From: mbuhl <mbuhl@openbsd.org>
Date: Wed, 9 Nov 2022 18:48:11 +0000 (+0000)
Subject: In do_zzz a garbage stack value could be accessed in case a read
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=3abecac13ee041aea096ce7171e4bd0dd60c1b0f;p=openbsd

In do_zzz a garbage stack value could be accessed in case a read
or write in send_command failed.
Found by codechecker.
OK deraadt
---

diff --git a/usr.sbin/apm/apm.c b/usr.sbin/apm/apm.c
index dd2b2578e0d..ea1a433e656 100644
--- a/usr.sbin/apm/apm.c
+++ b/usr.sbin/apm/apm.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: apm.c,v 1.42 2022/09/10 10:10:09 sdk Exp $	*/
+/*	$OpenBSD: apm.c,v 1.43 2022/11/09 18:48:11 mbuhl Exp $	*/
 
 /*
  *  Copyright (c) 1996 John T. Kohl
@@ -99,6 +99,8 @@ do_zzz(int fd, enum apm_action action)
 	char *msg;
 	int ret;
 
+	bzero(&reply, sizeof reply);
+
 	switch (action) {
 	case NONE:
 	case SUSPEND:
@@ -119,7 +121,7 @@ do_zzz(int fd, enum apm_action action)
 
 	printf("%s...\n", msg);
 	ret = send_command(fd, &command, &reply);
-	if (reply.error)
+	if (ret == 0 && reply.error)
 		errx(1, "%s: %s", apm_state(reply.newstate), strerror(reply.error));
 	exit(ret);
 }