Re: [ovs-dev] [PATCH v10 2/8] lib, ovs-vsctl: Add zero-initializations

Tue, 23 May 2023 09:20:13 -0700 

On Wed, May 03, 2023 at 02:30:27AM +0800, James Raphael Tiovalen wrote:
> This commit adds zero-initializations by changing `SFL_ALLOC` from
> `malloc` to `xzalloc`, adding a `memset` call to `sflAlloc`,
> initializing a `pollfd` struct variable with zeroes, and changing some
> calls to `xmalloc` to `xzalloc`. This is to prevent potential data leaks
> or undefined behavior from potentially uninitialized variables.
> 
> Some variables would always be initialized by either the code flow or
> the compiler. Thus, some of the associated Coverity reports might be
> false positives. That said, it is still considered best practice to
> zero-initialize variables upfront just in case to ensure the overall
> resilience and security of OVS, as long as they do not impact
> performance-critical code. As a bonus, it would also make static
> analyzer tools, such as Coverity, happy.
> 
> Signed-off-by: James Raphael Tiovalen <jamestio...@gmail.com>
> ---
>  lib/latch-unix.c      |  2 +-
>  lib/sflow_agent.c     | 11 +++++++++--
>  lib/sflow_api.h       |  2 +-
>  utilities/ovs-vsctl.c |  5 ++---
>  4 files changed, 13 insertions(+), 7 deletions(-)
> 
> diff --git a/lib/latch-unix.c b/lib/latch-unix.c
> index f4d10c39a..c62bb024b 100644
> --- a/lib/latch-unix.c
> +++ b/lib/latch-unix.c
> @@ -71,7 +71,7 @@ latch_set(struct latch *latch)
>  bool
>  latch_is_set(const struct latch *latch)
>  {
> -    struct pollfd pfd;
> +    struct pollfd pfd = {0};
>      int retval;
>  
>      pfd.fd = latch->fds[0];
> diff --git a/lib/sflow_agent.c b/lib/sflow_agent.c
> index c95f654a5..162e3c3f4 100644
> --- a/lib/sflow_agent.c
> +++ b/lib/sflow_agent.c
> @@ -510,8 +510,15 @@ void sfl_agent_sysError(SFLAgent *agent, char *modName, 
> char *msg)
>  
>  static void * sflAlloc(SFLAgent *agent, size_t bytes)
>  {
> -    if(agent->allocFn) return (*agent->allocFn)(agent->magic, agent, bytes);
> -    else return SFL_ALLOC(bytes);
> +    void *alloc;
> +    if (agent->allocFn) {
> +        alloc = (*agent->allocFn)(agent->magic, agent, bytes);
> +        memset(alloc, 0, bytes);
> +    } else {
> +        alloc = SFL_ALLOC(bytes);
> +    }
> +    ovs_assert(alloc);
> +    return alloc;
>  }

On question about this.

memset() is passed alloc before the call to ovs_assert().
>From the POV of the safety you are implementing, is that ok?
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Reply via email to