[ovs-dev] [patch v4] conntrack: Fix possibly uninitialized memory.
Darrell Ball
dlu998 at gmail.com
Tue Feb 5 00:02:15 UTC 2019
There are a few cases where struct 'conn_key' padding may be unspecified
according to the C standard. Practically, it seems implementations don't
have issue, but it is better to be safe. The code paths modified are not
hot ones. Fix this by doing a memcpy in these cases in lieu of a
structure copy.
Found by inspection.
Signed-off-by: Darrell Ball <dlu998 at gmail.com>
---
v4: Use memcpy as safest option (Thanks Ben) in lieu of memset zero and
structure copy; reinstate a couple lines carelessly removed
(Thanks Aaron).
v3: Removed an unnecessary change and limited scope of 2 others.
v2: Found another one; will double check for others later.
lib/conntrack.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/lib/conntrack.c b/lib/conntrack.c
index e1f4041..7a03009 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -748,7 +748,7 @@ conn_lookup(struct conntrack *ct, const struct conn_key *key, long long now)
{
struct conn_lookup_ctx ctx;
ctx.conn = NULL;
- ctx.key = *key;
+ memcpy(&ctx.key, key, sizeof ctx.key);
ctx.hash = conn_key_hash(key, ct->hash_basis);
unsigned bucket = hash_to_bucket(ctx.hash);
conn_key_lookup(&ct->buckets[bucket], &ctx, now);
@@ -905,7 +905,7 @@ conn_not_found(struct conntrack *ct, struct dp_packet *pkt,
nc->rev_key.src.addr = alg_exp->alg_nat_repl_addr;
nc->nat_info->nat_action = NAT_ACTION_DST;
}
- *conn_for_un_nat_copy = *nc;
+ memcpy(conn_for_un_nat_copy, nc, sizeof *conn_for_un_nat_copy);
ct_rwlock_wrlock(&ct->resources_lock);
bool new_insert = nat_conn_keys_insert(&ct->nat_conn_keys,
conn_for_un_nat_copy,
@@ -919,7 +919,7 @@ conn_not_found(struct conntrack *ct, struct dp_packet *pkt,
free(log_msg);
}
} else {
- *conn_for_un_nat_copy = *nc;
+ memcpy(conn_for_un_nat_copy, nc, sizeof *conn_for_un_nat_copy);
ct_rwlock_wrlock(&ct->resources_lock);
bool nat_res = nat_select_range_tuple(ct, nc,
conn_for_un_nat_copy);
@@ -1262,7 +1262,7 @@ process_one(struct conntrack *ct, struct dp_packet *pkt,
ct->hash_basis,
alg_src_ip_wc(ct_alg_ctl));
if (alg_exp) {
- alg_exp_entry = *alg_exp;
+ memcpy(&alg_exp_entry, alg_exp, sizeof alg_exp_entry);
alg_exp = &alg_exp_entry;
}
ct_rwlock_unlock(&ct->resources_lock);
@@ -2614,7 +2614,8 @@ static struct alg_exp_node *
expectation_lookup(struct hmap *alg_expectations, const struct conn_key *key,
uint32_t basis, bool src_ip_wc)
{
- struct conn_key check_key = *key;
+ struct conn_key check_key;
+ memcpy(&check_key, key, sizeof check_key);
check_key.src.port = ALG_WC_SRC_PORT;
if (src_ip_wc) {
--
1.9.1
More information about the dev
mailing list