From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from list by lists.gnu.org with archive (Exim 4.90_1)
	id 1nUDiR-0008Td-W1
	for mharc-grub-devel@gnu.org; Tue, 15 Mar 2022 16:24:24 -0400
Received: from eggs.gnu.org ([209.51.188.92]:47778)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <alec.r.brown@oracle.com>)
 id 1nUDiM-0008Qf-UO
 for grub-devel@gnu.org; Tue, 15 Mar 2022 16:24:19 -0400
Received: from mx0a-00069f02.pphosted.com ([205.220.165.32]:2432)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <alec.r.brown@oracle.com>)
 id 1nUDiK-0005CH-Ft
 for grub-devel@gnu.org; Tue, 15 Mar 2022 16:24:18 -0400
Received: from pps.filterd (m0246629.ppops.net [127.0.0.1])
 by mx0b-00069f02.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 22FITMLl005232
 for <grub-devel@gnu.org>; Tue, 15 Mar 2022 20:24:15 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com;
 h=from : to : cc :
 subject : date : message-id : in-reply-to : references; s=corp-2021-07-09;
 bh=z30luCzmn+c0mLBbBVeCmOGTslou6Jn8hWxh/o7wwCI=;
 b=Jk5BBtS/GmEqoa1ESgrxmGIAY3BPmteVnIsmlTaTxDsVYs5FYk55VBqVu5K9C2297drK
 e6WARGHZ0lBaiptSgzP1+WzpEL7jHYRlUI3z4bWQo15ZqCoVhnkFaFjN8SnSathhL6Jz
 ps38wcO52p8TVQZ3emXAIjxSUbYOLirZPnOlxcfd322o1c9aRt64O+cNYE7aB5oMkUXK
 TNHWnLngtGNH083UVDffYFfhZO6g4e/uyxlp4Kpy+nGr5rh+/kj2/HkHkZhN6XVduWA5
 QMpAYbeuMEPUnlpGIDSSDCqgmosRHMLniVGgnCYJ8fGGPTMl2KJ6gU2YORQrTc/ONL9y ag== 
Received: from iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com
 (iadpaimrmta02.appoci.oracle.com [147.154.18.20])
 by mx0b-00069f02.pphosted.com with ESMTP id 3et5xwm5pv-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK)
 for <grub-devel@gnu.org>; Tue, 15 Mar 2022 20:24:15 +0000
Received: from pps.filterd
 (iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1])
 by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (8.16.1.2/8.16.1.2)
 with SMTP id 22FKBWkT016267
 for <grub-devel@gnu.org>; Tue, 15 Mar 2022 20:24:13 GMT
Received: from pps.reinject (localhost [127.0.0.1])
 by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com with ESMTP id
 3erhy18mte-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK)
 for <grub-devel@gnu.org>; Tue, 15 Mar 2022 20:24:13 +0000
Received: from iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com
 (iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1])
 by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 22FKOD5Q000823
 for <grub-devel@gnu.org>; Tue, 15 Mar 2022 20:24:13 GMT
Received: from localhost (dhcp-10-152-14-18.usdhcp.oraclecorp.com
 [10.152.14.18])
 by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com with ESMTP id
 3erhy18mt3-1; Tue, 15 Mar 2022 20:24:12 +0000
From: Alec Brown <alec.r.brown@oracle.com>
To: grub-devel@gnu.org
Cc: daniel.kiper@oracle.com, darren.kenny@oracle.com, alec.r.brown@oracle.com
Subject: [PATCH 3/7] grub-core/net/arp.c: Fix uninitialized scalar variable
Date: Tue, 15 Mar 2022 16:24:05 -0400
Message-Id: <1647375849-24164-4-git-send-email-alec.r.brown@oracle.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1647375849-24164-1-git-send-email-alec.r.brown@oracle.com>
References: <1647375849-24164-1-git-send-email-alec.r.brown@oracle.com>
X-Proofpoint-GUID: I2EqDsoRNZhUiVDx1llqneNPs7JvRDiT
X-Proofpoint-ORIG-GUID: I2EqDsoRNZhUiVDx1llqneNPs7JvRDiT
Received-SPF: pass client-ip=205.220.165.32;
 envelope-from=alec.r.brown@oracle.com; helo=mx0a-00069f02.pphosted.com
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_MED=-0.001,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
 <mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
 <mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Mar 2022 20:24:20 -0000

In the function grub_net_arp_receive(), grub_net_network_level_address_t
sender_addr and target_addr are being called but aren't being initialized. To
prevent contents of these structures from being filled with junk data from the
stack, we can initialize them to 0 by setting sender_addr and target_addr to {}.

Fixes: CID 375030

Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
---
 grub-core/net/arp.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/grub-core/net/arp.c b/grub-core/net/arp.c
index 54306e3b1..2b3765932 100644
--- a/grub-core/net/arp.c
+++ b/grub-core/net/arp.c
@@ -115,7 +115,8 @@ grub_net_arp_receive (struct grub_net_buff *nb, struct grub_net_card *card,
                       grub_uint16_t *vlantag)
 {
   struct arppkt *arp_packet = (struct arppkt *) nb->data;
-  grub_net_network_level_address_t sender_addr, target_addr;
+  grub_net_network_level_address_t sender_addr = {};
+  grub_net_network_level_address_t target_addr = {};
   grub_net_link_level_address_t sender_mac_addr;
   struct grub_net_network_level_interface *inf;
 
-- 
2.27.0