[Dnsmasq-discuss] [PATCH] Fix syscall param, sendmsg(msg.msg_control) pointing to uninitialised bytes

[Dominik Derigs via Dnsmasq-discuss]

Hey Simon,

another patch fixing a small memcheck error reported during Pi-hole 
testing. The error is caused in send_from() (forward.c) by handing a 
partially uninitialized stack variable to sendmsg() when nowild == false.

Full error output (example):

==1052839== Syscall param sendmsg(msg.msg_control) points to 
uninitialised byte(s)
==1052839== at 0x4B7199D: __libc_sendmsg (sendmsg.c:28)
==1052839== by 0x4B7199D: sendmsg (sendmsg.c:25)
==1052839== by 0x21EADB: send_from (forward.c:101)
==1052839== by 0x222551: receive_query (forward.c:1988)
==1052839== by 0x20FD6A: check_dns_listeners (dnsmasq.c:1886)
==1052839== by 0x2120EF: main (dnsmasq.c:1278)
==1052839== Location 0x1fff000098is 24bytes inside local var "control_u"
==1052839== declared at forward.c:49, in frame #1of thread 1
==1052839== Uninitialised value was created by a stack allocation
==1052839== at 0x21EA11: send_from (forward.c:38)

Note that the line-numbers are not necessarily 100% accurate. We have 
not noticed any abnormal behavior, however, fixing this reported error 
is easy enough.

Best,
Dominik
From fd37817ec8ae02c8c4d449df339d179f767caba4 Mon Sep 17 00:00:00 2001
From: Dominik Derigs <dl...@dl6er.de>
Date: Sat, 27 Jul 2024 11:13:49 +0200
Subject: [PATCH] Fix memcheck errors like "Syscall param
 sendmsg(msg.msg_control) points to uninitialised byte(s)"

Signed-off-by: Dominik Derigs <dl...@dl6er.de>
---
 src/forward.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/forward.c b/src/forward.c
index 10e7496..004935e 100644
--- a/src/forward.c
+++ b/src/forward.c
@@ -35,7 +35,7 @@ int send_from(int fd, int nowild, char *packet, size_t len,
 	      union mysockaddr *to, union all_addr *source,
 	      unsigned int iface)
 {
-  struct msghdr msg;
+  struct msghdr msg = { 0 };
   struct iovec iov[1]; 
   union {
     struct cmsghdr align; /* this ensures alignment */
@@ -45,7 +45,7 @@ int send_from(int fd, int nowild, char *packet, size_t len,
     char control[CMSG_SPACE(sizeof(struct in_addr))];
 #endif
     char control6[CMSG_SPACE(sizeof(struct in6_pktinfo))];
-  } control_u;
+  } control_u = { 0 };
   
   iov[0].iov_base = packet;
   iov[0].iov_len = len;
-- 
2.34.1

_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss