diff mbox series

[Openvpn-devel,v1] zeroize struct image in packet_id_persist_save() before writing to disk

Message ID 20251028203156.11697-1-gert@greenie.muc.de
State New
Headers show
Series [Openvpn-devel,v1] zeroize struct image in packet_id_persist_save() before writing to disk | expand

Commit Message

Gert Doering Oct. 28, 2025, 8:31 p.m. UTC 
while this really is only a debug function, ensuring that no uninitialized
heap content ends up in padding in the structure and thus to disk is good
practice.

Reported-by: Joshua Rogers <contact@joshua.hu>
Found-by: ZeroPath (https://zeropath.com/)

Change-Id: I7f4c7b0ca748975defca1e5104e7077a761cd49c
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1323
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1323
This mail reflects revision 1 of this Change.

Acked-by according to Gerrit (reflected above):
Frank Lichtenheld <frank@lichtenheld.com>

Comments

Gert Doering Oct. 29, 2025, 7:10 a.m. UTC | #1 
Not the most critical path, but "initialize data structures before using"
is considered good practice :-)  - BB is also happy with it.

Patch has been applied to the master branch.

commit c58b6e73c3508b40b3d2f26eebfc3aa4df53e524
Author: Gert Doering
Date:   Tue Oct 28 21:31:50 2025 +0100

     zeroize struct image in packet_id_persist_save() before writing to disk

     Signed-off-by: Gert Doering <gert@greenie.muc.de>
     Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
     Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1323
     Message-Id: <20251028203156.11697-1-gert@greenie.muc.de>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg33983.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering
diff mbox series

Patch

diff --git a/src/openvpn/packet_id.c b/src/openvpn/packet_id.c
index 880eee1..08d9d9b 100644
--- a/src/openvpn/packet_id.c
+++ b/src/openvpn/packet_id.c
@@ -511,6 +511,7 @@ 
         && (p->time != p->time_last_written || p->id != p->id_last_written))
     {
         struct packet_id_persist_file_image image;
+        CLEAR(image);
         ssize_t n;
         off_t seek_ret;
         struct gc_arena gc = gc_new();