Subject: Re: -current config(8) + files.opencrypto == cryptographic roulette?
To: Rafal Boni <rafal@pobox.com>
From: Jonathan Stone <jonathan@DSG.Stanford.EDU>
List: current-users
Date: 11/24/2003 12:38:29
In message <200311241913.hAOJDIvZ022577@fearless-vampire-killer.waterside.net>Rafal Boni writes

[ usr.sbin/config newnv() leaves fields uninitialized ]

I'm amazed nobody else saw it -- unless the malloc support routines
changed in the meantime? But why not zero the whole nvlist structure,
as defensive programming:


Index: util.c
===================================================================
RCS file: /cvsroot/src/usr.sbin/config/util.c,v
retrieving revision 1.18
diff -u -r1.18 util.c
--- util.c	19 Sep 2003 06:19:56 -0000	1.18
+++ util.c	24 Nov 2003 20:33:29 -0000
@@ -190,6 +190,7 @@
 		nv = emalloc(sizeof(*nv));
 	else
 		nvfreelist = nv->nv_next;
+	memset(nv, 0, sizeof(*nv));
 	nv->nv_next = next;
 	nv->nv_name = name;
 	if (ptr == NULL)

or even move the memset() into config's emalloc()?  It shouldn't
be that big a factor in the run time.