Blame SOURCES/0008-Issue-51095-abort-operation-if-CSN-can-not-be-genera.patch

5873fa
From 8d14ff153e9335b09739438344f9c3c78a496548 Mon Sep 17 00:00:00 2001
5873fa
From: Mark Reynolds <mreynolds@redhat.com>
5873fa
Date: Fri, 22 May 2020 10:42:11 -0400
5873fa
Subject: [PATCH 08/12] Issue 51095 - abort operation if CSN can not be
5873fa
 generated
5873fa
5873fa
Bug Description:  If we fail to get the system time then we were using an
5873fa
                  uninitialized timespec struct which could lead to bizarre
5873fa
                  times in CSN's.
5873fa
5873fa
Fix description:  Check if the system time function fails, and if it does
5873fa
                  then abort the update operation.
5873fa
5873fa
relates: https://pagure.io/389-ds-base/issue/51095
5873fa
5873fa
Reviewed by: firstyear & tbordaz(Thanks!!)
5873fa
---
5873fa
 ldap/servers/plugins/replication/repl5.h      |  2 +-
5873fa
 .../plugins/replication/repl5_replica.c       | 33 ++++++++------
5873fa
 ldap/servers/slapd/back-ldbm/ldbm_add.c       |  8 +++-
5873fa
 ldap/servers/slapd/back-ldbm/ldbm_delete.c    |  9 +++-
5873fa
 ldap/servers/slapd/back-ldbm/ldbm_modify.c    | 10 ++++-
5873fa
 ldap/servers/slapd/back-ldbm/ldbm_modrdn.c    |  8 +++-
5873fa
 ldap/servers/slapd/csngen.c                   | 18 +++++++-
5873fa
 ldap/servers/slapd/entrywsi.c                 | 15 ++++---
5873fa
 ldap/servers/slapd/slap.h                     |  2 +-
5873fa
 ldap/servers/slapd/slapi-plugin.h             |  8 ++++
5873fa
 ldap/servers/slapd/slapi-private.h            |  5 ++-
5873fa
 ldap/servers/slapd/time.c                     | 43 +++++++++++++------
5873fa
 12 files changed, 118 insertions(+), 43 deletions(-)
5873fa
5873fa
diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h
5873fa
index 72b7089e3..638471744 100644
5873fa
--- a/ldap/servers/plugins/replication/repl5.h
5873fa
+++ b/ldap/servers/plugins/replication/repl5.h
5873fa
@@ -776,7 +776,7 @@ void replica_disable_replication(Replica *r);
5873fa
 int replica_start_agreement(Replica *r, Repl_Agmt *ra);
5873fa
 int windows_replica_start_agreement(Replica *r, Repl_Agmt *ra);
5873fa
 
5873fa
-CSN *replica_generate_next_csn(Slapi_PBlock *pb, const CSN *basecsn);
5873fa
+int32_t replica_generate_next_csn(Slapi_PBlock *pb, const CSN *basecsn, CSN **opcsn);
5873fa
 int replica_get_attr(Slapi_PBlock *pb, const char *type, void *value);
5873fa
 
