From: James Jones <jejones3141@gmail.com>
Date: Thu, 24 Aug 2023 15:26:25 +0000 (-0500)
Subject: Fix remaining uninitialized scalar values (CID #1503958, #1504020) (#5150)
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=85af157bccac794ccc496ba4618ad00009381d21;p=thirdparty%2Ffreeradius-server.git

Fix remaining uninitialized scalar values (CID #1503958, #1504020) (#5150)

The latter issue was interesting; the dbuff is set to use ether.addr,
but fr_value_box_ethernet_addr() is passed &ether, which looks like
it will put random garbage in the value box until you notice that
the address is the only member of the type. We'll see whether coverity
considers (fr_ethernet_t * const) fr_dbuff_start(&dbuff) a dangerous
downcast (whatever that means in C) and still complains. I hope not,
because the only reason that comes to mind for it is alignment issues,
which shouldn't happen here.
---

diff --git a/src/lib/util/value.c b/src/lib/util/value.c
index 7b102d9dcc7..8e850667879 100644
--- a/src/lib/util/value.c
+++ b/src/lib/util/value.c
@@ -4978,7 +4978,7 @@ parse:
 		fr_base16_decode(&err, &dbuff, &our_in, true);
 		if (err != FR_SBUFF_PARSE_OK) goto ether_error;
 
-		fr_value_box_ethernet_addr(dst, dst_enumv, &ether, tainted);
+		fr_value_box_ethernet_addr(dst, dst_enumv, (fr_ethernet_t * const)fr_dbuff_start(&dbuff), tainted);
 
 		FR_SBUFF_SET_RETURN(in, &our_in);
 	}
diff --git a/src/modules/rlm_pap/rlm_pap.c b/src/modules/rlm_pap/rlm_pap.c
index b99f82ceda6..b3fab2e22d4 100644
--- a/src/modules/rlm_pap/rlm_pap.c
+++ b/src/modules/rlm_pap/rlm_pap.c
@@ -775,6 +775,7 @@ static unlang_action_t CC_HINT(nonnull) pap_auth_lm(rlm_rcode_t *p_result,
 						    fr_pair_t const *known_good, UNUSED fr_pair_t const *password)
 {
 	uint8_t	digest[MD4_DIGEST_LENGTH];
+	fr_dbuff_t digest_dbuff = FR_DBUFF_TMP(digest, sizeof(digest));
 	char	charbuf[32 + 1];
 	ssize_t	len;
 
@@ -788,9 +789,9 @@ static unlang_action_t CC_HINT(nonnull) pap_auth_lm(rlm_rcode_t *p_result,
 	len = xlat_eval(charbuf, sizeof(charbuf), request, "%(mschap:LM-Hash %{User-Password})", NULL, NULL);
 	if (len < 0) RETURN_MODULE_FAIL;
 
-	if ((fr_base16_decode(NULL, &FR_DBUFF_TMP(digest, sizeof(digest)), &FR_SBUFF_IN(charbuf, len), false) !=
+	if ((fr_base16_decode(NULL, &digest_dbuff, &FR_SBUFF_IN(charbuf, len), false) !=
 	     (ssize_t)known_good->vp_length) ||
-	    (fr_digest_cmp(digest, known_good->vp_octets, known_good->vp_length) != 0)) {
+	    (fr_digest_cmp(fr_dbuff_start(&digest_dbuff), known_good->vp_octets, known_good->vp_length) != 0)) {
 		REDEBUG("LM digest does not match \"known good\" digest");
 		REDEBUG3("Calculated : %pH", fr_box_octets(digest, sizeof(digest)));
 		REDEBUG3("Expected   : %pH", &known_good->data);