From: Samuel Cabrero <scabrero@samba.org>
Date: Tue, 12 Apr 2022 09:48:28 +0000 (+0200)
Subject: s3:winbind: Fix uninitialized validation_level variable
X-Git-Tag: talloc-2.3.4~388
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7880537674ccfec42fb37a682dadc1a0f848947e;p=thirdparty%2Fsamba.git

s3:winbind: Fix uninitialized validation_level variable

Found by oss-fuzz:

../../source3/winbindd/winbindd_pam.c:2879:7: error: variable 'validation_level' is used uninitialized whenever 'if' condition is true [-Werror,-Wsometimes-uninitialized]
                 if (!(state->request->flags & WBFLAG_BIG_NTLMV2_BLOB) ||
                     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ../../source3/winbindd/winbindd_pam.c:3003:6: note: uninitialized use occurs here
             validation_level,
             ^~~~~~~~~~~~~~~~
 ../../source3/winbindd/winbindd_pam.c:2879:3: note: remove the 'if' if its condition is always false
                 if (!(state->request->flags & WBFLAG_BIG_NTLMV2_BLOB) ||
                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ../../source3/winbindd/winbindd_pam.c:2879:7: error: variable 'validation_level' is used uninitialized whenever '||' condition is true [-Werror,-Wsometimes-uninitialized]
                 if (!(state->request->flags & WBFLAG_BIG_NTLMV2_BLOB) ||
                     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ../../source3/winbindd/winbindd_pam.c:3003:6: note: uninitialized use occurs here
             validation_level,
             ^~~~~~~~~~~~~~~~
 ../../source3/winbindd/winbindd_pam.c:2879:7: note: remove the '||' if its condition is always false
                 if (!(state->request->flags & WBFLAG_BIG_NTLMV2_BLOB) ||
                     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ../../source3/winbindd/winbindd_pam.c:2853:27: note: initialize the variable 'validation_level' to silence this warning
         uint16_t validation_level;
                                  ^
                                   = 0
 1 warning and 2 errors generated.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15044

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 12 18:54:50 UTC 2022 on sn-devel-184
---

diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index b7d2059b193..418166af657 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -2850,7 +2850,7 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain,
 	uint64_t logon_id = 0;
 	uint8_t authoritative = 1;
 	uint32_t flags = 0;
-	uint16_t validation_level;
+	uint16_t validation_level = UINT16_MAX;
 	union netr_Validation *validation = NULL;
 	DATA_BLOB lm_resp = { 0 }, nt_resp = { 0 };
 	const struct timeval start_time = timeval_current();