Bug #4867
closedUninitialized variables in libnsl
100%
Description
I temporarily removed -Wno-uninitialized from usr/src/lib/libnsl/Makefile.com and tried to compile libnsl. Most of the errors reported were just a false positives, but I found few real problems:
Issue 1
In netname2user() the res might be used uninitialized:
421 if (strcmp(look->service_name, "nis") == 0) 422 res = netname2user_nis(&err, (char *)netname, &argp); 423 else if (strcmp(look->service_name, "files") == 0) 424 res = netname2user_files(&err, (char *)netname, &argp); 425 else if (strcmp(look->service_name, "ldap") == 0) 426 res = netname2user_ldap(&err, (char *)netname, &argp); 427 else { 428 syslog(LOG_INFO, 429 "netname2user: unknown nameservice for publickey" 430 "info '%s'\\n", look->service_name); 431 err = __NSW_UNAVAIL; 432 } 433 switch (look->actions[err]) { 434 case __NSW_CONTINUE : 435 break; 436 case __NSW_RETURN : 437 if (needfree) 438 (void) __nsw_freeconfig(conf); 439 (void) mutex_unlock(&serialize_netname_r); 440 return (res);
In a case the last else path is executed (lines 428 to 431), and look->actions[err] is __NSW_RETURN, we will return uninitialized res at line 440.
The very similar issue is also in __getpublickey_cached_g() and getsecretkey_g().
Issue 2
In clnt_vc_control() the ret might be used uninitialized:
880static bool_t 881clnt_vc_control(CLIENT *cl, int request, char *info) 882{ 883 bool_t ret; ... 901 case CLFLUSH: 902 if (ct->ct_io_mode == RPC_CL_NONBLOCKING) { 903 int res; 904 res = do_flush(ct, (info == NULL || 905 /* LINTED pointer cast */ 906 *(int *)info == RPC_CL_DEFAULT_FLUSH)? 907 /* LINTED pointer cast */ 908 ct->ct_blocking_mode: *(int *)info); 909 ret = (0 == res); 910 } 911 rpc_fd_unlock(vctbl, ct->ct_fd); 912 return (ret);
If ct->ct_io_mode is not RPC_CL_NONBLOCKING, the uninitialized ret will be returned at line 912.
Issue 3
In _tx_sndvudata() the dataptr might be used uninitialized:
48int 49_tx_sndvudata(int fd, const struct t_unitdata *unitdata, struct t_iovec *tiov, 50 unsigned int tiovcount, int api_semantics) 51{ 52 struct T_unitdata_req *udreq; 53 struct strbuf ctlbuf; 54 struct strbuf databuf; 55 int size; 56 struct _ti_user *tiptr; 57 int sv_errno; 58 int didalloc; 59 char *dataptr; ... 124 if (_t_aligned_copy(&ctlbuf, unitdata->addr.len, size, 125 unitdata->addr.buf, &udreq->DEST_offset) < 0) { 126 /* 127 * Aligned copy based will overflow buffer 128 * allocated based on maximum transport address 129 * size information 130 */ 131 t_errno = TSYSERR; 132 errno = EPROTO; 133 goto err_out; 134 } ... 160 dataptr = NULL; ... 199err_out: 200 sv_errno = errno; 201 if (didalloc) 202 free(ctlbuf.buf); 203 else 204 tiptr->ti_ctlbuf = ctlbuf.buf; 205 if (dataptr != NULL) 206 free(dataptr);
In a case the goto at line 133 is executed, we will use uninitialized dataptr at lines 205 and 206.
Issue 4
Uninitialized getby_flag in _getexecprof():
158execstr_t * 159_getexecprof(char *name, 160 char *type, 161 char *id, 162 int search_flag, 163 execstr_t *result, 164 char *buffer, 165 int buflen, 166 int *errnop) 167{ 168 int getby_flag; ... 192 if ((name != NULL) && (id != NULL)) { 193 getby_flag = NSS_DBOP_EXECATTR_BYNAMEID; 194 } else if (name != NULL) { 195 getby_flag = NSS_DBOP_EXECATTR_BYNAME; 196 } else if (id != NULL) { 197 getby_flag = NSS_DBOP_EXECATTR_BYID; 198 } 199 200 arg.key.attrp = &(_priv_exec); 201 202 switch (getby_flag) {
In a case both name and id are NULL, the getby_flag at line 202 will be used uninitialized.
Updated by Marcel Telka about 8 years ago
- Status changed from In Progress to Pending RTI
Updated by Electric Monk about 8 years ago
- Status changed from Pending RTI to Closed
- % Done changed from 0 to 100
git commit d00075c72fe6e0468054c64c53d70554c1d1cb02
commit d00075c72fe6e0468054c64c53d70554c1d1cb02 Author: Marcel Telka <marcel.telka@nexenta.com> Date: 2014-05-21T20:53:41.000Z 4867 Uninitialized variables in libnsl Reviewed by: Josef 'Jeff' Sipek <josef.sipek@nexenta.com> Approved by: Dan McDonald <danmcd@omniti.com>