From nobody@FreeBSD.org  Thu Mar 29 08:53:55 2012
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7E5C8106566C
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 29 Mar 2012 08:53:55 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 6A1708FC1A
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 29 Mar 2012 08:53:55 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id q2T8rsM2062469
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 29 Mar 2012 08:53:54 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id q2T8rsQc062455;
	Thu, 29 Mar 2012 08:53:54 GMT
	(envelope-from nobody)
Message-Id: <201203290853.q2T8rsQc062455@red.freebsd.org>
Date: Thu, 29 Mar 2012 08:53:54 GMT
From: Roy Marples <roy@marples.name>
To: freebsd-gnats-submit@FreeBSD.org
Subject: if_nametoindex sends un-initialized bytes to ioctl
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         166483
>Category:       bin
>Synopsis:       if_nametoindex sends un-initialized bytes to ioctl
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    eadler
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Mar 29 09:00:22 UTC 2012
>Closed-Date:    Mon Feb 04 00:28:16 UTC 2013
>Last-Modified:  Mon Feb 04 00:28:16 UTC 2013
>Originator:     Roy Marples
>Release:        7.1
>Organization:
>Environment:
[roy@uberlaptop /usr/home/roy]$ uname -a
FreeBSD uberlaptop 7.1-RELEASE-p2 FreeBSD 7.1-RELEASE-p2 #3: Mon Feb  9 17:12:55 GMT 2009     root@uberlaptop:/usr/obj/usr/src/sys/GENERIC  i386

>Description:
if_nametoindex(3) sends un-initialized bytes to ioctl

I found this when I was fixing BSD specific memory issues with dhcpcd.
With the below patch to libc applied, dhcpcd-5.5.6 runs flawlessly without any errors reported by Valgrind.
>How-To-Repeat:

>Fix:



Patch attached with submission follows:

--- if_nametoindex.c.orig	2012-03-28 20:14:38.000000000 +0100
+++ if_nametoindex.c	2012-03-28 20:15:20.000000000 +0100
@@ -70,6 +70,7 @@
 
 	s = _socket(AF_INET, SOCK_DGRAM, 0);
 	if (s != -1) {
+		memset(&ifr, 0, sizeof(ifr));
 		strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
 		if (_ioctl(s, SIOCGIFINDEX, &ifr) != -1) {
 			_close(s);


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->eadler 
Responsible-Changed-By: eadler 
Responsible-Changed-When: Thu Mar 29 13:09:47 UTC 2012 
Responsible-Changed-Why:  
I'll take it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=166483 
State-Changed-From-To: open->analyzed 
State-Changed-By: eadler 
State-Changed-When: Thu Mar 29 23:52:14 UTC 2012 
State-Changed-Why:  
awaiting review 

http://www.freebsd.org/cgi/query-pr.cgi?pr=166483 

From: Gleb Smirnoff <glebius@FreeBSD.org>
To: d@delphij.net
Cc: eadler@FreeBSD.org, freebsd-bugs@FreeBSD.org, bug-followup@FreeBSD.org
Subject: Re: bin/166483: if_nametoindex sends un-initialized bytes to ioctl
Date: Fri, 30 Mar 2012 14:26:40 +0400

 On Thu, Mar 29, 2012 at 03:52:23PM -0700, Xin Li wrote:
 X> I think we would probably want to put the proposed change under #ifdef
 X> PURIFY -- the initialization is not necessary since the uninitialized
 X> part is never touched for the whole codepath.
 
 The function isn't performance important, so I think we can put bzero()
 here w/o any defines.
 
 More and more people are using valgrind, we'd better have a libc that
 valgrind won't whine at, otherwise we would have more noise on mailing
 lists.
 
 -- 
 Totus tuus, Glebius.

From: Xin Li <delphij@delphij.net>
To: Gleb Smirnoff <glebius@FreeBSD.org>
Cc: d@delphij.net, Hajimu UMEMOTO <ume@freebsd.org>, eadler@FreeBSD.org, 
 bug-followup@FreeBSD.org
Subject: Re: bin/166483: if_nametoindex sends un-initialized bytes to ioctl
Date: Fri, 30 Mar 2012 12:40:32 -0700

 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA256
 
 On 03/30/12 03:26, Gleb Smirnoff wrote:
 > On Thu, Mar 29, 2012 at 03:52:23PM -0700, Xin Li wrote: X> I think
 > we would probably want to put the proposed change under #ifdef X>
 > PURIFY -- the initialization is not necessary since the
 > uninitialized X> part is never touched for the whole codepath.
 > 
 > The function isn't performance important, so I think we can put
 > bzero() here w/o any defines.
 > 
 > More and more people are using valgrind, we'd better have a libc
 > that valgrind won't whine at, otherwise we would have more noise on
 > mailing lists.
 
 Alright, sounds reasonable (I still prefer to have an option to
 compile these memset's out, even they are on by default but I don't
 insist on this because you're right that it's not a performance
 critical code path).
 
 By the way, while we (added Umeto-san here) are here, I have some
 question wrt surrounding code, like this (lib/libc/net/getaddrinfo.c):
 
                 /* XXX: interface name should not be hardcoded */
            -->  strncpy(ifr6.ifr_name, "lo0", sizeof(ifr6.ifr_name));
                 memset(&ifr6, 0, sizeof(ifr6));
 
 Am I understanding correctly that this strncpy() useless and can be
 removed altogether with the comment?  (also there is a same code snip
 in name6.c)
 
 I therefore propose the following change:
 
 Index: lib/libc/net/getaddrinfo.c
 ===================================================================
 - --- lib/libc/net/getaddrinfo.c	(revision 233703)
 +++ lib/libc/net/getaddrinfo.c	(working copy)
 @@ -847,8 +847,6 @@ set_source(struct ai_order *aio, struct policyhead
  		struct in6_ifreq ifr6;
  		u_int32_t flags6;
 
 - -		/* XXX: interface name should not be hardcoded */
 - -		strncpy(ifr6.ifr_name, "lo0", sizeof(ifr6.ifr_name));
  		memset(&ifr6, 0, sizeof(ifr6));
  		memcpy(&ifr6.ifr_addr, ai.ai_addr, ai.ai_addrlen);
  		if (_ioctl(s, SIOCGIFAFLAG_IN6, &ifr6) == 0) {
 Index: lib/libc/net/name6.c
 ===================================================================
 - --- lib/libc/net/name6.c	(revision 233703)
 +++ lib/libc/net/name6.c	(working copy)
 @@ -884,8 +884,6 @@ set_source(struct hp_order *aio, struct policyhead
  		struct in6_ifreq ifr6;
  		u_int32_t flags6;
 
 - -		/* XXX: interface name should not be hardcoded */
 - -		strncpy(ifr6.ifr_name, "lo0", sizeof(ifr6.ifr_name));
  		memset(&ifr6, 0, sizeof(ifr6));
  		memcpy(&ifr6.ifr_addr, &ss, ss.ss_len);
  		if (_ioctl(s, SIOCGIFAFLAG_IN6, &ifr6) == 0) {
 
 
 Cheers,
 - -- 
 Xin LI <delphij@delphij.net>	https://www.delphij.net/
 FreeBSD - The Power to Serve!		Live free or die
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.19 (FreeBSD)
 
 iQEcBAEBCAAGBQJPdgwvAAoJEG80Jeu8UPuzMWgIAIQ+UxolQNdzZj607C3LCb/o
 DKlXOhkupKQK2BE+yLHkJf9PKOjBF5v0lEhtY9ZIpCqi+xxBuY+N5sPfPNM6pH2s
 rU+5Gi0ogmJycvOnheJw+YT8q7AJvgjcdVLo/7wD48tW101UEb2F7GkerJc79II9
 w995U+rCG9emYSakxRCMQ6p+iBnMqueuxH5xQgrm2EZ6wY7Uc2LDuFQfl7ZAlQnF
 5TpuRVuC7DH3DbDC9D+LGz2lgNKXrrw1oiKe+/W98kyZ6NMa71JAcZSTF6TBUv4e
 WXoY2vTagmTpVC65mS+zIpFuwRqC6e8vIrFBk4Sn26uvL48xJB9et6m9LMqv4J8=
 =PLXY
 -----END PGP SIGNATURE-----

From: Hajimu UMEMOTO <ume@FreeBSD.org>
To: d@delphij.net
Cc: Gleb Smirnoff <glebius@FreeBSD.org>, Hajimu UMEMOTO <ume@FreeBSD.org>,
        eadler@FreeBSD.org, bug-followup@FreeBSD.org
Subject: Re: bin/166483: if_nametoindex sends un-initialized bytes to ioctl
Date: Sun, 01 Apr 2012 02:52:15 +0900

 Hi,
 
 >>>>> On Fri, 30 Mar 2012 12:40:32 -0700
 >>>>> Xin Li <delphij@delphij.net> said:
 
 delphij> By the way, while we (added Umeto-san here) are here, I have some
 delphij> question wrt surrounding code, like this (lib/libc/net/getaddrinfo.c):
 
 delphij>                 /* XXX: interface name should not be hardcoded */
 delphij>            -->  strncpy(ifr6.ifr_name, "lo0", sizeof(ifr6.ifr_name));
 delphij>                 memset(&ifr6, 0, sizeof(ifr6));
 
 delphij> Am I understanding correctly that this strncpy() useless and can be
 delphij> removed altogether with the comment?  (also there is a same code snip
 delphij> in name6.c)
 
 Yes, you are correct.
 Since SIOCGIFAFLAG_IN6 requires an ifname, it seems the existing code
 doesn't detect IN6_IFF_DEPRECATED, correctly. I guess that the
 deprecated hint is not working, now.
 In anyway, specifying "lo0" here is not correct, and it doesn't work
 for the addresses assigned to other than "lo0".
 So, you can just remove the lines, for now.
 
 delphij> I therefore propose the following change:
 
 delphij> Index: lib/libc/net/getaddrinfo.c
 delphij> ===================================================================
 delphij> - --- lib/libc/net/getaddrinfo.c	(revision 233703)
 delphij> +++ lib/libc/net/getaddrinfo.c	(working copy)
 delphij> @@ -847,8 +847,6 @@ set_source(struct ai_order *aio, struct policyhead
 delphij>  		struct in6_ifreq ifr6;
 delphij>  		u_int32_t flags6;
 
 delphij> - -		/* XXX: interface name should not be hardcoded */
 delphij> - -		strncpy(ifr6.ifr_name, "lo0", sizeof(ifr6.ifr_name));
 delphij>  		memset(&ifr6, 0, sizeof(ifr6));
 delphij>  		memcpy(&ifr6.ifr_addr, ai.ai_addr, ai.ai_addrlen);
 delphij>  		if (_ioctl(s, SIOCGIFAFLAG_IN6, &ifr6) == 0) {
 delphij> Index: lib/libc/net/name6.c
 delphij> ===================================================================
 delphij> - --- lib/libc/net/name6.c	(revision 233703)
 delphij> +++ lib/libc/net/name6.c	(working copy)
 delphij> @@ -884,8 +884,6 @@ set_source(struct hp_order *aio, struct policyhead
 delphij>  		struct in6_ifreq ifr6;
 delphij>  		u_int32_t flags6;
 
 delphij> - -		/* XXX: interface name should not be hardcoded */
 delphij> - -		strncpy(ifr6.ifr_name, "lo0", sizeof(ifr6.ifr_name));
 delphij>  		memset(&ifr6, 0, sizeof(ifr6));
 delphij>  		memcpy(&ifr6.ifr_addr, &ss, ss.ss_len);
 delphij>  		if (_ioctl(s, SIOCGIFAFLAG_IN6, &ifr6) == 0) {
 
 It seems good to me.
 
 Sincerely,
 
 --
 Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
 ume@mahoroba.org  ume@{,jp.}FreeBSD.org
 http://www.imasy.org/~ume/

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/166483: commit references a PR
Date: Sun, 15 Apr 2012 23:56:18 +0000 (UTC)

 Author: eadler
 Date: Sun Apr 15 23:56:03 2012
 New Revision: 234329
 URL: http://svn.freebsd.org/changeset/base/234329
 
 Log:
   When searching for uninitialized memory usage add ensure that the entire
   struct is set to zero.
   
   PR:		bin/166483
   Submitted by:	Roy Marples <roy@marples.name>
   Reviewed by:	delphij
   Approved by:	cperciva
   MFC after:	3 days
 
 Modified:
   head/lib/libc/net/if_nametoindex.c
 
 Modified: head/lib/libc/net/if_nametoindex.c
 ==============================================================================
 --- head/lib/libc/net/if_nametoindex.c	Sun Apr 15 23:50:13 2012	(r234328)
 +++ head/lib/libc/net/if_nametoindex.c	Sun Apr 15 23:56:03 2012	(r234329)
 @@ -70,6 +70,9 @@ if_nametoindex(const char *ifname)
  
  	s = _socket(AF_INET, SOCK_DGRAM, 0);
  	if (s != -1) {
 +#ifdef PURIFY
 +		memset(&ifr, 0, sizeof(ifr));
 +#endif
  		strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
  		if (_ioctl(s, SIOCGIFINDEX, &ifr) != -1) {
  			_close(s);
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: analyzed->patched 
State-Changed-By: eadler 
State-Changed-When: Mon Apr 16 00:07:43 UTC 2012 
State-Changed-Why:  
committed in r234329 

http://www.freebsd.org/cgi/query-pr.cgi?pr=166483 
State-Changed-From-To: patched->closed 
State-Changed-By: eadler 
State-Changed-When: Mon Feb 4 00:28:13 UTC 2013 
State-Changed-Why:  
Committed. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=166483 
>Unformatted:
