From: Martin Schwenke <martin@meltin.net>
Date: Wed, 20 Jul 2016 06:42:32 +0000 (+1000)
Subject: ctdb-tools: Avoid uninitialised memory access
X-Git-Tag: tdb-1.3.10~308
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d3c890225be0110f23b6249b160f825a482ad68f;p=thirdparty%2Fsamba.git

ctdb-tools: Avoid uninitialised memory access

==27786== Syscall param write(buf) points to uninitialised byte(s)
==27786==    at 0x62820D0: __write_nocancel (syscall-template.S:84)
==27786==    by 0x428B57: ctdb_queue_send (ctdb_io.c:322)
==27786==    by 0x41F3B1: ctdb_client_queue_pkt (ctdb_client.c:153)
==27786==    by 0x41F3B1: ctdb_client_send_message (ctdb_client.c:603)
==27786==    by 0x419FA3: srvid_broadcast.constprop.26 (ctdb.c:1965)
==27786==    by 0x41B869: control_reload_nodes_file (ctdb.c:5696)
==27786==    by 0x404DBA: main (ctdb.c:6008)
==27786==  Address 0x7ead310 is 144 bytes inside a block of size 168 alloc'd
==27786==    at 0x4C2BBCF: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==27786==    by 0x564DBEC: __talloc_with_prefix (talloc.c:675)
==27786==    by 0x564DBEC: __talloc (talloc.c:716)
==27786==    by 0x564DBEC: _talloc_named_const (talloc.c:873)
==27786==    by 0x564DBEC: _talloc_zero (talloc.c:2318)
==27786==    by 0x41E1E2: _ctdbd_allocate_pkt (ctdb_client.c:59)
==27786==    by 0x41F37D: ctdb_client_send_message (ctdb_client.c:594)
==27786==    by 0x419FA3: srvid_broadcast.constprop.26 (ctdb.c:1965)
==27786==    by 0x41B869: control_reload_nodes_file (ctdb.c:5696)
==27786==    by 0x404DBA: main (ctdb.c:6008)
==27786==

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---

diff --git a/ctdb/tools/ctdb.c b/ctdb/tools/ctdb.c
index 9f2abf28f55..8ea2fbce9fc 100644
--- a/ctdb/tools/ctdb.c
+++ b/ctdb/tools/ctdb.c
@@ -1904,8 +1904,6 @@ static int srvid_broadcast(struct ctdb_context *ctdb,
 	struct srvid_reply_handler_data reply_data;
 	struct timeval tv;
 
-	ZERO_STRUCT(request);
-
 	/* Time ticks to enable timeouts to be processed */
 	tevent_add_timer(ctdb->ev, ctdb, timeval_current_ofs(1, 0),
 			 ctdb_every_second, ctdb);
@@ -1914,12 +1912,16 @@ static int srvid_broadcast(struct ctdb_context *ctdb,
 	reply_srvid = getpid();
 
 	if (arg == NULL) {
+		ZERO_STRUCT(request);
+
 		request.pnn = pnn;
 		request.srvid = reply_srvid;
 
 		data.dptr = (uint8_t *)&request;
 		data.dsize = sizeof(request);
 	} else {
+		ZERO_STRUCT(request_data);
+
 		request_data.pnn = pnn;
 		request_data.srvid = reply_srvid;
 		request_data.timeout = *arg;