From nobody@FreeBSD.org  Fri Jun 12 07:45:55 2009
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3251B106566B
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 12 Jun 2009 07:45:55 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 048A58FC0C
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 12 Jun 2009 07:45:55 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id n5C7jsnA020720
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 12 Jun 2009 07:45:54 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id n5C7jsUG020719;
	Fri, 12 Jun 2009 07:45:54 GMT
	(envelope-from nobody)
Message-Id: <200906120745.n5C7jsUG020719@www.freebsd.org>
Date: Fri, 12 Jun 2009 07:45:54 GMT
From: Henning Petersen <henning.petersen@t-online.de>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Use of sizeof in dhclinet.c.
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         135494
>Category:       bin
>Synopsis:       Use of sizeof in dhclinet.c.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jun 12 07:50:00 UTC 2009
>Closed-Date:    Fri Jun 12 09:47:23 UTC 2009
>Last-Modified:  Fri Jun 12 09:47:23 UTC 2009
>Originator:     Henning Petersen
>Release:        FreeBSD-current
>Organization:
none
>Environment:
>Description:
Use of sizeof(options) in dhclient.c .
>How-To-Repeat:

>Fix:
RCS file: /home/ncvs/src/sbin/dhclient/dhclient.c,v
retrieving revision 1.25
diff -u -r1.25 dhclient.c
--- dhclient.c	17 Oct 2008 13:28:53 -0000	1.25
+++ dhclient.c	12 Jun 2009 07:26:25 -0000
@@ -1433,7 +1433,7 @@
 	int i;
 
 	memset(option_elements, 0, sizeof(option_elements));
-	memset(options, 0, sizeof(options));
+	memset(options, 0, sizeof(*options));
 	memset(&ip->client->packet, 0, sizeof(ip->client->packet));
 
 	/* Set DHCP_MESSAGE_TYPE to DHCPDISCOVER */
@@ -1546,7 +1546,7 @@
 	struct tree_cache option_elements[256];
 	int i;
 
-	memset(options, 0, sizeof(options));
+	memset(options, 0, sizeof(*options));
 	memset(&ip->client->packet, 0, sizeof(ip->client->packet));
 
 	/* Set DHCP_MESSAGE_TYPE to DHCPREQUEST */
@@ -1681,7 +1681,7 @@
 	unsigned char decline = DHCPDECLINE;
 	int i;
 
-	memset(options, 0, sizeof(options));
+	memset(options, 0, sizeof(*options));
 	memset(&ip->client->packet, 0, sizeof(ip->client->packet));
 
 	/* Set DHCP_MESSAGE_TYPE to DHCPDECLINE */


Patch attached with submission follows:

RCS file: /home/ncvs/src/sbin/dhclient/dhclient.c,v
retrieving revision 1.25
diff -u -r1.25 dhclient.c
--- dhclient.c	17 Oct 2008 13:28:53 -0000	1.25
+++ dhclient.c	12 Jun 2009 07:26:25 -0000
@@ -1433,7 +1433,7 @@
 	int i;
 
 	memset(option_elements, 0, sizeof(option_elements));
-	memset(options, 0, sizeof(options));
+	memset(options, 0, sizeof(*options));
 	memset(&ip->client->packet, 0, sizeof(ip->client->packet));
 
 	/* Set DHCP_MESSAGE_TYPE to DHCPDISCOVER */
@@ -1546,7 +1546,7 @@
 	struct tree_cache option_elements[256];
 	int i;
 
-	memset(options, 0, sizeof(options));
+	memset(options, 0, sizeof(*options));
 	memset(&ip->client->packet, 0, sizeof(ip->client->packet));
 
 	/* Set DHCP_MESSAGE_TYPE to DHCPREQUEST */
@@ -1681,7 +1681,7 @@
 	unsigned char decline = DHCPDECLINE;
 	int i;
 
-	memset(options, 0, sizeof(options));
+	memset(options, 0, sizeof(*options));
 	memset(&ip->client->packet, 0, sizeof(ip->client->packet));
 
 	/* Set DHCP_MESSAGE_TYPE to DHCPDECLINE */


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: brian 
State-Changed-When: Fri Jun 12 09:43:16 UTC 2009 
State-Changed-Why:  
The suggested patch is not correct.  The options variable 
is an array of 256 tree_cache pointers and the code wants to 
set all pointers to NULL.  The proposed change would just 
set the first pointer to NULL. 

To demonstrate: 

#include <stdio.h> 
#include <string.h> 

struct tree_cache { 
int x; 
int y; 
}; 

int 
main() 
{ 
struct tree_cache *options[256]; 
int f; 

for (f = 0; f < 256; f++) 
options[f] = (struct tree_cache *)123; 

printf("Zeroing %u bytesn", sizeof options); 
memset(options, 0, sizeof options); 
for (f = 0; f < 256; f++) 
if (options[f] != NULL) 
printf("Oops, %d is wrongn", f); 

return 0; 
} 


http://www.freebsd.org/cgi/query-pr.cgi?pr=135494 
>Unformatted:
