[PATCH] Avoid use of uninitialized values in guid.c
Chris Shoemaker
c.shoemaker at cox.net
Thu Feb 10 17:23:20 EST 2005
* Avoid use of uninitialized values in guid.c
- prevent md5 seeding from using uninitialized stack contents
- give used GUID recognizable memory signature
- add a simple test case that helped testing for use of
uninitialized values
Index: src/engine/guid.c
===================================================================
RCS file: /home/cvs/cvsroot/gnucash/src/engine/guid.c,v
retrieving revision 1.25.4.6
diff -u -r1.25.4.6 guid.c
--- src/engine/guid.c 31 May 2004 14:22:11 -0000 1.25.4.6
+++ src/engine/guid.c 10 Feb 2005 05:50:07 -0000
@@ -99,5 +99,5 @@
const GUID *
guid_null(void)
{
- static int null_inited = (0 == 1);
+ static int null_inited = 0;
static GUID null_guid;
if (!null_inited)
{
int i;
+ char *tmp = "NULLGUID.EMPTY.";
+ /* 16th space for '\O' */
for (i = 0; i < 16; i++)
- null_guid.data[i] = 0;
+ null_guid.data[i] = tmp[i];
- null_inited = (0 == 0);
+ null_inited = 1;
}
return &null_guid;
@@ -186,2 +188,2 @@
size_t file_bytes;
FILE *fp;
+ memset(&stats, 0, sizeof(struct stat));
if (stat(filename, &stats) != 0)
return 0;
@@ -236,14 +239,15 @@
if (de == NULL)
break;
- md5_process_bytes(de, sizeof(struct dirent), &guid_context);
- total += sizeof(struct dirent);
+ md5_process_bytes(de->d_name, strlen(de->d_name), &guid_context);
+ total += strlen(de->d_name);
result = snprintf(filename, sizeof(filename),
"%s/%s", dirname, de->d_name);
if ((result < 0) || (result >= (int)sizeof(filename)))
continue;
+ memset(&stats, 0, sizeof(struct stat));
if (stat(filename, &stats) != 0)
continue;
md5_process_bytes(&stats, sizeof(stats), &guid_context);
@@ -298,7 +302,8 @@
{
size_t bytes = 0;
- guid_memchunk_init();
+ /* Not needed: taken care of on first malloc.
+ /* guid_memchunk_init(); */
md5_init_ctx(&guid_context);
@@ -387,7 +392,8 @@
/* host info */
{
char string[1024];
-
+
+ memset((void *)string, 0, 1024);
gethostname(string, sizeof(string));
md5_process_bytes(string, sizeof(string), &guid_context);
bytes += sizeof(string);
Index: src/engine/test/test-guid.c
===================================================================
RCS file: /home/cvs/cvsroot/gnucash/src/engine/test/test-guid.c,v
retrieving revision 1.2
diff -u -r1.2 test-guid.c
--- src/engine/test/test-guid.c 17 Oct 2003 04:25:46 -0000 1.2
+++ src/engine/test/test-guid.c 10 Feb 2005 02:10:41 -0000
@@ -16,8 +16,21 @@
#include "qofid.h"
#include "qofid-p.h"
#include "qofsession.h"
+#include "guid.h"
+static void test1(void)
+{
+ GUID g;
+ GUID *gp;
+
+ g = guid_new_return();
+ gp = guid_malloc();
+ guid_new(gp);
+ do_test(guid_equal(guid_null(), guid_null()), "null guids equal");
+ do_test(!guid_equal(&g, gp), "two guids equal");
+
+}
static void
run_test (void)
@@ -47,14 +60,16 @@
ent->e_type = type;
qof_collection_insert_entity (col, ent);
}
+ qof_session_destroy(sess);
}
static void
main_helper (void *closure, int argc, char **argv)
{
- g_log_set_always_fatal( G_LOG_LEVEL_CRITICAL | G_LOG_LEVEL_WARNING );
do_test((NULL!=gnc_module_load("gnucash/engine", 0)), "couldn't load engine");
+ g_log_set_always_fatal( G_LOG_LEVEL_CRITICAL | G_LOG_LEVEL_WARNING );
+ test1();
run_test ();
print_test_results();
@@ -64,6 +79,7 @@
int
main (int argc, char **argv)
{
- scm_boot_guile(argc, argv, main_helper, NULL);
+ /* scm_boot_guile(argc, argv, main_helper, NULL); */
+ main_helper(NULL, argc, argv);
return 0;
}
More information about the gnucash-patches
mailing list