Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-30806

dnsmasq SAST: Error: UNINIT (CWE-457): dnsmasq-2.85/contrib/lease-tools/dhcp_release.c:265: var_decl: Declaring variable "ifr" without initializer.

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • rhel-10.0
    • rhel-9.3.0
    • dnsmasq
    • None
    • None
    • None
    • rhel-sst-cs-net-perf-services
    • ssg_core_services
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None

      What were you trying to do that didn't work?

      Error: UNINIT (CWE-457):
      dnsmasq-2.85/contrib/lease-tools/dhcp_release.c:265: var_decl: Declaring variable "ifr" without initializer.
      dnsmasq-2.85/contrib/lease-tools/dhcp_release.c:285: uninit_use_in_call: Using uninitialized value "ifr". Field "ifr.ifr_ifru" is uninitialized when calling "setsockopt".
      #  283|     strncpy(ifr.ifr_name, argv[1], sizeof(ifr.ifr_name)-1);
      #  284|     ifr.ifr_name[sizeof(ifr.ifr_name)-1] = '\0';
      #  285|->   if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr)) == -1)
      #  286|       {
      #  287|         perror("cannot setup interface");
      
      

      Please provide the package NVR for which bug is seen:

      How reproducible:

      Steps to reproduce

      Expected results

      Actual results

      Fix. the call uses only ifr_name anyway, but initialized whole structure would be better.

              pemensik@redhat.com Petr Mensik
              pemensik@redhat.com Petr Mensik
              Petr Mensik Petr Mensik
              Petr Sklenar Petr Sklenar
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: