From 82c72e2db7bc5b633768d59822f2e2a353fa6e32 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Tue, 16 Jun 2015 12:12:03 +0200
Subject: [PATCH] dirmngr: Avoid accessing uninitialized memory in log
 callback.

* dirmngr/dirmngr.c (pid_suffix_callback): Clear int_and_ptr_u before
use.
(start_connection_thread): Ditto.
(handle_connections): Ditto.
--

Example valgrind output:

==2921== Conditional jump or move depends on uninitialised value(s)
==2921==    at 0x5BBDEF4: pthread_getspecific (pthread_getspecific.c:57)
==2921==    by 0x40AAEE: pid_suffix_callback (dirmngr.c:614)
==2921==    by 0x433F5A: do_logv (logging.c:684)

This is because on 64 bit systems "sizeof aptr > sizeof aint" and thus
Valgrind complains about this.  It is no a real problem because we
don't use the unitialized bits.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 dirmngr/dirmngr.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index 3375a4a2f..a9efba9cc 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -297,7 +297,7 @@ union int_and_ptr_u
 
 /* The key used to store the current file descriptor in the thread
    local storage.  We use this in conjunction with the
-   log_set_pid_suffix_cb feature..  */
+   log_set_pid_suffix_cb feature.  */
 #ifndef HAVE_W32_SYSTEM
 static int my_tlskey_current_fd;
 #endif
@@ -611,6 +611,7 @@ pid_suffix_callback (unsigned long *r_suffix)
 {
   union int_and_ptr_u value;
 
+  memset (&value, 0, sizeof value);
   value.aptr = npth_getspecific (my_tlskey_current_fd);
   *r_suffix = value.aint;
   return (*r_suffix != -1);  /* Use decimal representation.  */
@@ -1915,6 +1916,7 @@ start_connection_thread (void *arg)
   union int_and_ptr_u argval;
   gnupg_fd_t fd;
 
+  memset (&argval, 0, sizeof argval);
   argval.aptr = arg;
   fd = argval.afd;
 
@@ -2054,12 +2056,14 @@ handle_connections (assuan_fd_t listen_fd)
               union int_and_ptr_u argval;
 	      npth_t thread;
 
+              memset (&argval, 0, sizeof argval);
               argval.afd = fd;
               snprintf (threadname, sizeof threadname-1,
                         "conn fd=%d", FD2INT(fd));
               threadname[sizeof threadname -1] = 0;
 
-              ret = npth_create (&thread, &tattr, start_connection_thread, argval.aptr);
+              ret = npth_create (&thread, &tattr,
+                                 start_connection_thread, argval.aptr);
 	      if (ret)
                 {
                   log_error ("error spawning connection handler: %s\n",