Initialize all of datahead structure in nscd (BZ #16791)

The datahead structure has an unused padding field that remains
uninitialized.  Valgrind prints out a warning for it on querying a
netgroups entry.  This is harmless, but is a potential data leak since
it would result in writing out an uninitialized byte to the cache
file.  Besides, this happens only when there is a cache miss, so we're
not adding computation to any fast path.

diff --git a/ChangeLog b/ChangeLog
index 942fb801e1d091f3cbc871e53db99aed2928a149..2b0821fd2771057657790ab73ef9a98e8c3f0865 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
 2014-04-30  Siddhesh Poyarekar  <siddhesh@redhat.com>
 
+       [BZ #16791]
+       * nscd/nscd-client.h (datahead_init_common): Initialize entire
+       structure.
+       (datahead_init_pos): Call datahead_init_common early.
+       (datahead_init_neg): Likewise.
+
        * nscd/nscd-client.h (datahead_init_common, datahead_init_pos,
        datahead_init_neg): New functions.
        * nscd/aicache.c (addhstaiX): Use them.

diff --git a/NEWS b/NEWS
index 10d262608892137047d4a5b514357e00ffa2690d..953f5ee253b9abf543bde419bd054d7829d6264b 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -15,7 +15,7 @@ Version 2.20
   16632, 16634, 16639, 16642, 16648, 16649, 16670, 16674, 16677, 16680,
   16683, 16689, 16695, 16701, 16706, 16707, 16712, 16713, 16714, 16731,
   16739, 16740, 16743, 16754, 16758, 16759, 16760, 16770, 16786, 16789,
-  16799, 16800, 16815, 16823, 16824, 16831, 16838, 16854.
+  16791, 16799, 16800, 16815, 16823, 16824, 16831, 16838, 16854.
 
 * Running the testsuite no longer terminates as soon as a test fails.
   Instead, a file tests.sum (xtests.sum from "make xcheck") is generated,

diff --git a/nscd/nscd-client.h b/nscd/nscd-client.h
index c069bf681009239166604df681548e5cfe770da0..ee16df60835eabe5ed2ab94b4890b9f3a9b02782 100644 (file)
--- a/nscd/nscd-client.h
+++ b/nscd/nscd-client.h
@@ -240,12 +240,17 @@ static inline time_t
 datahead_init_common (struct datahead *head, nscd_ssize_t allocsize,
                      nscd_ssize_t recsize, uint32_t ttl)
 {
+  /* Initialize so that we don't write out junk in uninitialized data to the
+     cache.  */
+  memset (head, 0, sizeof (*head));
+
   head->allocsize = allocsize;
   head->recsize = recsize;
   head->usable = true;
 
   head->ttl = ttl;
-  /* Compute the timeout time.  */
+
+  /* Compute and return the timeout time.  */
   return head->timeout = time (NULL) + ttl;
 }
 
@@ -253,18 +258,25 @@ static inline time_t
 datahead_init_pos (struct datahead *head, nscd_ssize_t allocsize,
                   nscd_ssize_t recsize, uint8_t nreloads, uint32_t ttl)
 {
+  time_t ret = datahead_init_common (head, allocsize, recsize, ttl);
+
   head->notfound = false;
   head->nreloads = nreloads;
-  return datahead_init_common (head, allocsize, recsize, ttl);
+
+  return ret;
 }
 
 static inline time_t
 datahead_init_neg (struct datahead *head, nscd_ssize_t allocsize,
                   nscd_ssize_t recsize, uint32_t ttl)
 {
+  time_t ret = datahead_init_common (head, allocsize, recsize, ttl);
+
+  /* We don't need to touch nreloads here since it is set to our desired value
+     (0) when we clear the structure.  */
   head->notfound = true;
-  head->nreloads = 0;
-  return datahead_init_common (head, allocsize, recsize, ttl);
+
+  return ret;
 }
 
 /* Structure for one hash table entry.  */