Blob Blame History Raw
From 423f9e7d93c4971a5a02b2ea5dc352f4bf2dfd9f Mon Sep 17 00:00:00 2001
From: Laine Stump <laine@laine.org>
Date: Tue, 7 Jan 2014 20:12:06 +0200
Subject: [PATCH] eliminate use of uninitialized data when getting mac address

https://bugzilla.redhat.com/show_bug.cgi?id=1046594

If the call to get_augeas() at the top of aug_get_mac() failed, we
would goto error and FREE(path), which would not have been
initialized. And if by some magic of fate we happened to get past
that, we would return garbage for the return code, since r was also
not initialized. This patch initializes both path and r to fix the
crash documented in Bug 1046594.

Although it doesn't directly impact the referenced bug, a quick audit
of other functions in the same file showed that defnode() had the same
problem with uninitialized "r". Beyond that, I also defensively
initialized the pointer to mac address to NULL both in aug_get_mac()
as well as two of its callers, to make future audits of the code
easier, and to shut up both valgrind and whatever static analyzers
might be run on the code.

(cherry picked from commit 8ed36d22fbc792474ca9c3b06c8a326b1fb5af08)
---
 src/drv_redhat.c  | 4 ++--
 src/drv_suse.c    | 4 ++--
 src/dutil_linux.c | 9 +++++----
 3 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/src/drv_redhat.c b/src/drv_redhat.c
index b5b8694..e9d25cb 100644
--- a/src/drv_redhat.c
+++ b/src/drv_redhat.c
@@ -1,7 +1,7 @@
 /*
  * drv_redhat.c: the Red Hat distro family backend for netcf
  *
- * Copyright (C) 2009-2013 Red Hat Inc.
+ * Copyright (C) 2009-2014 Red Hat Inc.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -989,7 +989,7 @@ int drv_lookup_by_mac_string(struct netcf *ncf, const char *mac,
 
 const char *drv_mac_string(struct netcf_if *nif) {
     struct netcf *ncf = nif->ncf;
-    const char *mac;
+    const char *mac = NULL;
     char *path = NULL;
     int r;
 
diff --git a/src/drv_suse.c b/src/drv_suse.c
index e59d7d3..e346c27 100644
--- a/src/drv_suse.c
+++ b/src/drv_suse.c
@@ -2,7 +2,7 @@
  * drv_suse.c: the suse backend for netcf
  *
  * Copyright (C) 2010 Novell Inc.
- * Copyright (C) 2009-2013 Red Hat Inc.
+ * Copyright (C) 2009-2014 Red Hat Inc.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -1132,7 +1132,7 @@ int drv_lookup_by_mac_string(struct netcf *ncf, const char *mac,
 
 const char *drv_mac_string(struct netcf_if *nif) {
     struct netcf *ncf = nif->ncf;
-    const char *mac;
+    const char *mac = NULL;
     char *path = NULL;
     int r;
 
diff --git a/src/dutil_linux.c b/src/dutil_linux.c
index 271c515..7af741e 100644
--- a/src/dutil_linux.c
+++ b/src/dutil_linux.c
@@ -1,7 +1,7 @@
 /*
  * dutil_linux.c: Linux utility functions for driver backends.
  *
- * Copyright (C) 2009-2012 Red Hat Inc.
+ * Copyright (C) 2009-2012, 2014 Red Hat Inc.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -221,7 +221,7 @@ int defnode(struct netcf *ncf, const char *name, const char *value,
     struct augeas *aug = get_augeas(ncf);
     va_list ap;
     char *expr = NULL;
-    int r, created;
+    int r = -1, created;
 
     ERR_BAIL(ncf);
 
@@ -370,10 +370,11 @@ int aug_match_mac(struct netcf *ncf, const char *mac, char ***matches) {
 
 /* Get the MAC address of the interface INTF */
 int aug_get_mac(struct netcf *ncf, const char *intf, const char **mac) {
-    int r;
-    char *path;
+    int r = -1;
+    char *path = NULL;
     struct augeas *aug = get_augeas(ncf);
 
+    *mac = NULL;
     ERR_BAIL(ncf);
 
     r = xasprintf(&path, "/files/sys/class/net/%s/address/content", intf);
-- 
1.8.3.1