5873fa
 /* mapping tree extensions manipulation */
5873fa
diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c
5873fa
index 02caa88d9..f01782330 100644
5873fa
--- a/ldap/servers/plugins/replication/repl5_replica.c
5873fa
+++ b/ldap/servers/plugins/replication/repl5_replica.c
5873fa
@@ -3931,11 +3931,9 @@ windows_replica_start_agreement(Replica *r, Repl_Agmt *ra)
5873fa
  * A callback function registered as op->o_csngen_handler and
5873fa
  * called by backend ops to generate opcsn.
5873fa
  */
5873fa
-CSN *
5873fa
-replica_generate_next_csn(Slapi_PBlock *pb, const CSN *basecsn)
5873fa
+int32_t
5873fa
+replica_generate_next_csn(Slapi_PBlock *pb, const CSN *basecsn, CSN **opcsn)
5873fa
 {
5873fa
-    CSN *opcsn = NULL;
5873fa
-
5873fa
     Replica *replica = replica_get_replica_for_op(pb);
5873fa
     if (NULL != replica) {
5873fa
         Slapi_Operation *op;
5873fa
@@ -3946,17 +3944,26 @@ replica_generate_next_csn(Slapi_PBlock *pb, const CSN *basecsn)
5873fa
                 CSNGen *gen = (CSNGen *)object_get_data(gen_obj);
5873fa
                 if (NULL != gen) {
5873fa
                     /* The new CSN should be greater than the base CSN */
5873fa
-                    csngen_new_csn(gen, &opcsn, PR_FALSE /* don't notify */);
5873fa
-                    if (csn_compare(opcsn, basecsn) <= 0) {
5873fa
-                        char opcsnstr[CSN_STRSIZE], basecsnstr[CSN_STRSIZE];
5873fa
+                    if (csngen_new_csn(gen, opcsn, PR_FALSE /* don't notify */) != CSN_SUCCESS) {
5873fa
+                        /* Failed to generate CSN we must abort */
5873fa
+                        object_release(gen_obj);
5873fa
+                        return -1;
5873fa
+                    }
5873fa
+                    if (csn_compare(*opcsn, basecsn) <= 0) {
5873fa
+                        char opcsnstr[CSN_STRSIZE];
5873fa
+                        char basecsnstr[CSN_STRSIZE];
5873fa
                         char opcsn2str[CSN_STRSIZE];
5873fa
 
5873fa
-                        csn_as_string(opcsn, PR_FALSE, opcsnstr);
5873fa
+                        csn_as_string(*opcsn, PR_FALSE, opcsnstr);
5873fa
                         csn_as_string(basecsn, PR_FALSE, basecsnstr);
5873fa
-                        csn_free(&opcsn);
5873fa
+                        csn_free(opcsn);
5873fa
                         csngen_adjust_time(gen, basecsn);
5873fa
-                        csngen_new_csn(gen, &opcsn, PR_FALSE /* don't notify */);
5873fa
-                        csn_as_string(opcsn, PR_FALSE, opcsn2str);
5873fa
+                        if (csngen_new_csn(gen, opcsn, PR_FALSE) != CSN_SUCCESS) {
5873fa
+                            /* Failed to generate CSN we must abort */
5873fa
+                            object_release(gen_obj);
5873fa
+                            return -1;
5873fa
+                        }
5873fa
+                        csn_as_string(*opcsn, PR_FALSE, opcsn2str);
5873fa
                         slapi_log_err(SLAPI_LOG_WARNING, repl_plugin_name,
5873fa
                                       "replica_generate_next_csn - "
5873fa
                                       "opcsn=%s <= basecsn=%s, adjusted opcsn=%s\n",
5873fa
@@ -3966,14 +3973,14 @@ replica_generate_next_csn(Slapi_PBlock *pb, const CSN *basecsn)
5873fa
                      * Insert opcsn into the csn pending list.
5873fa
                      * This is the notify effect in csngen_new_csn().
5873fa
                      */
5873fa
-                    assign_csn_callback(opcsn, (void *)replica);
5873fa
+                    assign_csn_callback(*opcsn, (void *)replica);
5873fa
                 }
5873fa
                 object_release(gen_obj);
5873fa
             }
5873fa
         }
5873fa
     }
5873fa
 
