From dan@kulesh.obluda.cz  Sun Sep 12 14:15:47 2004
Return-Path: <dan@kulesh.obluda.cz>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9933B16A4CF
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 12 Sep 2004 14:15:47 +0000 (GMT)
Received: from kulesh.obluda.cz (kulesh.obluda.cz [193.179.22.243])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7447F43D31
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 12 Sep 2004 14:15:44 +0000 (GMT)
	(envelope-from dan@kulesh.obluda.cz)
Received: from kulesh.obluda.cz (localhost.eunet.cz [127.0.0.1])
	by kulesh.obluda.cz (8.13.1/8.13.1) with ESMTP id i8CEFfUL009718
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 12 Sep 2004 16:15:42 +0200 (CEST)
	(envelope-from dan@kulesh.obluda.cz)
Received: (from root@localhost)
	by kulesh.obluda.cz (8.13.1/8.13.1/Submit) id i8CEFffA009717;
	Sun, 12 Sep 2004 16:15:41 +0200 (CEST)
	(envelope-from dan)
Message-Id: <200409121415.i8CEFffA009717@kulesh.obluda.cz>
Date: Sun, 12 Sep 2004 16:15:41 +0200 (CEST)
From: Dan Lukes <dan@obluda.cz>
Reply-To: Dan Lukes <dan@obluda.cz>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [PATCH] cron may attept to close unopened file
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         71651
>Category:       bin
>Synopsis:       [PATCH] cron may attept to close unopened file
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Sep 12 14:20:22 GMT 2004
>Closed-Date:    Thu Apr 13 21:48:49 GMT 2006
>Last-Modified:  Thu Apr 13 21:48:49 GMT 2006
>Originator:     Dan Lukes
>Release:        FreeBSD 5.3-BETA3 i386
>Organization:
Obludarium
>Environment:
System: FreeBSD kulesh.obluda.cz 5.3-BETA3 FreeBSD 5.3-BETA3 #8: Sun Sep 5 07:06:40 CEST 2004 dan@kulesh.obluda.cz:/usr/obj/usr/src/sys/Dan i386
usr.sbin/cron/lib/misc.c,v 1.11 2002/08/04 04:32:27 tjr
usr.sbin/cron/cron/cron.c,v 1.15 2004/05/16 19:29:33 yar
usr.sbin/cron/cron/do_command.c,v 1.22 2004/05/16 19:29:33 yar

>Description:
usr.sbin/cron/lib/misc.c:413: warning: 'deny' might be used uninitialized in this function

It's sign of true bug. When fopen of ALLOW_FILE fail for other than ENOENT
reason, then "goto out" apply then 'if (deny)' is evaluated and
'fclose(deny)' may be called athought 'deny' is uninitialized variable.

I want to eliminate the following warning also, but they are
"false-positives" only ...:
usr.sbin/cron/cron/cron.c:165: warning: 'otzminute' might be used uninitialized in this function
usr.sbin/cron/cron/cron.c:165: warning: 'otzhour' might be used uninitialized in this function
usr.sbin/cron/cron/cron.c:165: warning: 'otzdom' might be used uninitialized in this function
usr.sbin/cron/cron/cron.c:165: warning: 'otzmonth' might be used uninitialized in this function
usr.sbin/cron/cron/cron.c:165: warning: 'otzdow' might be used uninitialized in this function
usr.sbin/cron/cron/do_command.c:388: warning: 'mail' might be used uninitialized in this function

>How-To-Repeat:
	N/A
>Fix:
*** usr.sbin/cron/lib/misc.c.ORIG	Wed Aug  7 00:03:16 2002
--- usr.sbin/cron/lib/misc.c	Sun Sep 12 15:52:00 2004
***************
*** 419,425 ****
  	if ((allow = fopen(ALLOW_FILE, "r")) == NULL && errno != ENOENT)
  		goto out;
  	if ((deny = fopen(DENY_FILE, "r")) == NULL && errno != ENOENT)
! 		goto out;
  	Debug(DMISC, ("allow/deny enabled, %d/%d\n", !!allow, !!deny))
  #else
  	allow = NULL;
--- 419,425 ----
  	if ((allow = fopen(ALLOW_FILE, "r")) == NULL && errno != ENOENT)
  		goto out;
  	if ((deny = fopen(DENY_FILE, "r")) == NULL && errno != ENOENT)
! 		goto out1;
  	Debug(DMISC, ("allow/deny enabled, %d/%d\n", !!allow, !!deny))
  #else
  	allow = NULL;
***************
*** 437,446 ****
  		isallowed = TRUE; 
  #endif
  	}
  out:	if (allow)
  		fclose(allow);
- 	if (deny)
- 		fclose(deny);
  	return (isallowed);
  }
  
--- 437,446 ----
  		isallowed = TRUE; 
  #endif
  	}
+ out1:	if (deny)
+ 		fclose(deny);
  out:	if (allow)
  		fclose(allow);
  	return (isallowed);
  }
  
