From: Pavel Filipenský <pfilipensky@samba.org>
Date: Wed, 3 Jul 2024 15:34:47 +0000 (+0200)
Subject: s3:registry: Initialize struct security_ace ace[]
X-Git-Tag: tdb-1.4.11~183
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fd4afa309efc97b75d032ca8f59b16b08c51f1c8;p=thirdparty%2Fsamba.git

s3:registry: Initialize struct security_ace ace[]

Error: UNINIT (CWE-457):
samba-4.20.0rc2/source3/registry/reg_dispatcher.c:43: var_decl: Declaring variable "ace" without initializer.
samba-4.20.0rc2/source3/registry/reg_dispatcher.c:66: uninit_use_in_call: Using uninitialized value "*ace". Field "ace->object" is uninitialized when calling "make_sec_acl".
  64|           /* create the security descriptor */
  65|
  66|->         theacl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace);
  67|           if (theacl == NULL) {
  68|                   return WERR_NOT_ENOUGH_MEMORY;

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
---

diff --git a/source3/registry/reg_dispatcher.c b/source3/registry/reg_dispatcher.c
index ab3fb24dc2f..097b6d4d30f 100644
--- a/source3/registry/reg_dispatcher.c
+++ b/source3/registry/reg_dispatcher.c
@@ -40,7 +40,7 @@ static const struct generic_mapping reg_generic_map =
 
 static WERROR construct_registry_sd(TALLOC_CTX *ctx, struct security_descriptor **psd)
 {
-	struct security_ace ace[3];
+	struct security_ace ace[3] = {};
 	size_t i = 0;
 	struct security_descriptor *sd;
 	struct security_acl *theacl;