In case we use OVPN_CIPHER_ALG_NONE, the memcpy will attempt to copy 0
bytes from an uninitialized pointer. While the memcpy() implementation
will treat this as a no-op and not actually dereferece the undefined
variable it is still undefined behaviour to the compiler and should be
fixed. Found by building with clang HEAD
Details
Details
- Reviewers
kp - Commits
- rG969be39fb3ca: if_ovpn.c: fix use of uninitialized variable
Diff Detail
Diff Detail
- Repository
- rG FreeBSD src repository
- Lint
Lint Not Applicable - Unit
Tests Not Applicable
Event Timeline
sys/net/if_ovpn.c | ||
---|---|---|
908 | I don't understand this code. Where does kdir->key come from? Isn't it NULL from the malloc(M_ZERO) above? How is this not a NULL dereference is cipher *isn't* OVPN_CIPHER_ALG_NONE? |
sys/net/if_ovpn.c | ||
---|---|---|
908 | I didn't even notice this! No idea how this is supposed to work? |
sys/net/if_ovpn.c | ||
---|---|---|
908 | Aha it's an array inside a struct so it's decaying here. |