Page MenuHomeFreeBSD

if_ovpn.c: fix use of uninitialized variable
ClosedPublic

Authored by arichardson on Sep 15 2025, 4:31 AM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Oct 12, 9:51 AM
Unknown Object (File)
Sun, Oct 12, 9:50 AM
Unknown Object (File)
Sun, Oct 12, 9:50 AM
Unknown Object (File)
Sat, Oct 11, 10:58 PM
Unknown Object (File)
Mon, Oct 6, 4:14 AM
Unknown Object (File)
Fri, Oct 3, 4:45 PM
Unknown Object (File)
Thu, Oct 2, 12:55 AM
Unknown Object (File)
Wed, Oct 1, 9:28 AM

Details

Summary

In case we use OVPN_CIPHER_ALG_NONE, the memcpy will attempt to copy 0
bytes from an uninitialized pointer. While the memcpy() implementation
will treat this as a no-op and not actually dereferece the undefined
variable it is still undefined behaviour to the compiler and should be
fixed. Found by building with clang HEAD

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

This revision is now accepted and ready to land.Sep 15 2025, 6:26 AM
jrtc27 added inline comments.
sys/net/if_ovpn.c
908

I don't understand this code. Where does kdir->key come from? Isn't it NULL from the malloc(M_ZERO) above? How is this not a NULL dereference is cipher *isn't* OVPN_CIPHER_ALG_NONE?

sys/net/if_ovpn.c
908

I didn't even notice this! No idea how this is supposed to work?

sys/net/if_ovpn.c
908

Aha it's an array inside a struct so it's decaying here.