5873fa
-    return opcsn;
5873fa
+    return 0;
5873fa
 }
5873fa
 
5873fa
 /*
5873fa
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_add.c b/ldap/servers/slapd/back-ldbm/ldbm_add.c
5873fa
index d0d88bf16..ee366c74c 100644
5873fa
--- a/ldap/servers/slapd/back-ldbm/ldbm_add.c
5873fa
+++ b/ldap/servers/slapd/back-ldbm/ldbm_add.c
5873fa
@@ -645,7 +645,13 @@ ldbm_back_add(Slapi_PBlock *pb)
5873fa
                          * Current op is a user request. Opcsn will be assigned
5873fa
                          * if the dn is in an updatable replica.
5873fa
                          */
5873fa
-                        opcsn = entry_assign_operation_csn(pb, e, parententry ? parententry->ep_entry : NULL);
5873fa
+                        if (entry_assign_operation_csn(pb, e, parententry ? parententry->ep_entry : NULL, &opcsn) != 0) {
5873fa
+                            slapi_log_err(SLAPI_LOG_ERR, "ldbm_back_add",
5873fa
+                                    "failed to generate add CSN for entry (%s), aborting operation\n",
5873fa
+                                    slapi_entry_get_dn(e));
5873fa
+                            ldap_result_code = LDAP_OPERATIONS_ERROR;
5873fa
+                            goto error_return;
5873fa
+                        }
5873fa
                     }
5873fa
                     if (opcsn != NULL) {
5873fa
                         entry_set_csn(e, opcsn);
5873fa
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_delete.c b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
5873fa
index 873b5b00e..fbcb57310 100644
5873fa
--- a/ldap/servers/slapd/back-ldbm/ldbm_delete.c
5873fa
+++ b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
5873fa
@@ -464,7 +464,14 @@ replace_entry:
5873fa
                      * by entry_assign_operation_csn() if the dn is in an
5873fa
                      * updatable replica.
5873fa
                      */
5873fa
-                    opcsn = entry_assign_operation_csn ( pb, e->ep_entry, NULL );
5873fa
+                    if (entry_assign_operation_csn(pb, e->ep_entry, NULL, &opcsn) != 0) {
5873fa
+                        slapi_log_err(SLAPI_LOG_ERR, "ldbm_back_delete",
5873fa
+                                "failed to generate delete CSN for entry (%s), aborting operation\n",
5873fa
+                                slapi_entry_get_dn(e->ep_entry));
5873fa
+                        retval = -1;
5873fa
+                        ldap_result_code = LDAP_OPERATIONS_ERROR;
5873fa
+                        goto error_return;
5873fa
+                    }
5873fa
                 }
5873fa
                 if (opcsn != NULL) {
5873fa
                     if (!is_fixup_operation) {
5873fa
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modify.c b/ldap/servers/slapd/back-ldbm/ldbm_modify.c
5873fa
index b0c477e3f..e9d7e87e3 100644
5873fa
--- a/ldap/servers/slapd/back-ldbm/ldbm_modify.c
5873fa
+++ b/ldap/servers/slapd/back-ldbm/ldbm_modify.c
5873fa
@@ -598,12 +598,18 @@ ldbm_back_modify(Slapi_PBlock *pb)
5873fa
                     goto error_return;
5873fa
                 }
5873fa
                 opcsn = operation_get_csn(operation);
5873fa
-                if (NULL == opcsn && operation->o_csngen_handler) {
5873fa
+                if (opcsn == NULL && operation->o_csngen_handler) {
5873fa
                     /*
5873fa
                      * Current op is a user request. Opcsn will be assigned
5873fa
                      * if the dn is in an updatable replica.
5873fa
                      */
5873fa
-                    opcsn = entry_assign_operation_csn(pb, e->ep_entry, NULL);
5873fa
+                    if (entry_assign_operation_csn(pb, e->ep_entry, NULL, &opcsn) != 0) {
5873fa
+                        slapi_log_err(SLAPI_LOG_ERR, "ldbm_back_modify",
5873fa
+                                "failed to generate modify CSN for entry (%s), aborting operation\n",
5873fa
+                                slapi_entry_get_dn(e->ep_entry));
5873fa
+                        ldap_result_code = LDAP_OPERATIONS_ERROR;
5873fa
+                        goto error_return;
5873fa
+                    }
5873fa
                 }
5873fa
                 if (opcsn) {
5873fa
                     entry_set_maxcsn(e->ep_entry, opcsn);
5873fa
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
5873fa
index 26698012a..fde83c99f 100644
5873fa
--- a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
5873fa
+++ b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
5873fa
@@ -543,7 +543,13 @@ ldbm_back_modrdn(Slapi_PBlock *pb)
5873fa
                      * Current op is a user request. Opcsn will be assigned
5873fa
                      * if the dn is in an updatable replica.
5873fa
                      */
5873fa
-                    opcsn = entry_assign_operation_csn(pb, e->ep_entry, parententry ? parententry->ep_entry : NULL);
5873fa
+                    if (entry_assign_operation_csn(pb, e->ep_entry, parententry ? parententry->ep_entry : NULL, &opcsn) != 0) {
5873fa
+                        slapi_log_err(SLAPI_LOG_ERR, "ldbm_back_modrdn",
5873fa
+                                "failed to generate modrdn CSN for entry (%s), aborting operation\n",
5873fa
+                                slapi_entry_get_dn(e->ep_entry));
5873fa
+                        ldap_result_code = LDAP_OPERATIONS_ERROR;
5873fa
+                        goto error_return;
5873fa
+                    }
5873fa
                 }
5873fa
                 if (opcsn != NULL) {
5873fa
                     entry_set_maxcsn(e->ep_entry, opcsn);
5873fa
diff --git a/ldap/servers/slapd/csngen.c b/ldap/servers/slapd/csngen.c
5873fa
index 68dbbda8e..b08d8b25c 100644
5873fa
--- a/ldap/servers/slapd/csngen.c
5873fa
+++ b/ldap/servers/slapd/csngen.c
5873fa
@@ -164,6 +164,7 @@ csngen_free(CSNGen **gen)
5873fa
 int
5873fa
 csngen_new_csn(CSNGen *gen, CSN **csn, PRBool notify)
5873fa
 {
5873fa
+    struct timespec now = {0};
5873fa
     int rc = CSN_SUCCESS;
5873fa
     time_t cur_time;
5873fa
     int delta;
5873fa
@@ -179,12 +180,25 @@ csngen_new_csn(CSNGen *gen, CSN **csn, PRBool notify)
5873fa
         return CSN_MEMORY_ERROR;
5873fa
     }
5873fa
 
