if_ovpn.c: fix use of uninitialized variable
ClosedPublic
Actions

Authored by arichardson on Sep 15 2025, 4:31 AM.

Details

Reviewers

Commits

rG969be39fb3ca: if_ovpn.c: fix use of uninitialized variable

Summary

In case we use OVPN_CIPHER_ALG_NONE, the memcpy will attempt to copy 0
bytes from an uninitialized pointer. While the memcpy() implementation
will treat this as a no-op and not actually dereferece the undefined
variable it is still undefined behaviour to the compiler and should be
fixed. Found by building with clang HEAD

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

arichardson created this revision.Sep 15 2025, 4:31 AM

Herald added subscribers: glebius, melifaro, ae, imp. · View Herald TranscriptSep 15 2025, 4:31 AM

arichardson requested review of this revision.Sep 15 2025, 4:31 AM

Harbormaster completed remote builds in B67035: Diff 162041.Sep 15 2025, 4:31 AM

kp accepted this revision.Sep 15 2025, 6:26 AM

This revision is now accepted and ready to land.Sep 15 2025, 6:26 AM

Closed by commit rG969be39fb3ca: if_ovpn.c: fix use of uninitialized variable (authored by arichardson). · Explain WhySep 15 2025, 10:10 PM

This revision was automatically updated to reflect the committed changes.

arichardson added a commit: rG969be39fb3ca: if_ovpn.c: fix use of uninitialized variable.

jrtc27 added a subscriber: jrtc27.Sep 15 2025, 10:16 PM

jrtc27 added inline comments.

sys/net/if_ovpn.c
908	I don't understand this code. Where does kdir->key come from? Isn't it NULL from the malloc(M_ZERO) above? How is this not a NULL dereference is cipher isn't OVPN_CIPHER_ALG_NONE?