In the function grub_net_arp_receive(), grub_net_network_level_address_t
sender_addr and target_addr are being called but aren't being initialized. To
prevent contents of these structures from being filled with junk data from the
stack, we can initialize them to 0 by setting sender_addr and target_addr to {}.
Fixes: CID 375030
Signed-off-by: Alec Brown <alec.r.br...@oracle.com>
---
grub-core/net/arp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/grub-core/net/arp.c b/grub-core/net/arp.c
index 54306e3b1..2b3765932 100644
--- a/grub-core/net/arp.c
+++ b/grub-core/net/arp.c
@@ -115,7 +115,8 @@ grub_net_arp_receive (struct grub_net_buff *nb, struct
grub_net_card *card,
grub_uint16_t *vlantag)
{
struct arppkt *arp_packet = (struct arppkt *) nb->data;
- grub_net_network_level_address_t sender_addr, target_addr;
+ grub_net_network_level_address_t sender_addr = {};
+ grub_net_network_level_address_t target_addr = {};
grub_net_link_level_address_t sender_mac_addr;
struct grub_net_network_level_interface *inf;
--
2.27.0
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