5873fa
-    slapi_rwlock_wrlock(gen->lock);
5873fa
+    if ((rc = slapi_clock_gettime(&now)) != 0) {
5873fa
+        /* Failed to get system time, we must abort */
5873fa
+        slapi_log_err(SLAPI_LOG_ERR, "csngen_new_csn",
5873fa
+                "Failed to get system time (%s)\n",
5873fa
+                slapd_system_strerror(rc));
5873fa
+        return CSN_TIME_ERROR;
5873fa
+    }
5873fa
+    cur_time = now.tv_sec;
5873fa
 
5873fa
-    cur_time = slapi_current_utc_time();
5873fa
+    slapi_rwlock_wrlock(gen->lock);
5873fa
 
5873fa
     /* check if the time should be adjusted */
5873fa
     delta = cur_time - gen->state.sampled_time;
5873fa
+    if (delta > _SEC_PER_DAY || delta < (-1 * _SEC_PER_DAY)) {
5873fa
+        /* We had a jump larger than a day */
5873fa
+        slapi_log_err(SLAPI_LOG_INFO, "csngen_new_csn",
5873fa
+                "Detected large jump in CSN time.  Delta: %d (current time: %ld  vs  previous time: %ld)\n",
5873fa
+                delta, cur_time, gen->state.sampled_time);
5873fa
+    }
5873fa
     if (delta > 0) {
5873fa
         rc = _csngen_adjust_local_time(gen, cur_time);
5873fa
         if (rc != CSN_SUCCESS) {
5873fa
diff --git a/ldap/servers/slapd/entrywsi.c b/ldap/servers/slapd/entrywsi.c
5873fa
index 5d1d7238a..31bf65d8e 100644
5873fa
--- a/ldap/servers/slapd/entrywsi.c
5873fa
+++ b/ldap/servers/slapd/entrywsi.c
5873fa
@@ -224,13 +224,12 @@ entry_add_rdn_csn(Slapi_Entry *e, const CSN *csn)
5873fa
     slapi_rdn_free(&rdn;;
5873fa
 }
5873fa
 
