lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 2 Dec 2022 13:07:02 +0300
From:   Dan Carpenter <error27@...il.com>
To:     Li Qiong <liqiong@...china.com>, Peilin Ye <yepeilin.cs@...il.com>
Cc:     Simon Horman <horms@...ge.net.au>, Julian Anastasov <ja@....bg>,
        Pablo Neira Ayuso <pablo@...filter.org>,
        Jozsef Kadlecsik <kadlec@...filter.org>,
        Florian Westphal <fw@...len.de>,
        "David S . Miller" <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org, lvs-devel@...r.kernel.org,
        netfilter-devel@...r.kernel.org, kernel-janitors@...r.kernel.org,
        coreteam@...filter.org, Yu Zhe <yuzhe@...china.com>
Subject: Re: [PATCH] ipvs: initialize 'ret' variable in do_ip_vs_set_ctl()

On Fri, Dec 02, 2022 at 11:25:11AM +0800, Li Qiong wrote:
> The 'ret' should need to be initialized to 0, in case
> return a uninitialized value because no default process
> for "switch (cmd)".
> 
> Signed-off-by: Li Qiong <liqiong@...china.com>

If this is a real bug, then it needs a fixes tag.  The fixes tag helps
us know whether to back port or not and it also helps in reviewing the
patch.  Also get_maintainer.pl will CC the person who introduced the
bug so they can review it.  They are normally the best person to review
their own code.

Here it would be:
Fixes: c5a8a8498eed ("ipvs: Fix uninit-value in do_ip_vs_set_ctl()")

Which is strange...  Also it suggest that the correct value is -EINVAL
and not 0.

The thing about uninitialized variable bugs is that Smatch and Clang
both warn about them so they tend to get reported pretty quick.
Apparently neither Nathan nor I sent forwarded this static checker
warning.  :/

regards,
dan carpenter

Powered by blists - more mailing lists