Hi!
> > So, I'm struggling to understand why the data received via sockets
> > from the network and through SSL would trigger these kinds of
> > warnings. Literally, every packet/pdu I receive and parse triggers
> > these errors. The data is valid and the PDUs are correct thus my
> > confusion.
> >
> > Has anyone ever seen this and know how to fix/correct?
>
> Look at any code that you use with SSL but not without. One common thing
> that can trigger this is if you run 'strlen', 'strchr', or something like
> that on the received data.
>
> Consider:
>
> char buf[1024];
> int i, j;
>
> buf[1024]=0; // to make sure we don't run off the end
> j=SSL_read(ssl, buf, 1000)
> if(j<=0) return;
> i=strlen(buf);
> if(i<j) // data contained an embedded zero
> {
> ...
>
> This is legal/safe code. However, it does read uninitialized data. The value
> of the uninitialized data can affect 'i', but not whether or not 'i' is less
> than 'j'. The tool will correctly report that the value of 'i' is
> indeterminate.
I think you may be on to something.
The code that seems to be triggering it includes a lot of strlen and
atoi and sprintfs over the data obtained from ssl/tcp/xml.
Here is one code example where I'm reading a 10-byte block of data
(always 10-bytes, not less):
bufptr = (u_char *)&wh;
for (nread = 0; nread < sizeof(wh); nread += ret) {
ret = SSL_read(ssl,bufptr+nread,sizeof(wh)-nread);
if (ret <= 0)
break;
}
wh is a 10-byte struct; the above code loops until its read the 10
bytes. The code below then copies that 10-byte block until a
character string (11-bytes to accommodate a null char at end of block):
strncpy(msgLenStr,wh.msgLenStr,10);
msgLenStr[10] = 0;
msgLen = atoi(msgLenStr);
This code triggers valgrind even though I know if I get to this block,
the data was read off the wire and through the socket and through SSL.
When I added the following block of test code, every single byte in
the 10-byte structure came back as undefined despite the fact that it
contained valid data.
for (i=0; i<nread; i++) {
if (VALGRIND_CHECK_VALUE_IS_DEFINED(bufptr[i])) {
fprintf(stderr,
"xmpRecvMessage: byte %d of wireheader buf is not
defined\n",i);
}
}
So, I'm stumped as to what is the cause of this.
Is it as you state above that valgrind is warning me about the
possibility of it being uninitialized despite that I have a lot of
checks (e.g. ret < 0) so that my code does not process bogus data?
If so, is there a way around this? (Perhaps this is better asked of
the valgrind people). I thought valgrind was definitely telling me
that something was un-initialized as opposed to logically possible.
Thanks,
Bobby
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
