In parse_conntrack_action(), the ct_nat_params struct is declared
without initialization. The snat and dnat fields are only set when
the user explicitly specifies "src" or "dst" in the NAT configuration.
However, the validation checks that both both snat and dnat are not
simultaneously true, which will read these fields regardless of user
input.
Initialize snat and dnat to false at declaration to ensure these fields
have defined values before any reads occur.
Found with clang analyze.
Fixes: 9ac0aadab9f9 ("conntrack: Add support for NAT.")
Signed-off-by: Mike Pattrick <[email protected]>
---
lib/odp-util.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/lib/odp-util.c b/lib/odp-util.c
index 809fdb5fd..34c1edc71 100644
--- a/lib/odp-util.c
+++ b/lib/odp-util.c
@@ -2217,7 +2217,10 @@ parse_conntrack_action(const char *s_, struct ofpbuf
*actions)
ovs_u128 value;
ovs_u128 mask;
} ct_label;
- struct ct_nat_params nat_params;
+ struct ct_nat_params nat_params = {
+ .snat = false,
+ .dnat = false,
+ };
bool have_nat = false;
const char *end;
size_t start;
--
2.53.0
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
