Re: [strongSwan-dev] [PATCH] socket-default: fix use of uninitialized memory when forcing source address on outgoing packet.

Fri, 30 Oct 2015 10:10:50 -0700 

Hi.
I don't see any _uninitialized_ memory here. What I see, however, is buf[] being used (via msg.msg_control) outside the scope it is defined in. So, I believe, a simpler fix would be to move the buf[] definition to the function-level scope. 

On 10/30/2015 06:42 PM, Maxime Bizon wrote:

Depending on compiler and cflags, it could be not working at all.


Signed-off-by: Maxime Bizon <[email protected]>
---
  .../plugins/socket_default/socket_default_socket.c     | 18 +++++++++++-------
  1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/src/libcharon/plugins/socket_default/socket_default_socket.c 
b/src/libcharon/plugins/socket_default/socket_default_socket.c
index dbfddbb..2fdfbe1 100644
--- a/src/libcharon/plugins/socket_default/socket_default_socket.c
+++ b/src/libcharon/plugins/socket_default/socket_default_socket.c
@@ -418,15 +418,17 @@ METHOD(socket_t, sender, status_t,
  #if defined(IP_PKTINFO) || defined(IP_SENDSRCADDR)
                        struct in_addr *addr;
                        struct sockaddr_in *sin;
+                       char *buf;
  #ifdef IP_PKTINFO
-                       char buf[CMSG_SPACE(sizeof(struct in_pktinfo))];
+                       size_t buf_size = CMSG_SPACE(sizeof(struct in_pktinfo));
                        struct in_pktinfo *pktinfo;
  #elif defined(IP_SENDSRCADDR)
-                       char buf[CMSG_SPACE(sizeof(struct in_addr))];
+                       size_t buf_size = CMSG_SPACE(sizeof(struct in_addr));
  #endif
-                       memset(buf, 0, sizeof(buf));
+                       buf = alloca(buf_size);
+                       memset(buf, 0, buf_size);
                        msg.msg_control = buf;
-                       msg.msg_controllen = sizeof(buf);
+                       msg.msg_controllen = buf_size;
                        cmsg = CMSG_FIRSTHDR(&msg);
                        cmsg->cmsg_level = SOL_IP;
  #ifdef IP_PKTINFO
@@ -446,13 +448,15 @@ METHOD(socket_t, sender, status_t,
  #ifdef HAVE_IN6_PKTINFO
                else
                {
-                       char buf[CMSG_SPACE(sizeof(struct in6_pktinfo))];
+                       size_t buf_size = CMSG_SPACE(sizeof(struct 
in6_pktinfo));
+                       char *buf;
                        struct in6_pktinfo *pktinfo;
                        struct sockaddr_in6 *sin;

-                       memset(buf, 0, sizeof(buf));
+                       buf = alloca(buf_size);
+                       memset(buf, 0, buf_size);
                        msg.msg_control = buf;
-                       msg.msg_controllen = sizeof(buf);
+                       msg.msg_controllen = buf_size;
                        cmsg = CMSG_FIRSTHDR(&msg);
                        cmsg->cmsg_level = SOL_IPV6;
                        cmsg->cmsg_type = IPV6_PKTINFO;


_______________________________________________
Dev mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/dev






















					Reply via email to