[Udpcast] Uninitialized memory read

Roger Lindmark roger.lindmark at gmail.com
Mon Aug 27 06:52:16 CEST 2012


Hello,

Attached diff fixes two places where uninitialized memory are accessed.

The cause is found in the hello struct where mcastAddr allocates 16
bytes, but copyToMessage does not fill all space in the struct.


--- a/udpcast-20120424/udps-negotiate.c
+++ b/udpcast-20120424/udps-negotiate.c
@@ -47,6 +47,9 @@ static int sendConnectionReply(participantsDb_t db,
                               unsigned int rcvbuf) {
     struct connectReply reply;

+    /* zero all data in reply struct */
+    memset (&reply, 0, sizeof(reply));
+
     if(rcvbuf == 0)
        rcvbuf = 65536;

@@ -83,6 +86,10 @@ static int sendConnectionReply(participantsDb_t db,
 void sendHello(struct net_config *net_config, int sock,
               int streaming) {
     struct hello hello;
+
+    /* zero all data in hello struct */
+    memset(&hello, 0, sizeof(hello));
+
     /* send hello message */
     if(streaming)
        hello.opCode = htons(CMD_HELLO_STREAMING);


Regards
/ Roger



More information about the Udpcast mailing list