From patchwork Tue Oct 28 20:31:50 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gert Doering <gert@greenie.muc.de>
X-Patchwork-Id: 4539
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7000:2995:b0:72f:f16c:e055 with SMTP id
 f21csp2306125max;
        Tue, 28 Oct 2025 13:32:15 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCXeAhsJiLkZZvC2xDR6ldio1KbsMzhJfFClR7AhEOC61TZy0oNxA6QWJ3VTj6w2O+HMXa/zP9fn2oU=@openvpn.net
X-Google-Smtp-Source: 
 AGHT+IGq+8EzofZ38TYI2nVWKsiWVK91RUyq8URjZn7e/khnlonWL9lJ1Ou2R+Tfv4kjoM1ASbDZ
X-Received: by 2002:a05:6870:9107:b0:3af:6b4:1232 with SMTP id
 586e51a60fabf-3d747b3d822mr469402fac.35.1761683535784;
        Tue, 28 Oct 2025 13:32:15 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1761683535; cv=none;
        d=google.com; s=arc-20240605;
        b=WD9LYEnKHOVDd8p9Vo2dvgI1AafFH+0tBcdtpFPBHKFIIW9RVDkXpdrGjMEsXSCxLY
         Hf/iXi14dUOn1ky6dN7oam7vJ+guRw7PwPjwqvWTEAIVy1RcPk7t/wxDv0J6jRRgebtc
         06jAmQkaWj3zIZ6F1Kq6N1TuYY6PdHNO52h3TqJx3OjCkaV29k6wSbciqYaOAKLmdtGu
         mCqcIAcE5g1FjxH/4YUL8dvkU9EoH+Qxwk17ZTp6EZmkgqmT0/B09KmffimjvtYfyX8g
         DHCwIo6k9rTuzk6g9V/HT4jilTTB02HSVwvL3l7NXHtLnEQ3zyDz4jOs3tkhc4PJjAoe
         Kemg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=errors-to:content-transfer-encoding:list-subscribe:list-help
         :list-post:list-archive:list-unsubscribe:list-id:precedence:subject
         :mime-version:references:in-reply-to:message-id:date:to:from
         :dkim-signature:dkim-signature:dkim-signature;
        bh=fkTpFodFJHG7ZSfqmUlhkWLSp6A0I5KPyT4mk3vuw1I=;
        fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=;
        b=IiTROPMFKs8MuCYPTce1MH3z7KYuD3ekpLvS51PYC+i+jCgbBnEpS1RpjCpwu8HGJA
         SgStHfw11GBhJAbQ7nB52ZHttxZBmDrs/pqGXYIGD/x3YEhJ7+LKkYUbIkZyqLo4AUsz
         5YHrDitnsqza09d3SUjSXxrmUPqSq3fcXQ6cpPE46QYNjvI304rDt9cCfiGf91hX9A0o
         0ktwJ4YTU46l+Q513ZuXopdddrIf4wT/j9ZGOVjhwDwsxHboLZBJKDYiX+1Hq9/kuVlz
         WLnTsYYWahu6w4fhFMMUEnifpaR/A4wsfW2CxVJfU3ZoaX5YQk64gJ4X2KXQneortjG/
         PAwQ==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@lists.sourceforge.net header.s=beta
 header.b=K15tX2N6;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b="kwaU/jCH";
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=lzo19QlG;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
        by mx.google.com with ESMTPS id
 586e51a60fabf-3d204c40d04si3653417fac.397.2025.10.28.13.32.15
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 28 Oct 2025 13:32:15 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@lists.sourceforge.net header.s=beta
 header.b=K15tX2N6;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b="kwaU/jCH";
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=lzo19QlG;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:
	List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:
	Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender:
	Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
	bh=fkTpFodFJHG7ZSfqmUlhkWLSp6A0I5KPyT4mk3vuw1I=; b=K15tX2N6iIUze0kSZgAwA2+kwR
	ivtyNk0TVPRyQWFkQ96LPgngNwW/Oj/Lky3xZAcuVYwuo2/FyAjBsOrQZfBodSmb7fpglIYvsGrel
	Jf6DLbggmyHOmPecsUkAcIY3bFgAuSk0TOOJJhouXCKgw+O7a0DHrfEn+keG4H3IYpXY=;
Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com)
	by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1vDqMV-0002Mp-Rr;
	Tue, 28 Oct 2025 20:32:11 +0000
Received: from [172.30.29.66] (helo=mx.sourceforge.net)
 by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
 (envelope-from <gert@blue4.greenie.muc.de>) id 1vDqMU-0002Mh-CA
