From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Fri, 29 Jan 2021 15:59:21 +0000 (+0100)
Subject: Silence false positives about unintialized values
X-Git-Tag: dnsdist-1.6.0-alpha1~1^2~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=94700dd5f72788dacdce6be606d487d3486a9e2f;p=thirdparty%2Fpdns.git

Silence false positives about unintialized values
---

diff --git a/pdns/dnscrypt.hh b/pdns/dnscrypt.hh
index a9a579e9c4..8139e281e5 100644
--- a/pdns/dnscrypt.hh
+++ b/pdns/dnscrypt.hh
@@ -175,7 +175,12 @@ class DNSCryptQuery
 public:
   DNSCryptQuery(const std::shared_ptr<DNSCryptContext>& ctx): d_ctx(ctx)
   {
+    memset(&d_header, 0, sizeof(d_header));
+#ifdef HAVE_CRYPTO_BOX_EASY_AFTERNM
+    memset(&d_sharedKey, 0, sizeof(d_sharedKey));
+#endif /* HAVE_CRYPTO_BOX_EASY_AFTERNM */
   }
+
   ~DNSCryptQuery();
 
   bool isValid() const
diff --git a/pdns/dnsdist.hh b/pdns/dnsdist.hh
index 7b63403fb9..d93340a371 100644
--- a/pdns/dnsdist.hh
+++ b/pdns/dnsdist.hh
@@ -138,8 +138,8 @@ public:
   struct DOHUnit* du{nullptr};
   int delayMsec{0};
   boost::optional<uint32_t> tempFailureTTL;
-  uint32_t cacheKeyNoECS;
-  uint32_t cacheKey;
+  uint32_t cacheKeyNoECS{0};
+  uint32_t cacheKey{0};
   const uint16_t qtype;
   const uint16_t qclass;
   uint16_t ecsPrefixLength;
@@ -492,7 +492,7 @@ public:
 
 protected:
   mutable StopWatch d_prev;
-  mutable double d_tokens;
+  mutable double d_tokens{0.0};
 };
 
 class QPSLimiter : public BasicQPSLimiter
@@ -538,8 +538,8 @@ public:
   }
 
 private:
-  unsigned int d_rate;
-  unsigned int d_burst;
+  unsigned int d_rate{0};
+  unsigned int d_burst{0};
   bool d_passthrough{true};
 };
 
@@ -681,13 +681,13 @@ struct IDState
   std::shared_ptr<QTag> qTag{nullptr};
   const ClientState* cs{nullptr};
   DOHUnit* du{nullptr};
-  uint32_t cacheKey;                                          // 4
-  uint32_t cacheKeyNoECS;                                     // 4
-  uint16_t age;                                               // 4
-  uint16_t qtype;                                             // 2
-  uint16_t qclass;                                            // 2
-  uint16_t origID;                                            // 2
-  uint16_t origFlags;                                         // 2
+  uint32_t cacheKey{0};                                       // 4
+  uint32_t cacheKeyNoECS{0};                                  // 4
+  uint16_t age{0};                                            // 4
+  uint16_t qtype{0};                                          // 2
+  uint16_t qclass{0};                                         // 2
+  uint16_t origID{0};                                         // 2
+  uint16_t origFlags{0};                                      // 2
   int origFD{-1};
   int delayMsec{0};
   boost::optional<uint32_t> tempFailureTTL;
diff --git a/pdns/doh.hh b/pdns/doh.hh
index eba05c8040..9903692766 100644
--- a/pdns/doh.hh
+++ b/pdns/doh.hh
@@ -208,7 +208,7 @@ struct DOHUnit
   std::string contentType;
   std::atomic<uint64_t> d_refcnt{1};
   size_t query_at{0};
-  int rsock;
+  int rsock{-1};
   /* the status_code is set from
      processDOHQuery() (which is executed in
      the DOH client thread) so that the correct
diff --git a/pdns/sodcrypto.hh b/pdns/sodcrypto.hh
index cfcd7eff0d..ca35631455 100644
--- a/pdns/sodcrypto.hh
+++ b/pdns/sodcrypto.hh
@@ -32,13 +32,18 @@ struct SodiumNonce
   void init(){};
   void merge(const SodiumNonce& lower, const SodiumNonce& higher) {};
   void increment(){};
-  unsigned char value[1];
+  unsigned char value[1]{0};
 };
 #else
 #include <sodium.h>
 
 struct SodiumNonce
 {
+  SodiumNonce()
+  {
+    memset(&value, 0, sizeof(value));
+  }
+
   void init()
   {
     randombytes_buf(value, sizeof value);
diff --git a/pdns/test-dnscrypt_cc.cc b/pdns/test-dnscrypt_cc.cc
index f3627971fa..c74dc6153a 100644
--- a/pdns/test-dnscrypt_cc.cc
+++ b/pdns/test-dnscrypt_cc.cc
@@ -143,12 +143,6 @@ BOOST_AUTO_TEST_CASE(DNSCryptEncryptedQueryValid) {
   PacketBuffer plainQuery;
   GenericDNSPacketWriter<PacketBuffer> pw(plainQuery, name, QType::AAAA, QClass::IN, 0);
   pw.getHeader()->rd = 1;
-  size_t requiredSize = plainQuery.size() + sizeof(DNSCryptQueryHeader) + DNSCRYPT_MAC_SIZE;
-  if (requiredSize < DNSCryptQuery::s_minUDPLength) {
-    requiredSize = DNSCryptQuery::s_minUDPLength;
-  }
-
-  plainQuery.resize(requiredSize);
 
   size_t initialSize = plainQuery.size();
   int res = ctx->encryptQuery(plainQuery, 4096, clientPublicKey, clientPrivateKey, clientNonce, false, std::make_shared<DNSCryptCert>(resolverCert));
@@ -225,11 +219,6 @@ BOOST_AUTO_TEST_CASE(DNSCryptEncryptedQueryValidWithOldKey) {
   GenericDNSPacketWriter<PacketBuffer> pw(plainQuery, name, QType::AAAA, QClass::IN, 0);
   pw.getHeader()->rd = 1;
 
-  size_t requiredSize = plainQuery.size() + sizeof(DNSCryptQueryHeader) + DNSCRYPT_MAC_SIZE;
-  if (requiredSize < DNSCryptQuery::s_minUDPLength) {
-    requiredSize = DNSCryptQuery::s_minUDPLength;
-  }
-
   size_t initialSize = plainQuery.size();
   int res = ctx->encryptQuery(plainQuery, 4096, clientPublicKey, clientPrivateKey, clientNonce, false, std::make_shared<DNSCryptCert>(resolverCert));
 
diff --git a/pdns/test-dnsdist_cc.cc b/pdns/test-dnsdist_cc.cc
index 638c74a735..d17e9a0c60 100644
--- a/pdns/test-dnsdist_cc.cc
+++ b/pdns/test-dnsdist_cc.cc
@@ -1709,8 +1709,8 @@ BOOST_AUTO_TEST_CASE(test_isEDNSOptionInOpt) {
   */
   const ComboAddress lc("127.0.0.1");
   const ComboAddress rem("127.0.0.1");
-  size_t optContentStart;
-  uint16_t optContentLen;
+  size_t optContentStart{std::numeric_limits<size_t>::max()};
+  uint16_t optContentLen{0};
 
   const size_t optRDExpectedOffset = sizeof(dnsheader) + qname.wirelength() + DNS_TYPE_SIZE + DNS_CLASS_SIZE + /* root */ 1 + DNS_TYPE_SIZE + DNS_CLASS_SIZE + DNS_TTL_SIZE;