Hi Claudio,
thanks for answering promptly, much appreciated.
Kind regards,
Alexandre Hamada
On 02/10/2019 17:17, Claudio Jeker wrote:
On Wed, Oct 02, 2019 at 03:41:06PM -0300, Alexandre Hamada wrote:
Hi Tech,
I've found a missing initialization at ip.c (rpki-client project), and I
would like to share this patch with the repository maintainer.
Kind regards,
Alexandre Hamada
Thanks for this patch. The memset() of addr makes sense and I will commit
this part tomorrow if nobody else does it before me.
I will skip the first hunk checking the addr argument for NULL. The right
use of this function is to pass a valid pointer to a struct ip_addr. There
is no need to check for one particular case of misuse here. Let the
program crash if one of the callers is doing it wrong and the person
introducing the bug will find it quickly. Currently all callers are safe.
https://patch-diff.githubusercontent.com/raw/kristapsdz/rpki-client/pull/8.patch
From e74a5c02fbab9172dd856fc7214be42ef1dc6b65 Mon Sep 17 00:00:00 2001
From: dev-gto <[email protected]>
Date: Wed, 2 Oct 2019 15:34:28 -0300
Subject: [PATCH] Fix non-initialized addr
Running test-roa several times on the same .roa containing /24 ipV4 block gives
different output in the last octet.
---
ip.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/ip.c b/ip.c
index 8587c42..968a474 100644
--- a/ip.c
+++ b/ip.c
@@ -205,6 +205,9 @@ ip_addr_parse(const ASN1_BIT_STRING *p,
warnx("%s: RFC 3779 section 2.2.3.8: "
"unused bit count must be zero if length is zero", fn);
return 0;
+ } else if (addr == NULL) {
+ warnx("%s: Invalid param addr", fn);
+ return 0;
}
/*
@@ -229,6 +232,7 @@ ip_addr_parse(const ASN1_BIT_STRING *p,
return 0;
}
+ memset (addr, 0, sizeof(struct ip_addr));
addr->prefixlen = p->length * 8 - unused;
memcpy(addr->addr, p->data, p->length);
return 1;
