On Fri, Aug 13, 2021 at 04:05:02PM +0100, Peter Maydell wrote: > The POSIX spec for sockaddr_in says that implementations are allowed > to have implementation-dependent extensions controlled by extra > fields in the struct, and that the way to ensure these are not > accidentally activated is to zero out the whole data structure. > We have several places in our codebase where we don't zero-init > sockaddr_in structs and so (at least in theory) might run into this. > Coverity spotted the ones in the net code (CID 1005338); the > others in this series I found by looking at all uses of sockaddr_in. > (The gdbstub patch changes also a sockaddr_un use, for symmetry.) > > Thanks to Eric for the analysis of what the spec says and why > Coverity is correct here.
FWIW, the POSIX wording is interesting - it requires portable applications to zero out sockaddr_in6 (and even states that memset() is not yet a portable way to do that on exotic hardware, although a future version of POSIX may add a zero-bit constraint on implementations; in practice we only use qemu on hardware where memset() to zero properly sets pointers to NULL and floating points to 0.0). But for sockaddr_in, it merely recommends it, with an acknowledgment that much existing code fails to do so. Or put another way, POSIX gives carte blanche to implementations to add IPv6 extensions, but advises that IPv4 implementations should be wary of extensions that trigger off of uninitialized fields. Since you are fixing IPv4 usage, and not IPv6, I agree with your designation that this is 6.2 material, and not a regression fix to rush into 6.1 (should other patches warrant rc4) - we are unlikely to be running on an implementation where the uninitialized fields cause noticeable behavior changes to IPv4 behavior. -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org
