On Wed, Oct 02, 2019 at 03:41:06PM -0300, Alexandre Hamada wrote: > Hi Tech, > > I've found a missing initialization at ip.c (rpki-client project), and I > would like to share this patch with the repository maintainer. > > Kind regards, > Alexandre Hamada
Thanks for this patch. The memset() of addr makes sense and I will commit this part tomorrow if nobody else does it before me. I will skip the first hunk checking the addr argument for NULL. The right use of this function is to pass a valid pointer to a struct ip_addr. There is no need to check for one particular case of misuse here. Let the program crash if one of the callers is doing it wrong and the person introducing the bug will find it quickly. Currently all callers are safe. > https://patch-diff.githubusercontent.com/raw/kristapsdz/rpki-client/pull/8.patch > > From e74a5c02fbab9172dd856fc7214be42ef1dc6b65 Mon Sep 17 00:00:00 2001 > From: dev-gto <43351700+dev-...@users.noreply.github.com> > Date: Wed, 2 Oct 2019 15:34:28 -0300 > Subject: [PATCH] Fix non-initialized addr > > Running test-roa several times on the same .roa containing /24 ipV4 block > gives different output in the last octet. > --- > ip.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/ip.c b/ip.c > index 8587c42..968a474 100644 > --- a/ip.c > +++ b/ip.c > @@ -205,6 +205,9 @@ ip_addr_parse(const ASN1_BIT_STRING *p, > warnx("%s: RFC 3779 section 2.2.3.8: " > "unused bit count must be zero if length is zero", fn); > return 0; > + } else if (addr == NULL) { > + warnx("%s: Invalid param addr", fn); > + return 0; > } > /* > @@ -229,6 +232,7 @@ ip_addr_parse(const ASN1_BIT_STRING *p, > return 0; > } > + memset (addr, 0, sizeof(struct ip_addr)); > addr->prefixlen = p->length * 8 - unused; > memcpy(addr->addr, p->data, p->length); > return 1; > > -- :wq Claudio
