Re: [Openvpn-devel] [PATCH v2] interactive.c: fix usage of potentially uninitialized variable

Wed, 10 Oct 2018 10:27:09 -0700 

Hi,

Sorry I missed this patch cleaning up my mistake..

Gert has already reviewed and asked for this v2 so this may be redundant,
but fwiw:

On Mon, Oct 8, 2018 at 2:15 PM Lev Stipakov <lstipa...@gmail.com> wrote:

> From: Lev Stipakov <l...@openvpn.net>
>
> In function netsh_dns_cmd() it is possible to jump on a label and
> call free() on uninitialized pointer. Move pointer initialization
> above jump.
>
> To fix a few warnings which are treated as errors with SDL enabled,
> initialize pointers with NULL.
>
> Signed-off-by: Lev Stipakov <l...@openvpn.net>
> ---
> v2:
>  - remove NULL check before free() call
>  - remove unneeded NULL initializations in function body
>
>  src/openvpnserv/interactive.c | 7 +++----
>  1 file changed, 3 insertions(+), 4 deletions(-)
>
> diff --git a/src/openvpnserv/interactive.c b/src/openvpnserv/interactive.c
> index 8f92c24..4a571f5 100644
> --- a/src/openvpnserv/interactive.c
> +++ b/src/openvpnserv/interactive.c
> @@ -1015,6 +1015,7 @@ netsh_dns_cmd(const wchar_t *action, const wchar_t
> *proto, const wchar_t *if_nam
>      DWORD err = 0;
>      int timeout = 30000; /* in msec */
>      wchar_t argv0[MAX_PATH];
> +    wchar_t *cmdline = NULL;
>

Indeed this has to move up or the early jump to label out should be
replaced by "return err".

Is there a way to get gcc warn (or error) when jumping over unitialized
variables
that get referenced after the jump --  -Wjump-misses-init is noisy and
does not catch all.


>      if (!addr)
>      {
> @@ -1039,7 +1040,7 @@ netsh_dns_cmd(const wchar_t *action, const wchar_t
> *proto, const wchar_t *if_nam
>
>      /* max cmdline length in wchars -- include room for worst case and
> some */
>      size_t ncmdline = wcslen(fmt) + wcslen(if_name) + wcslen(addr) + 32 +
> 1;
> -    wchar_t *cmdline = malloc(ncmdline*sizeof(wchar_t));
> +    cmdline = malloc(ncmdline*sizeof(wchar_t));
>      if (!cmdline)
>      {
>          err = ERROR_OUTOFMEMORY;
> @@ -1350,7 +1351,7 @@ RunOpenvpn(LPVOID p)
>  {
>      HANDLE pipe = p;
>      HANDLE ovpn_pipe, svc_pipe;
> -    PTOKEN_USER svc_user, ovpn_user;
> +    PTOKEN_USER svc_user = NULL, ovpn_user = NULL;
>

Good catch -- these could get passed to free on errors.


>      HANDLE svc_token = NULL, imp_token = NULL, pri_token = NULL;
>      HANDLE stdin_read = NULL, stdin_write = NULL;
>      HANDLE stdout_write = NULL;
> @@ -1403,7 +1404,6 @@ RunOpenvpn(LPVOID p)
>          goto out;
>      }
>      len = 0;
> -    svc_user = NULL;
>      while (!GetTokenInformation(svc_token, TokenUser, svc_user, len,
> &len))
>      {
>          if (GetLastError() != ERROR_INSUFFICIENT_BUFFER)
> @@ -1436,7 +1436,6 @@ RunOpenvpn(LPVOID p)
>          goto out;
>      }
>      len = 0;
> -    ovpn_user = NULL;
>      while (!GetTokenInformation(imp_token, TokenUser, ovpn_user, len,
> &len))
>      {
>          if (GetLastError() != ERROR_INSUFFICIENT_BUFFER)
>

Thanks for the cleanup.

Acked-by: selva.n...@gmail.com

_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel














    











					Reply via email to