about summary refs log tree commit diff
diff options
context:
space:
mode:
authorSiddhesh Poyarekar <siddhesh@redhat.com>2014-04-30 12:00:39 +0530
committerSiddhesh Poyarekar <siddhesh@redhat.com>2014-04-30 12:00:39 +0530
commitbc8f194c8c29e46e8ee4034f06e46988dfff38f7 (patch)
treefce0fda2012a3d78d9557afc4a4f5bbe5fa9ee4c
parent1cdeb2372ddecac0dfe0c132a033e9590ffa07d2 (diff)
downloadglibc-bc8f194c8c29e46e8ee4034f06e46988dfff38f7.tar.gz
glibc-bc8f194c8c29e46e8ee4034f06e46988dfff38f7.tar.xz
glibc-bc8f194c8c29e46e8ee4034f06e46988dfff38f7.zip
Initialize all of datahead structure in nscd (BZ #16791)
The datahead structure has an unused padding field that remains
uninitialized.  Valgrind prints out a warning for it on querying a
netgroups entry.  This is harmless, but is a potential data leak since
it would result in writing out an uninitialized byte to the cache
file.  Besides, this happens only when there is a cache miss, so we're
not adding computation to any fast path.
-rw-r--r--ChangeLog6
-rw-r--r--NEWS2
-rw-r--r--nscd/nscd-client.h20
3 files changed, 23 insertions, 5 deletions
diff --git a/ChangeLog b/ChangeLog
index 942fb801e1..2b0821fd27 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
 2014-04-30  Siddhesh Poyarekar  <siddhesh@redhat.com>
 
+	[BZ #16791]
+	* nscd/nscd-client.h (datahead_init_common): Initialize entire
+	structure.
+	(datahead_init_pos): Call datahead_init_common early.
+	(datahead_init_neg): Likewise.
+
 	* nscd/nscd-client.h (datahead_init_common, datahead_init_pos,
 	datahead_init_neg): New functions.
 	* nscd/aicache.c (addhstaiX): Use them.
diff --git a/NEWS b/NEWS
index 10d2626088..953f5ee253 100644
--- a/NEWS
+++ b/NEWS
@@ -15,7 +15,7 @@ Version 2.20
   16632, 16634, 16639, 16642, 16648, 16649, 16670, 16674, 16677, 16680,
   16683, 16689, 16695, 16701, 16706, 16707, 16712, 16713, 16714, 16731,
   16739, 16740, 16743, 16754, 16758, 16759, 16760, 16770, 16786, 16789,
-  16799, 16800, 16815, 16823, 16824, 16831, 16838, 16854.
+  16791, 16799, 16800, 16815, 16823, 16824, 16831, 16838, 16854.
 
 * Running the testsuite no longer terminates as soon as a test fails.
   Instead, a file tests.sum (xtests.sum from "make xcheck") is generated,
diff --git a/nscd/nscd-client.h b/nscd/nscd-client.h
index c069bf6810..ee16df6083 100644
--- a/nscd/nscd-client.h
+++ b/nscd/nscd-client.h
@@ -240,12 +240,17 @@ static inline time_t
 datahead_init_common (struct datahead *head, nscd_ssize_t allocsize,
 		      nscd_ssize_t recsize, uint32_t ttl)
 {
+  /* Initialize so that we don't write out junk in uninitialized data to the
+     cache.  */
+  memset (head, 0, sizeof (*head));
+
   head->allocsize = allocsize;
   head->recsize = recsize;
   head->usable = true;
 
   head->ttl = ttl;
-  /* Compute the timeout time.  */
+
+  /* Compute and return the timeout time.  */
   return head->timeout = time (NULL) + ttl;
 }
 
@@ -253,18 +258,25 @@ static inline time_t
 datahead_init_pos (struct datahead *head, nscd_ssize_t allocsize,
 		   nscd_ssize_t recsize, uint8_t nreloads, uint32_t ttl)
 {
+  time_t ret = datahead_init_common (head, allocsize, recsize, ttl);
+
   head->notfound = false;
   head->nreloads = nreloads;
-  return datahead_init_common (head, allocsize, recsize, ttl);
+
+  return ret;
 }
 
 static inline time_t
 datahead_init_neg (struct datahead *head, nscd_ssize_t allocsize,
 		   nscd_ssize_t recsize, uint32_t ttl)
 {
+  time_t ret = datahead_init_common (head, allocsize, recsize, ttl);
+
+  /* We don't need to touch nreloads here since it is set to our desired value
+     (0) when we clear the structure.  */
   head->notfound = true;
-  head->nreloads = 0;
-  return datahead_init_common (head, allocsize, recsize, ttl);
+
+  return ret;
 }
 
 /* Structure for one hash table entry.  */