5873fa
-CSN *
5873fa
-entry_assign_operation_csn(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *parententry)
5873fa
+int32_t
5873fa
+entry_assign_operation_csn(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *parententry, CSN **opcsn)
5873fa
 {
5873fa
     Slapi_Operation *op;
5873fa
     const CSN *basecsn = NULL;
5873fa
     const CSN *parententry_dncsn = NULL;
5873fa
-    CSN *opcsn = NULL;
5873fa
 
5873fa
     slapi_pblock_get(pb, SLAPI_OPERATION, &op);
5873fa
 
5873fa
@@ -252,14 +251,16 @@ entry_assign_operation_csn(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *parent
5873fa
                 basecsn = parententry_dncsn;
5873fa
             }
5873fa
         }
5873fa
-        opcsn = op->o_csngen_handler(pb, basecsn);
5873fa
+        if(op->o_csngen_handler(pb, basecsn, opcsn) != 0) {
5873fa
+            return -1;
5873fa
+        }
5873fa
 
5873fa
-        if (NULL != opcsn) {
5873fa
-            operation_set_csn(op, opcsn);
5873fa
+        if (*opcsn) {
5873fa
+            operation_set_csn(op, *opcsn);
5873fa
         }
5873fa
     }
5873fa
 
5873fa
-    return opcsn;
5873fa
+    return 0;
5873fa
 }
5873fa
 
5873fa
 /*
5873fa
diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
5873fa
index a4cae784a..cef8c789c 100644
5873fa
--- a/ldap/servers/slapd/slap.h
5873fa
+++ b/ldap/servers/slapd/slap.h
5873fa
@@ -1480,7 +1480,7 @@ struct op;
5873fa
 typedef void (*result_handler)(struct conn *, struct op *, int, char *, char *, int, struct berval **);
5873fa
 typedef int (*search_entry_handler)(Slapi_Backend *, struct conn *, struct op *, struct slapi_entry *);
5873fa
 typedef int (*search_referral_handler)(Slapi_Backend *, struct conn *, struct op *, struct berval **);
5873fa
-typedef CSN *(*csngen_handler)(Slapi_PBlock *pb, const CSN *basecsn);
5873fa
+typedef int32_t *(*csngen_handler)(Slapi_PBlock *pb, const CSN *basecsn, CSN **opcsn);
5873fa
 typedef int (*replica_attr_handler)(Slapi_PBlock *pb, const char *type, void **value);
5873fa
 
5873fa
 /*
5873fa
diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h
5873fa
index be1e52e4d..834a98742 100644
5873fa
--- a/ldap/servers/slapd/slapi-plugin.h
5873fa
+++ b/ldap/servers/slapd/slapi-plugin.h
5873fa
@@ -6743,6 +6743,14 @@ int slapi_reslimit_get_integer_limit(Slapi_Connection *conn, int handle, int *li
5873fa
  */
5873fa
 time_t slapi_current_time(void) __attribute__((deprecated));
5873fa
 
5873fa
+/**
5873fa
+ * Get the system time and check for errors.  Return
5873fa
+ *
5873fa
+ * \param tp - a timespec struct where the system time is set
5873fa
+ * \return result code, upon success tp is set to the system time
5873fa
+ */
5873fa
+int32_t slapi_clock_gettime(struct timespec *tp);
5873fa
+
5873fa
 /**
5873fa
  * Returns the current system time as a hr clock relative to uptime
5873fa
  * This means the clock is not affected by timezones
5873fa
diff --git a/ldap/servers/slapd/slapi-private.h b/ldap/servers/slapd/slapi-private.h
5873fa
index d85ee43e5..c98c1947c 100644
5873fa
--- a/ldap/servers/slapd/slapi-private.h
5873fa
+++ b/ldap/servers/slapd/slapi-private.h
5873fa
@@ -233,7 +233,8 @@ enum
5873fa
     CSN_INVALID_PARAMETER, /* invalid function argument */
5873fa
     CSN_INVALID_FORMAT,    /* invalid state format */
5873fa
     CSN_LDAP_ERROR,        /* LDAP operation failed */
5873fa
-    CSN_NSPR_ERROR         /* NSPR API failure */
5873fa
+    CSN_NSPR_ERROR,        /* NSPR API failure */
5873fa
+    CSN_TIME_ERROR         /* Error generating new CSN due to clock failure */
5873fa
 };
5873fa
 
