Re: [PATCH] use of uninitialized variable fds in main_noinetd()
You may want to see if DROPBEAR_FD_ZERO() is a more appropriate macro to
use in this instance (see dbutil.h::93).
Regards,
Claude Bing
On 11/29/19 2:02 PM, Timur R. Mustafin wrote:
> Hi.
>
> I started dropbear application on our e2k platform in specific
> "protected mode". Particulary it cheks in runtime for use of
> uninitialized variables. So it finds such case in file svr-main.c with
> variable fds in main_noinetd(). Patch is very small:
>
> diff -ruN dropbear-2019.78.orig/svr-main.c dropbear-2019.78/svr-main.c
> --- dropbear-2019.78.orig/svr-main.c 2019-03-27 17:15:23.0 +0300
> +++ dropbear-2019.78/svr-main.c 2019-11-13 19:40:36.688398257 +0300
> @@ -143,7 +143,9 @@
> {
> dropbear_exit("No listening ports available.");
> }
>
> + /* Initialize fds by zeroes before use */
> + FD_ZERO();
> for (i = 0; i < listensockcount; i++) {
> FD_SET(listensocks[i], );
> }
>
Fix build issue with svr-chansession.c
When building dropbear with the following configuration options, a
compilation error occurs. Note that the most important option in
localoptions.h is DROPBEAR_SVR_PUBKEY_AUTH = 0.
---
localoptions.h:
#define INETD_MODE 0
#define DROPBEAR_X11FWD 0
#define DROPBEAR_CLI_LOCALTCPFWD 0
#define DROPBEAR_CLI_REMOTETCPFWD 0
#define DROPBEAR_SVR_LOCALTCPFWD 0
#define DROPBEAR_SVR_REMOTETCPFWD 0
#define DROPBEAR_SVR_AGENTFWD 0
#define DROPBEAR_CLI_AGENTFWD 0
#define DROPBEAR_CLI_PROXYCMD 0
#define DROPBEAR_CLI_NETCAT 0
#define DROPBEAR_USER_ALGO_LIST 0
#define DROPBEAR_SVR_PUBKEY_AUTH 0
#define MAX_AUTH_TRIES 5
#define DROPBEAR_SFTPSERVER 0
---
Build output:
svr-chansession.c: In function ‘sessioncommand’:
svr-chansession.c:682: error: ‘struct ChanSess’ has no member named
‘original_command’
---
This is fixed with the attached patch, which adds a missing #if...#endif.
--
Regards,
Claude Bing
--- svr-chansession.c.orig 2018-12-26 12:35:30.838027183 -0500
+++ svr-chansession.c 2018-12-26 12:34:32.194026255 -0500
@@ -679,7 +679,9 @@
/* take global command into account */
if (svr_opts.forced_command) {
+#if DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT
chansess->original_command = chansess->cmd ? : m_strdup("");
+#endif
chansess->cmd = m_strdup(svr_opts.forced_command);
} else {
/* take public key option 'command' into account */
