Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-30806

dnsmasq SAST: Error: UNINIT (CWE-457): dnsmasq-2.85/contrib/lease-tools/dhcp_release.c:265: var_decl: Declaring variable "ifr" without initializer.

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • rhel-10.0
    • rhel-9.3.0
    • dnsmasq
    • None
    • None
    • None
    • sst_cs_infra_services
    • ssg_core_services
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None

      What were you trying to do that didn't work?

      Error: UNINIT (CWE-457):
dnsmasq-2.85/contrib/lease-tools/dhcp_release.c:265: var_decl: Declaring variable "ifr" without initializer.
dnsmasq-2.85/contrib/lease-tools/dhcp_release.c:285: uninit_use_in_call: Using uninitialized value "ifr". Field "ifr.ifr_ifru" is uninitialized when calling "setsockopt".
#  283|     strncpy(ifr.ifr_name, argv[1], sizeof(ifr.ifr_name)-1);
#  284|     ifr.ifr_name[sizeof(ifr.ifr_name)-1] = '\0';
#  285|->   if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr)) == -1)
#  286|       {
#  287|         perror("cannot setup interface");

      Please provide the package NVR for which bug is seen:

      How reproducible:

      Steps to reproduce

      Expected results

      Actual results

      Fix. the call uses only ifr_name anyway, but initialized whole structure would be better.

            pemensik@redhat.com Petr Mensik
            pemensik@redhat.com Petr Mensik
            Petr Mensik Petr Mensik
            Petr Sklenar Petr Sklenar
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: