From: Andreas Schneider <asn@samba.org>
Date: Thu, 20 Jun 2024 12:42:54 +0000 (+0200)
Subject: s3:rpc_client: Initialize struct security_ace
X-Git-Tag: tdb-1.4.11~244
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=d755bc43d8f1fc95da55b2e6efedf19c61f99c61;p=thirdparty%2Fsamba.git

s3:rpc_client: Initialize struct security_ace

"Error: UNINIT (CWE-457):
samba-4.20.0rc2/source3/rpc_client/init_spoolss.c:348: var_decl: Declaring variable ""ace"" without initializer.
samba-4.20.0rc2/source3/rpc_client/init_spoolss.c:415: uninit_use_in_call: Using uninitialized value ""*ace"". Field ""ace->object"" is uninitialized when calling ""make_sec_acl"".
  413|   	   NT5 machine. */
  414|
  415|-> 	if ((psa = make_sec_acl(mem_ctx, NT4_ACL_REVISION, i, ace)) != NULL) {
  416|   		psd = make_sec_desc(mem_ctx,
  417|   				    SD_REVISION,"

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
---

diff --git a/source3/rpc_client/init_spoolss.c b/source3/rpc_client/init_spoolss.c
index c341b82b6ee..a17505f592d 100644
--- a/source3/rpc_client/init_spoolss.c
+++ b/source3/rpc_client/init_spoolss.c
@@ -345,7 +345,7 @@ WERROR spoolss_create_default_devmode(TALLOC_CTX *mem_ctx,
 WERROR spoolss_create_default_secdesc(TALLOC_CTX *mem_ctx,
 				      struct spoolss_security_descriptor **secdesc)
 {
-	struct security_ace ace[7];	/* max number of ace entries */
+	struct security_ace ace[7] = {0};	/* max number of ace entries */
 	int i = 0;
 	uint32_t sa;
 	struct security_acl *psa = NULL;