From 9d4de16fe023193a84c3ca763e61653a383fd0cc Mon Sep 17 00:00:00 2001 From: guenther Date: Tue, 13 Oct 2015 09:11:48 +0000 Subject: [PATCH] Initialize va_filerev in vattr_null() to avoid leaking stack garbage; problem pointed out by Martin Natano (natano (at) natano.net) Also, stop chaining assignments (foo = bar = baz) in vattr_null(). The exact meaning of those depends on the order of the sizes-and- signednesses of the lvalues, making them fragile: a statement here mixed *six* types, but managed to get them in a safe order. Delete a 20+ year old XXX comment that was almost certainly bemoaning a bug from when they were in an unsafe order. ok deraadt@ miod@ --- sys/kern/vfs_subr.c | 32 +++++++++++++++++++++++--------- 1 file changed, 23 insertions(+), 9 deletions(-) diff --git a/sys/kern/vfs_subr.c b/sys/kern/vfs_subr.c index 3e19fe56663..a78a8aee979 100644 --- a/sys/kern/vfs_subr.c +++ b/sys/kern/vfs_subr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vfs_subr.c,v 1.235 2015/10/08 08:41:58 mpi Exp $ */ +/* $OpenBSD: vfs_subr.c,v 1.236 2015/10/13 09:11:48 guenther Exp $ */ /* $NetBSD: vfs_subr.c,v 1.53 1996/04/22 01:39:13 christos Exp $ */ /* @@ -296,16 +296,30 @@ vattr_null(struct vattr *vap) { vap->va_type = VNON; - /* XXX These next two used to be one line, but for a GCC bug. */ + /* + * Don't get fancy: u_quad_t = u_int = VNOVAL leaves the u_quad_t + * with 2^31-1 instead of 2^64-1. Just write'm out and let + * the compiler do its job. + */ + vap->va_mode = VNOVAL; + vap->va_nlink = VNOVAL; + vap->va_uid = VNOVAL; + vap->va_gid = VNOVAL; + vap->va_fsid = VNOVAL; + vap->va_fileid = VNOVAL; vap->va_size = VNOVAL; + vap->va_blocksize = VNOVAL; + vap->va_atime.tv_sec = VNOVAL; + vap->va_atime.tv_nsec = VNOVAL; + vap->va_mtime.tv_sec = VNOVAL; + vap->va_mtime.tv_nsec = VNOVAL; + vap->va_ctime.tv_sec = VNOVAL; + vap->va_ctime.tv_nsec = VNOVAL; + vap->va_gen = VNOVAL; + vap->va_flags = VNOVAL; + vap->va_rdev = VNOVAL; vap->va_bytes = VNOVAL; - vap->va_mode = vap->va_nlink = vap->va_uid = vap->va_gid = - vap->va_fsid = vap->va_fileid = - vap->va_blocksize = vap->va_rdev = - vap->va_atime.tv_sec = vap->va_atime.tv_nsec = - vap->va_mtime.tv_sec = vap->va_mtime.tv_nsec = - vap->va_ctime.tv_sec = vap->va_ctime.tv_nsec = - vap->va_flags = vap->va_gen = VNOVAL; + vap->va_filerev = VNOVAL; vap->va_vaflags = 0; } -- 2.20.1