security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

dirmngr: Avoid accessing uninitialized memory in log callback. 

* dirmngr/dirmngr.c (pid_suffix_callback): Clear int_and_ptr_u before
use.
(start_connection_thread): Ditto.
(handle_connections): Ditto.
--

Example valgrind output:

==2921== Conditional jump or move depends on uninitialised value(s)
==2921==    at 0x5BBDEF4: pthread_getspecific (pthread_getspecific.c:57)
==2921==    by 0x40AAEE: pid_suffix_callback (dirmngr.c:614)
==2921==    by 0x433F5A: do_logv (logging.c:684)

This is because on 64 bit systems "sizeof aptr > sizeof aint" and thus
Valgrind complains about this.  It is no a real problem because we
don't use the unitialized bits.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2015-06-16 12:12:03 +02:00
parent 43211f553d
commit 82c72e2db7
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
dirmngr/dirmngr.c
View File

@ -297,7 +297,7 @@ union int_and_ptr_u
/* The key used to store the current file descriptor in the thread
local storage. We use this in conjunction with the
log_set_pid_suffix_cb feature.. */
log_set_pid_suffix_cb feature. */
#ifndef HAVE_W32_SYSTEM
static int my_tlskey_current_fd;
#endif
@ -611,6 +611,7 @@ pid_suffix_callback (unsigned long *r_suffix)
{
union int_and_ptr_u value;
memset (&value, 0, sizeof value);
value.aptr = npth_getspecific (my_tlskey_current_fd);
*r_suffix = value.aint;
return (*r_suffix != -1); /* Use decimal representation. */
@ -1915,6 +1916,7 @@ start_connection_thread (void *arg)
union int_and_ptr_u argval;
gnupg_fd_t fd;
memset (&argval, 0, sizeof argval);
argval.aptr = arg;
fd = argval.afd;
@ -2054,12 +2056,14 @@ handle_connections (assuan_fd_t listen_fd)
union int_and_ptr_u argval;
npth_t thread;
memset (&argval, 0, sizeof argval);
argval.afd = fd;
snprintf (threadname, sizeof threadname-1,
"conn fd=%d", FD2INT(fd));
threadname[sizeof threadname -1] = 0;
ret = npth_create (&thread, &tattr, start_connection_thread, argval.aptr);
ret = npth_create (&thread, &tattr,
start_connection_thread, argval.aptr);
if (ret)
{
log_error ("error spawning connection handler: %s\n",