5873fa
 typedef struct csngen CSNGen;
5873fa
@@ -326,7 +327,7 @@ int slapi_entries_diff(Slapi_Entry **old_entries, Slapi_Entry **new_entries, int
5873fa
 void set_attr_to_protected_list(char *attr, int flag);
5873fa
 
5873fa
 /* entrywsi.c */
5873fa
-CSN *entry_assign_operation_csn(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *parententry);
5873fa
+int32_t entry_assign_operation_csn(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *parententry, CSN **opcsn);
5873fa
 const CSN *entry_get_maxcsn(const Slapi_Entry *entry);
5873fa
 void entry_set_maxcsn(Slapi_Entry *entry, const CSN *csn);
5873fa
 const CSN *entry_get_dncsn(const Slapi_Entry *entry);
5873fa
diff --git a/ldap/servers/slapd/time.c b/ldap/servers/slapd/time.c
5873fa
index 8048a3359..545538404 100644
5873fa
--- a/ldap/servers/slapd/time.c
5873fa
+++ b/ldap/servers/slapd/time.c
5873fa
@@ -61,6 +61,25 @@ poll_current_time()
5873fa
     return 0;
5873fa
 }
5873fa
 
5873fa
+/*
5873fa
+ * Check if the time function returns an error.  If so return the errno
5873fa
+ */
5873fa
+int32_t
5873fa
+slapi_clock_gettime(struct timespec *tp)
5873fa
+{
5873fa
+    int32_t rc = 0;
5873fa
+
5873fa
+    PR_ASSERT(tp && tp->tv_nsec == 0 && tp->tv_sec == 0);
5873fa
+
5873fa
+    if (clock_gettime(CLOCK_REALTIME, tp) != 0) {
5873fa
+        rc = errno;
5873fa
+    }
5873fa
+
5873fa
+    PR_ASSERT(rc == 0);
5873fa
+
5873fa
+    return rc;
5873fa
+}
5873fa
+
5873fa
 time_t
5873fa
 current_time(void)
5873fa
 {
5873fa
@@ -69,7 +88,7 @@ current_time(void)
5873fa
      * but this should be removed in favour of the
5873fa
      * more accurately named slapi_current_utc_time
5873fa
      */
5873fa
-    struct timespec now;
5873fa
+    struct timespec now = {0};
5873fa
     clock_gettime(CLOCK_REALTIME, &now;;
5873fa
     return now.tv_sec;
5873fa
 }
5873fa
@@ -83,7 +102,7 @@ slapi_current_time(void)
5873fa
 struct timespec
5873fa
 slapi_current_rel_time_hr(void)
5873fa
 {
5873fa
-    struct timespec now;
5873fa
+    struct timespec now = {0};
5873fa
     clock_gettime(CLOCK_MONOTONIC, &now;;
5873fa
     return now;
5873fa
 }
5873fa
@@ -91,7 +110,7 @@ slapi_current_rel_time_hr(void)
5873fa
 struct timespec
5873fa
 slapi_current_utc_time_hr(void)
5873fa
 {
5873fa
-    struct timespec ltnow;
5873fa
+    struct timespec ltnow = {0};
5873fa
     clock_gettime(CLOCK_REALTIME, &ltnow);
5873fa
     return ltnow;
5873fa
 }
5873fa
@@ -99,7 +118,7 @@ slapi_current_utc_time_hr(void)
5873fa
 time_t
5873fa
 slapi_current_utc_time(void)
5873fa
 {
5873fa
-    struct timespec ltnow;
5873fa
+    struct timespec ltnow = {0};
5873fa
     clock_gettime(CLOCK_REALTIME, &ltnow);
5873fa
     return ltnow.tv_sec;
5873fa
 }
5873fa
@@ -108,8 +127,8 @@ void
5873fa
 slapi_timestamp_utc_hr(char *buf, size_t bufsize)
5873fa
 {
5873fa
     PR_ASSERT(bufsize >= SLAPI_TIMESTAMP_BUFSIZE);
5873fa
-    struct timespec ltnow;
5873fa
-    struct tm utctm;
5873fa
+    struct timespec ltnow = {0};
5873fa
+    struct tm utctm = {0};
5873fa
     clock_gettime(CLOCK_REALTIME, &ltnow);
5873fa
     gmtime_r(&(ltnow.tv_sec), &utctm);
5873fa
     strftime(buf, bufsize, "%Y%m%d%H%M%SZ", &utctm);
5873fa
@@ -140,7 +159,7 @@ format_localTime_log(time_t t, int initsize __attribute__((unused)), char *buf,
5873fa
 {
5873fa
 
