[Dnsmasq-discuss] [PATCH] Fix syscall param, sendmsg(msg.msg_control) pointing to uninitialised bytes

Geert Stappers stappers at stappers.nl
Sat Aug 17 17:56:19 UTC 2024 

On Sat, Jul 27, 2024 at 11:25:04AM +0200, Dominik Derigs via Dnsmasq-discuss wrote:
> Hey Simon,
 
Hello dnsmasq mailinglist,
Hello people in the CC,


> another patch fixing a small memcheck error reported during Pi-hole testing.
> The error is caused in send_from() (forward.c) by handing a partially
> uninitialized stack variable to sendmsg() when nowild == false.
> 
> Full error output (example):
> 
> ==1052839== Syscall param sendmsg(msg.msg_control) points to uninitialised byte(s)
> ==1052839== at 0x4B7199D: __libc_sendmsg (sendmsg.c:28)
> ==1052839== by 0x4B7199D: sendmsg (sendmsg.c:25)
> ==1052839== by 0x21EADB: send_from (forward.c:101)
> ==1052839== by 0x222551: receive_query (forward.c:1988)
> ==1052839== by 0x20FD6A: check_dns_listeners (dnsmasq.c:1886)
> ==1052839== by 0x2120EF: main (dnsmasq.c:1278)
> ==1052839== Location 0x1fff000098is 24bytes inside local var "control_u"
> ==1052839== declared at forward.c:49, in frame #1of thread 1
> ==1052839== Uninitialised value was created by a stack allocation
> ==1052839== at 0x21EA11: send_from (forward.c:38)
> 
> Note that the line-numbers are not necessarily 100% accurate. We have not
> noticed any abnormal behavior, however, fixing this reported error is easy
> enough.
> 
> Best,
> Dominik

> From fd37817ec8ae02c8c4d449df339d179f767caba4 Mon Sep 17 00:00:00 2001
> From: Dominik Derigs <dl6er at dl6er.de>
> Date: Sat, 27 Jul 2024 11:13:49 +0200
> Subject: [PATCH] Fix memcheck errors like "Syscall param sendmsg(msg.msg_control) points to uninitialised byte(s)"
> 
> Signed-off-by: Dominik Derigs <dl6er at dl6er.de>
> ---
>  src/forward.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/src/forward.c b/src/forward.c
> index 10e7496..004935e 100644
> --- a/src/forward.c
> +++ b/src/forward.c
> @@ -35,7 +35,7 @@ int send_from(int fd, int nowild, char *packet, size_t len,
>  	      union mysockaddr *to, union all_addr *source,
>  	      unsigned int iface)
>  {
> -  struct msghdr msg;
> +  struct msghdr msg = { 0 };
>    struct iovec iov[1]; 
>    union {
>      struct cmsghdr align; /* this ensures alignment */
> @@ -45,7 +45,7 @@ int send_from(int fd, int nowild, char *packet, size_t len,
>      char control[CMSG_SPACE(sizeof(struct in_addr))];
>  #endif
>      char control6[CMSG_SPACE(sizeof(struct in6_pktinfo))];
> -  } control_u;
> +  } control_u = { 0 };
>    
>    iov[0].iov_base = packet;
>    iov[0].iov_len = len;
> -- 
> 2.34.1
> 

Groeten
Geert Stappers
-- 
Silence is hard to parse

More information about the Dnsmasq-discuss mailing list