*** usr.sbin/cron/cron/cron.c.ORIG	Tue May 18 22:20:13 2004
--- usr.sbin/cron/cron/cron.c	Sun Sep 12 16:00:03 2004
***************
*** 162,168 ****
  	static time_t	diff = 0, /* time difference in seconds from the last offset change */
  		difflimit = 0; /* end point for the time zone correction */
  	struct tm	otztm; /* time in the old time zone */
! 	int		otzminute, otzhour, otzdom, otzmonth, otzdow;
   	register struct tm	*tm = localtime(&TargetTime);
  	register int		minute, hour, dom, month, dow;
  	register user		*u;
--- 162,170 ----
  	static time_t	diff = 0, /* time difference in seconds from the last offset change */
  		difflimit = 0; /* end point for the time zone correction */
  	struct tm	otztm; /* time in the old time zone */
! 	int		otzminute = otzminute, /* "init" to avoid "might be used uninitialized" warning */
! 		otzhour = otzhour, otzdom = otzdom, 
! 		otzmonth = otzmonth, otzdow = otzmonth;
   	register struct tm	*tm = localtime(&TargetTime);
  	register int		minute, hour, dom, month, dow;
  	register user		*u;
*** usr.sbin/cron/cron/do_command.c.ORIG	Tue May 18 22:20:13 2004
--- usr.sbin/cron/cron/do_command.c	Sun Sep 12 16:04:42 2004
***************
*** 385,391 ****
  
  		ch = getc(in);
  		if (ch != EOF) {
! 			register FILE	*mail;
  			register int	bytes = 1;
  			int		status = 0;
  
--- 385,391 ----
  
  		ch = getc(in);
  		if (ch != EOF) {
! 			register FILE	*mail = mail; /* "init" to avoid "might be used uninitialized" warning */
  			register int	bytes = 1;
  			int		status = 0;
  
>Release-Note:
>Audit-Trail:

From: Giorgos Keramidas <keramida@freebsd.org>
To: Dan Lukes <dan@obluda.cz>
Cc: bug-followup@freebsd.org
Subject: Re: bin/71651: [PATCH] cron may attept to close unopened file
Date: Sun, 12 Sep 2004 23:01:55 +0300

 On 2004-09-12 16:15, Dan Lukes <dan@obluda.cz> wrote:
 > 
 > >Number:         71651
 > >Category:       bin
 > >Synopsis:       [PATCH] cron may attept to close unopened file
 > >Confidential:   no
 > >Severity:       serious
 > >Priority:       low
 > >Responsible:    freebsd-bugs
 > >State:          open
 > >Quarter:        
 > >Keywords:       
 > >Date-Required:
 > >Class:          sw-bug
 > >Submitter-Id:   current-users
 > >Arrival-Date:   Sun Sep 12 14:20:22 GMT 2004
 > >Closed-Date:
 > >Last-Modified:
 > >Originator:     Dan Lukes
 > >Release:        FreeBSD 5.3-BETA3 i386
 > >Organization:
 > Obludarium
 > >Environment:
 > System: FreeBSD kulesh.obluda.cz 5.3-BETA3 FreeBSD 5.3-BETA3 #8: Sun Sep 5 07:06:40 CEST 2004 dan@kulesh.obluda.cz:/usr/obj/usr/src/sys/Dan i386
 > usr.sbin/cron/lib/misc.c,v 1.11 2002/08/04 04:32:27 tjr
 > usr.sbin/cron/cron/cron.c,v 1.15 2004/05/16 19:29:33 yar
 > usr.sbin/cron/cron/do_command.c,v 1.22 2004/05/16 19:29:33 yar
 > 
 > >Description:
 > usr.sbin/cron/lib/misc.c:413: warning: 'deny' might be used uninitialized in this function
 > 
 > It's sign of true bug. When fopen of ALLOW_FILE fail for other than ENOENT
 > reason, then "goto out" apply then 'if (deny)' is evaluated and
 > 'fclose(deny)' may be called athought 'deny' is uninitialized variable.
 
 The check to avoid calling fclose() with NULL is already there.  You
 just have to make sure that `allow' and `deny' are always initialized to
 NULL to let it work as expected :-)
 
 %%%
 Index: misc.c
 ===================================================================
 RCS file: /home/ncvs/src/usr.sbin/cron/lib/misc.c,v
 retrieving revision 1.11
 diff -u -r1.11 misc.c
 --- misc.c	4 Aug 2002 04:32:27 -0000	1.11
 +++ misc.c	12 Sep 2004 19:55:31 -0000
 @@ -410,7 +410,8 @@
  allowed(username)
  	char *username;
  {
 -	FILE	*allow, *deny;
 +	FILE	*allow = NULL;
 +	FILE	*deny = NULL;
  	int	isallowed;
  
  	isallowed = FALSE;
 @@ -421,9 +422,6 @@
  	if ((deny = fopen(DENY_FILE, "r")) == NULL && errno != ENOENT)
  		goto out;
  	Debug(DMISC, ("allow/deny enabled, %d/%d\n", !!allow, !!deny))
 -#else
 -	allow = NULL;
 -	deny = NULL;
  #endif
  
  	if (allow)
 %%%
 
 >   	struct tm	otztm; /* time in the old time zone */
 > - 	int		otzminute, otzhour, otzdom, otzmonth, otzdow;
 > + 	int		otzminute = otzminute, /* "init" to avoid "might be used uninitialized" warning */
 > + 		otzhour = otzhour, otzdom = otzdom, 
 > + 		otzmonth = otzmonth, otzdow = otzmonth;
 
 Please don't use this.  There's probably a true bug hidden here.
 Hiding it is not good.
 
 >   		if (ch != EOF) {
 > - 			register FILE	*mail;
 > + 			register FILE	*mail = mail; /* "init" to avoid "might be used uninitialized" warning */
 
 Use NULL as the initialization of (FILE *) objects.  If they are indeed
 used before a proper initialization is done this will expose the true
 bugs and let us fix them ;-)
 
 - Giorgos
 
State-Changed-From-To: open->closed 
State-Changed-By: maxim 
State-Changed-When: Thu Apr 13 21:47:27 UTC 2006 
State-Changed-Why:  
stefanf has fixed the issue in rev. 1.12 cron/lib/misc.c.  Thanks 
for the report! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=71651 
>Unformatted:
