From: Yu Watanabe Date: Sat, 4 May 2019 18:03:44 +0000 (+0200) Subject: network: fix conditional jump depends on uninitialised value(s) X-Git-Tag: v243-rc1~475^2~1 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ce2ea782c287d4055b24b95bd02d1326b0482b3b;p=thirdparty%2Fsystemd.git network: fix conditional jump depends on uninitialised value(s) When address is in IPv4, the remaining buffer in in_addr_union may not be initialized. Fixes the following valgrind warning: ``` ==13169== Conditional jump or move depends on uninitialised value(s) ==13169== at 0x137FF6: UnknownInlinedFun (networkd-ndisc.c:77) ==13169== by 0x137FF6: UnknownInlinedFun (networkd-ndisc.c:580) ==13169== by 0x137FF6: ndisc_handler.lto_priv.83 (networkd-ndisc.c:597) ==13169== by 0x11BE23: UnknownInlinedFun (sd-ndisc.c:201) ==13169== by 0x11BE23: ndisc_recv.lto_priv.174 (sd-ndisc.c:254) ==13169== by 0x4AA18CF: source_dispatch (sd-event.c:2821) ==13169== by 0x4AA1BC2: sd_event_dispatch (sd-event.c:3234) ==13169== by 0x4AA1D88: sd_event_run (sd-event.c:3291) ==13169== by 0x4AA1FAB: sd_event_loop (sd-event.c:3313) ==13169== by 0x117401: UnknownInlinedFun (networkd.c:113) ==13169== by 0x117401: main (networkd.c:120) ==13169== Uninitialised value was created by a stack allocation ==13169== at 0x1753C8: manager_rtnl_process_address (networkd-manager.c:479) ``` --- diff --git a/src/network/networkd-ndisc.c b/src/network/networkd-ndisc.c index eb470a4d481..3b546528055 100644 --- a/src/network/networkd-ndisc.c +++ b/src/network/networkd-ndisc.c @@ -39,7 +39,7 @@ static int ndisc_netlink_message_handler(sd_netlink *rtnl, sd_netlink_message *m static int ndisc_router_process_default(Link *link, sd_ndisc_router *rt) { _cleanup_(route_freep) Route *route = NULL; - struct in6_addr gateway; + union in_addr_union gateway; uint16_t lifetime; unsigned preference; uint32_t mtu; @@ -58,12 +58,14 @@ static int ndisc_router_process_default(Link *link, sd_ndisc_router *rt) { if (lifetime == 0) /* not a default router */ return 0; - r = sd_ndisc_router_get_address(rt, &gateway); + r = sd_ndisc_router_get_address(rt, &gateway.in6); if (r < 0) return log_link_warning_errno(link, r, "Failed to get gateway address from RA: %m"); - SET_FOREACH(address, link->addresses, i) - if (!memcmp(&gateway, &address->in_addr.in6, sizeof(address->in_addr.in6))) { + SET_FOREACH(address, link->addresses, i) { + if (address->family != AF_INET6) + continue; + if (in_addr_equal(AF_INET6, &gateway, &address->in_addr)) { char buffer[INET6_ADDRSTRLEN]; log_link_debug(link, "No NDisc route added, gateway %s matches local address", @@ -72,9 +74,12 @@ static int ndisc_router_process_default(Link *link, sd_ndisc_router *rt) { buffer, sizeof(buffer))); return 0; } + } - SET_FOREACH(address, link->addresses_foreign, i) - if (!memcmp(&gateway, &address->in_addr.in6, sizeof(address->in_addr.in6))) { + SET_FOREACH(address, link->addresses_foreign, i) { + if (address->family != AF_INET6) + continue; + if (in_addr_equal(AF_INET6, &gateway, &address->in_addr)) { char buffer[INET6_ADDRSTRLEN]; log_link_debug(link, "No NDisc route added, gateway %s matches local address", @@ -83,6 +88,7 @@ static int ndisc_router_process_default(Link *link, sd_ndisc_router *rt) { buffer, sizeof(buffer))); return 0; } + } r = sd_ndisc_router_get_preference(rt, &preference); if (r < 0) @@ -107,7 +113,7 @@ static int ndisc_router_process_default(Link *link, sd_ndisc_router *rt) { route->priority = link->network->dhcp_route_metric; route->protocol = RTPROT_RA; route->pref = preference; - route->gw.in6 = gateway; + route->gw = gateway; route->lifetime = time_now + lifetime * USEC_PER_SEC; route->mtu = mtu;