Skip to content

Commit a6d28eb

Browse files
author
Florian Westphal
committed
netfilter: nf_conntrack_h323: don't pass uninitialised l3num value
Mihail Milev reports: Error: UNINIT (CWE-457): net/netfilter/nf_conntrack_h323_main.c:1189:2: var_decl: Declaring variable "tuple" without initializer. net/netfilter/nf_conntrack_h323_main.c:1197:2: uninit_use_in_call: Using uninitialized value "tuple.src.l3num" when calling "__nf_ct_expect_find". net/netfilter/nf_conntrack_expect.c:142:2: read_value: Reading value "tuple->src.l3num" when calling "nf_ct_expect_dst_hash". 1195| tuple.dst.protonum = IPPROTO_TCP; 1196| 1197|-> exp = __nf_ct_expect_find(net, nf_ct_zone(ct), &tuple); 1198| if (exp && exp->master == ct) 1199| return exp; Switch this to a C99 initialiser and set the l3num value. Fixes: f587de0 ("[NETFILTER]: nf_conntrack/nf_nat: add H.323 helper port") Signed-off-by: Florian Westphal <fw@strlen.de>
1 parent 7f261bb commit a6d28eb

1 file changed

Lines changed: 5 additions & 5 deletions

File tree

net/netfilter/nf_conntrack_h323_main.c

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1187,13 +1187,13 @@ static struct nf_conntrack_expect *find_expect(struct nf_conn *ct,
11871187
{
11881188
struct net *net = nf_ct_net(ct);
11891189
struct nf_conntrack_expect *exp;
1190-
struct nf_conntrack_tuple tuple;
1190+
struct nf_conntrack_tuple tuple = {
1191+
.src.l3num = nf_ct_l3num(ct),
1192+
.dst.protonum = IPPROTO_TCP,
1193+
.dst.u.tcp.port = port,
1194+
};
11911195

1192-
memset(&tuple.src.u3, 0, sizeof(tuple.src.u3));
1193-
tuple.src.u.tcp.port = 0;
11941196
memcpy(&tuple.dst.u3, addr, sizeof(tuple.dst.u3));
1195-
tuple.dst.u.tcp.port = port;
1196-
tuple.dst.protonum = IPPROTO_TCP;
11971197

11981198
exp = __nf_ct_expect_find(net, nf_ct_zone(ct), &tuple);
11991199
if (exp && exp->master == ct)

0 commit comments

Comments
 (0)