5873fa
     long tz;
5873fa
-    struct tm *tmsp, tms;
5873fa
+    struct tm *tmsp, tms = {0};
5873fa
     char tbuf[*bufsize];
5873fa
     char sign;
5873fa
     /* make sure our buffer will be big enough. Need at least 29 */
5873fa
@@ -191,7 +210,7 @@ format_localTime_hr_log(time_t t, long nsec, int initsize __attribute__((unused)
5873fa
 {
5873fa
 
5873fa
     long tz;
5873fa
-    struct tm *tmsp, tms;
5873fa
+    struct tm *tmsp, tms = {0};
5873fa
     char tbuf[*bufsize];
5873fa
     char sign;
5873fa
     /* make sure our buffer will be big enough. Need at least 39 */
5873fa
@@ -278,7 +297,7 @@ slapi_timespec_expire_check(struct timespec *expire)
5873fa
     if (expire->tv_sec == 0 && expire->tv_nsec == 0) {
5873fa
         return TIMER_CONTINUE;
5873fa
     }
5873fa
-    struct timespec now;
5873fa
+    struct timespec now = {0};
5873fa
     clock_gettime(CLOCK_MONOTONIC, &now;;
5873fa
     if (now.tv_sec > expire->tv_sec ||
5873fa
         (expire->tv_sec == now.tv_sec && now.tv_sec > expire->tv_nsec)) {
5873fa
@@ -293,7 +312,7 @@ format_localTime(time_t from)
5873fa
        in the syntax of a generalizedTime, except without the time zone. */
5873fa
 {
5873fa
     char *into;
5873fa
-    struct tm t;
5873fa
+    struct tm t = {0};
5873fa
 
5873fa
     localtime_r(&from, &t);
5873fa
 
5873fa
@@ -362,7 +381,7 @@ format_genTime(time_t from)
5873fa
        in the syntax of a generalizedTime. */
5873fa
 {
5873fa
     char *into;
5873fa
-    struct tm t;
5873fa
+    struct tm t = {0};
5873fa
 
5873fa
     gmtime_r(&from, &t);
5873fa
     into = slapi_ch_malloc(SLAPI_TIMESTAMP_BUFSIZE);
5873fa
@@ -382,7 +401,7 @@ time_t
5873fa
 read_genTime(struct berval *from)
5873fa
 {
5873fa
     struct tm t = {0};
5873fa
-    time_t retTime;
5873fa
+    time_t retTime = {0};
5873fa
     time_t diffsec = 0;
5873fa
     int i, gflag = 0, havesec = 0;
5873fa
 
5873fa
-- 
5873fa
2.26.2
5873fa