 for openvpn-devel@lists.sourceforge.net;
 Tue, 28 Oct 2025 20:32:10 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References:
 In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=tzGY/nWp2GXQeoR5JI1ARBxDrX0MmhLO/KhvEadFnjs=; b=kwaU/jCHboaNbosvMp/vz/WKw/
 dnjvDJhygfW/VCoq9X5zCaZ+MxsGSWYwEXPxFoety4BSSyPSaM9BHecbGJzs8e+62zGtsELl7/w4e
 BdeCbR+KLeAMuNEvqDuhWpxOc07L+vnauHtEzsQOWFIvC4VAWeunq/hUdGmkwzSApYpI=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:
 Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=tzGY/nWp2GXQeoR5JI1ARBxDrX0MmhLO/KhvEadFnjs=; b=lzo19QlGBa9DE3tDG1lorExYpL
 m6A1TPCTBmHbZpeRTpYJoEDoujV+ro2cNpZDdJbYDIZjxIIpiLnvZSja0Xj4SHL7lgkgeR1xPEyiH
 Sgda1h+ncQX4X1Gj0k7mxlLK8QQHJ440mx5EUuckB+fN6zMbsiGuHNHsbhjq3lvLbECA=;
Received: from [193.149.48.134] (helo=blue.greenie.muc.de)
 by sfi-mx-2.v28.lw.sourceforge.com with esmtps
 (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95)
 id 1vDqMT-00061V-6C for openvpn-devel@lists.sourceforge.net;
 Tue, 28 Oct 2025 20:32:10 +0000
Received: from blue.greenie.muc.de (localhost [127.0.0.1])
 by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 59SKVvBK011712
 for <openvpn-devel@lists.sourceforge.net>; Tue, 28 Oct 2025 21:31:57 +0100
Received: (from gert@localhost)
 by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 59SKVvao011711
 for openvpn-devel@lists.sourceforge.net; Tue, 28 Oct 2025 21:31:57 +0100
From: Gert Doering <gert@greenie.muc.de>
To: openvpn-devel@lists.sourceforge.net
Date: Tue, 28 Oct 2025 21:31:50 +0100
Message-ID: <20251028203156.11697-1-gert@greenie.muc.de>
X-Mailer: git-send-email 2.49.1
In-Reply-To: 
 <gerrit.1761676579000.I7f4c7b0ca748975defca1e5104e7077a761cd49c@gerrit.openvpn.net>
References: 
 <gerrit.1761676579000.I7f4c7b0ca748975defca1e5104e7077a761cd49c@gerrit.openvpn.net>
MIME-Version: 1.0
X-Spam-Score: 1.3 (+)
X-Spam-Report: Spam detection software,
 running on the system "sfi-spamd-2.hosts.colo.sdot.me",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  while this really is only a debug function, ensuring that
 no uninitialized heap content ends up in padding in the structure and thus
 to disk is good practice. Reported-by: Joshua Rogers <contact@joshua.hu>
 Found-by: ZeroPath (https://zeropath.com/)
 Content analysis details:   (1.3 points, 5.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
X-Headers-End: 1vDqMT-00061V-6C
Subject: [Openvpn-devel] [PATCH v1] zeroize struct image in
 packet_id_persist_save() before writing to disk
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1847259074927139356?=
X-GMAIL-MSGID: =?utf-8?q?1847259074927139356?=

while this really is only a debug function, ensuring that no uninitialized
heap content ends up in padding in the structure and thus to disk is good
practice.

Reported-by: Joshua Rogers <contact@joshua.hu>
Found-by: ZeroPath (https://zeropath.com/)

Change-Id: I7f4c7b0ca748975defca1e5104e7077a761cd49c
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1323
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1323
This mail reflects revision 1 of this Change.

Acked-by according to Gerrit (reflected above):
Frank Lichtenheld <frank@lichtenheld.com>

diff --git a/src/openvpn/packet_id.c b/src/openvpn/packet_id.c
index 880eee1..08d9d9b 100644
--- a/src/openvpn/packet_id.c
+++ b/src/openvpn/packet_id.c
@@ -511,6 +511,7 @@
         && (p->time != p->time_last_written || p->id != p->id_last_written))
     {
         struct packet_id_persist_file_image image;
+        CLEAR(image);
         ssize_t n;
         off_t seek_ret;
         struct gc_arena gc = gc_new();