y token.l
! CFLAGS+= -I${.CURDIR} -I${.CURDIR}/../../lib/libipsec
YFLAGS= -d
DPADD= ${LIBL} ${LIBY}
--- 31,37 ----
MAN= setkey.8
SRCS= setkey.c parse.y token.l
! CFLAGS+= -I${.CURDIR} -I${.CURDIR}/../../lib/libipsec -fno-strict-aliasing
YFLAGS= -d
DPADD= ${LIBL} ${LIBY}
*** usr.sbin/setkey/parse.y.ORIG Tue May 18 22:20:16 2004
--- usr.sbin/setkey/parse.y Tue Sep 7 19:56:37 2004
***************
*** 1053,1059 ****
m_lt.sadb_lifetime_usetime = 0;
memcpy(buf + l, &m_lt, slen);
! l += len;
}
/* set lifetime for SOFT */
--- 1053,1059 ----
m_lt.sadb_lifetime_usetime = 0;
memcpy(buf + l, &m_lt, slen);
! l += slen;
}
/* set lifetime for SOFT */
***************
*** 1069,1075 ****
m_lt.sadb_lifetime_usetime = 0;
memcpy(buf + l, &m_lt, slen);
! l += len;
}
len = sizeof(struct sadb_sa);
--- 1069,1075 ----
m_lt.sadb_lifetime_usetime = 0;
memcpy(buf + l, &m_lt, slen);
! l += slen;
}
len = sizeof(struct sadb_sa);
***************
*** 1195,1203 ****
if (*p == ',') {
*p = '\0';
p2 = ++p;
}
- for (p = p2; *p != '\0' && l < spec->len; p++, l++)
- ;
if (*p != '\0' || *p2 == '\0') {
yyerror("invalid an upper layer protocol spec");
return -1;
--- 1195,1206 ----
if (*p == ',') {
*p = '\0';
p2 = ++p;
+ l++;
+ for (; *p != '\0' && l < spec->len; p++, l++)
+ ;
+ } else {
+ p2 = "0";
}
if (*p != '\0' || *p2 == '\0') {
yyerror("invalid an upper layer protocol spec");
return -1;
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200409111703.i8BH3EMm002458>