from:"Mark Latimer"

Uninitialized timestamps set in sppp_input

2015-11-08 Thread Mark Latimer

Hello,

In sys/net/if_spppsubr.c last activity time stamps can be set to
uninitialized values.

Found with clang.

Regards

 Index: sys/net/if_spppsubr.c
===
RCS file: /cvs/src/sys/net/if_spppsubr.c,v
retrieving revision 1.144
diff -u -p -r1.144 if_spppsubr.c
--- sys/net/if_spppsubr.c   2 Nov 2015 11:19:30 -   1.144
+++ sys/net/if_spppsubr.c   9 Nov 2015 07:44:58 -
@@ -509,6 +509,7 @@ sppp_input(struct ifnet *ifp, struct mbu
case PPP_IP:
if (sp->state[IDX_IPCP] == STATE_OPENED) {
inq = &ipintrq;
+   getmicrouptime(&tv);
sp->pp_last_activity = tv.tv_sec;
}
break;
@@ -521,6 +522,7 @@ sppp_input(struct ifnet *ifp, struct mbu
case PPP_IPV6:
if (sp->state[IDX_IPV6CP] == STATE_OPENED) {
inq = &ip6intrq;
+   getmicrouptime(&tv);
sp->pp_last_activity = tv.tv_sec;
}
break;

Use uninitialized in sys/kern/uipc_syscalls.c

2015-11-08 Thread Mark Latimer

Hello,

clang reports (from a recent -current) a use uninitialized if doaccept
in sys/kern/uipc_syscalls.c . If isdnssocket fails resulting in goto
bad where both s and headfp have not yet been initialized, conceivably
resulting in undefined effects.

Regards

Mark

===
RCS file: /cvs/src/sys/kern/uipc_syscalls.c,v
retrieving revision 1.123
diff -u -p -r1.123 uipc_syscalls.c
--- kern/uipc_syscalls.c1 Nov 2015 19:03:33 -   1.123
+++ kern/uipc_syscalls.c8 Nov 2015 22:30:12 -
@@ -240,13 +240,13 @@ doaccept(struct proc *p, int sock, struc
return (error);
if ((error = getsock(p, sock, &fp)) != 0)
return (error);
+   s = splsoftnet();
+   headfp = fp;
+   head = fp->f_data;
if (isdnssocket((struct socket *)fp->f_data)) {
error = EINVAL;
goto bad;
}
-   headfp = fp;
-   s = splsoftnet();
-   head = fp->f_data;
 redo:
if ((head->so_options & SO_ACCEPTCONN) == 0) {
error = EINVAL;

Potential free uninitialized pointer in kern_ktrace.c

2015-08-01 Thread Mark Latimer

Hello,

reading through the compiler warnings I believe there is a potential issue
in /usr/src/sys/kern/kern_ktrace.c At first glance it appears to free
an uninitialized pointer memp.

Regards

int
ktruser(struct proc *p, const char *id, const void *addr, size_t len)
{
struct ktr_header kth;
struct ktr_user ktp;
int error;
//uninitalized
void *memp;
#define STK_PARAMS  128
long long stkbuf[STK_PARAMS / sizeof(long long)];

if (!KTRPOINT(p, KTR_USER))
return (0);
if (len > KTR_USER_MAXLEN)
return (EINVAL);

atomic_setbits_int(&p->p_flag, P_INKTR);
ktrinitheader(&kth, p, KTR_USER);
memset(ktp.ktr_id, 0, KTR_USER_MAXIDLEN);
error = copyinstr(id, ktp.ktr_id, KTR_USER_MAXIDLEN, NULL);
//if error then skip setting memp
if (error)
goto out;

if (len > sizeof(stkbuf))
memp = malloc(len, M_TEMP, M_WAITOK);
else
memp = stkbuf;
error = copyin(addr, memp, len);
if (error)
goto out;

ktrwrite2(p, &kth, &ktp, sizeof(ktp), memp, len);
out:
// frees the uninitialized pointer
if (memp != stkbuf)
free(memp, M_TEMP, len);

Uninitialized timestamps set in sppp_input

Use uninitialized in sys/kern/uipc_syscalls.c

Potential free uninitialized pointer in kern_ktrace.c

3 matches

Site Navigation

Mail list logo

Footer information