[PATCH] Fix various uninitalized variable values. See CWE-457 for info.
Joshua Rogers
git at internot.info
Fri Jan 23 16:41:43 CET 2015
* common/iobuf.c: Fix uninitalized variable(s)
* g10/textfilter.c: Fix uninitalized variable(s)
* sm/keydb.c: Fix uninitalized variables(s)
--
All of these may be used before they are set(or in some cases
they are not set ever, and assumed to be 0/null)
Please note: There are 3 more:
/g10/keyring.c:
1011 byte afp[MAX_FINGERPRINT_LEN];
/g10/keygen.c:
305 byte sym[MAX_PREFS], hash[MAX_PREFS], zip[MAX_PREFS];
/g10/keylist.c:
770 char buf[(MAX_FINGERPRINT_LEN * 2) + 90];
But I do not know how to initialize them.
Signed-off-by: Joshua Rogers <git at internot.info>
---
common/iobuf.c | 2 +-
g10/textfilter.c | 2 +-
sm/keydb.c | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/common/iobuf.c b/common/iobuf.c
index badbf78..3b13483 100644
--- a/common/iobuf.c
+++ b/common/iobuf.c
@@ -1476,7 +1476,7 @@ iobuf_openrw (const char *fname)
iobuf_t a;
gnupg_fd_t fp;
file_filter_ctx_t *fcx;
- size_t len;
+ size_t len = 0;
if (!fname)
return NULL;
diff --git a/g10/textfilter.c b/g10/textfilter.c
index 394d9c3..c6c4eec 100644
--- a/g10/textfilter.c
+++ b/g10/textfilter.c
@@ -165,7 +165,7 @@ copy_clearsig_text( IOBUF out, IOBUF inp, gcry_md_hd_t md,
{
unsigned int maxlen;
byte *buffer = NULL; /* malloced buffer */
- unsigned int bufsize; /* and size of this buffer */
+ unsigned int bufsize = 0; /* and size of this buffer */
unsigned int n;
int truncated = 0;
int pending_lf = 0;
diff --git a/sm/keydb.c b/sm/keydb.c
index 974625d..7bbbbec 100644
--- a/sm/keydb.c
+++ b/sm/keydb.c
@@ -958,7 +958,7 @@ int
keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc)
{
int rc = -1;
- unsigned long skipped;
+ unsigned long skipped = 0;
if (!hd)
return gpg_error (GPG_ERR_INV_VALUE);
--
1.9.1
More information about the Gnupg-devel
mailing list