From a762e6871ad6837ee126cec9e63d99388b4bf119 Mon Sep 17 00:00:00 2001
From: Andrew Deason <adeason@sinenomine.net>
Date: Wed, 4 Feb 2015 10:25:38 -0600
Subject: [PATCH] rx: Zero unitialized uio structs

We use some uio structures that were allocated on the stack, but we
only initialize them by initializing individual fields. On some
platforms (Solaris is one known example, but probably not the only
one), there are additional fields we do not initialize. Since we
cannot be certain of what any additional fields there may be, just
zero the whole thing.

This is basically the same change as
I0eae0b49a70aee19f3a9ec118b03cfb3a6bd03a3, but in the rx subtree.

Change-Id: I400144143bb1f47409eccb931daacc8a5058e074
Reviewed-on: http://gerrit.openafs.org/11711
Tested-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Perry Ruiter <pruiter@sinenomine.net>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Daria Brashear <shadow@your-file-system.com>
---
 src/rx/DARWIN/rx_knet.c  | 27 ++++++++++++++++-----------
 src/rx/FBSD/rx_knet.c    |  7 +++++++
 src/rx/HPUX/rx_knet.c    |  6 ++++++
 src/rx/IRIX/rx_knet.c    |  6 ++++++
 src/rx/NBSD/rx_knet.c    |  6 ++++++
 src/rx/OBSD/rx_knet.c    |  6 ++++++
 src/rx/SOLARIS/rx_knet.c |  6 ++++++
 7 files changed, 53 insertions(+), 11 deletions(-)

diff --git a/src/rx/DARWIN/rx_knet.c b/src/rx/DARWIN/rx_knet.c
index d0d0f797c..8cc24c8e9 100644
--- a/src/rx/DARWIN/rx_knet.c
+++ b/src/rx/DARWIN/rx_knet.c
@@ -166,6 +166,14 @@ int
 osi_NetReceive(osi_socket so, struct sockaddr_in *addr, struct iovec *dvec,
 	       int nvecs, int *alength)
 {
+    int i;
+    struct iovec iov[RX_MAXIOVECS];
+    struct sockaddr *sa = NULL;
+    int code;
+    size_t resid;
+
+    int haveGlock = ISAFS_GLOCK();
+
 #ifdef AFS_DARWIN80_ENV
     socket_t asocket = (socket_t)so;
     struct msghdr msg;
@@ -175,14 +183,9 @@ osi_NetReceive(osi_socket so, struct sockaddr_in *addr, struct iovec *dvec,
 #else
     struct socket *asocket = (struct socket *)so;
     struct uio u;
+    memset(&u, 0, sizeof(u));
 #endif
-    int i;
-    struct iovec iov[RX_MAXIOVECS];
-    struct sockaddr *sa = NULL;
-    int code;
-    size_t resid;
-
-    int haveGlock = ISAFS_GLOCK();
+    memset(&iov, 0, sizeof(iov));
     /*AFS_STATCNT(osi_NetReceive); */
 
     if (nvecs > RX_MAXIOVECS)
@@ -282,6 +285,10 @@ int
 osi_NetSend(osi_socket so, struct sockaddr_in *addr, struct iovec *dvec,
 	    int nvecs, afs_int32 alength, int istack)
 {
+    afs_int32 code;
+    int i;
+    struct iovec iov[RX_MAXIOVECS];
+    int haveGlock = ISAFS_GLOCK();
 #ifdef AFS_DARWIN80_ENV
     socket_t asocket = (socket_t)so;
     struct msghdr msg;
@@ -289,11 +296,9 @@ osi_NetSend(osi_socket so, struct sockaddr_in *addr, struct iovec *dvec,
 #else
     struct socket *asocket = (struct socket *)so;
     struct uio u;
+    memset(&u, 0, sizeof(u));
 #endif
-    afs_int32 code;
-    int i;
-    struct iovec iov[RX_MAXIOVECS];
-    int haveGlock = ISAFS_GLOCK();
+    memset(&iov, 0, sizeof(iov));
 
     AFS_STATCNT(osi_NetSend);
     if (nvecs > RX_MAXIOVECS)
diff --git a/src/rx/FBSD/rx_knet.c b/src/rx/FBSD/rx_knet.c
index fef1d4f65..1e8a013c9 100644
--- a/src/rx/FBSD/rx_knet.c
+++ b/src/rx/FBSD/rx_knet.c
@@ -26,6 +26,10 @@ osi_NetReceive(osi_socket asocket, struct sockaddr_in *addr,
     int code;
 
     int haveGlock = ISAFS_GLOCK();
+
+    memset(&u, 0, sizeof(u));
+    memset(&iov, 0, sizeof(iov));
+
     /*AFS_STATCNT(osi_NetReceive); */
 
     if (nvecs > RX_MAXIOVECS)
@@ -137,6 +141,9 @@ osi_NetSend(osi_socket asocket, struct sockaddr_in *addr, struct iovec *dvec,
     struct uio u;
     int haveGlock = ISAFS_GLOCK();
 
+    memset(&u, 0, sizeof(u));
+    memset(&iov, 0, sizeof(iov));
+
     AFS_STATCNT(osi_NetSend);
     if (nvecs > RX_MAXIOVECS)
 	osi_Panic("osi_NetSend: %d: Too many iovecs.\n", nvecs);
diff --git a/src/rx/HPUX/rx_knet.c b/src/rx/HPUX/rx_knet.c
index c797cfd23..8ea0263cb 100644
--- a/src/rx/HPUX/rx_knet.c
+++ b/src/rx/HPUX/rx_knet.c
@@ -225,6 +225,9 @@ osi_NetSend(struct socket *asocket, struct sockaddr_in *addr,
     int code;
     int size = sizeof(struct sockaddr_in);
 
+    memset(&uio, 0, sizeof(uio));
+    memset(&temp, 0, sizeof(temp));
+
     /* Guess based on rxk_NewSocket */
     bp = allocb((size + SO_MSGOFFSET + 1), BPRI_MED);
     if (!bp)
@@ -258,6 +261,9 @@ osi_NetReceive(osi_socket so, struct sockaddr_in *addr, struct iovec *dvec,
     int flags = 0;
     MBLKP bp, sp;
 
+    memset(&tuio, 0, sizeof(tuio));
+    memset(&tmpvec, 0, sizeof(tempvec));
+
     if (nvecs > RX_MAXWVECS + 2) {
 	osi_Panic("Too many (%d) iovecs passed to osi_NetReceive\n", nvecs);
     }
diff --git a/src/rx/IRIX/rx_knet.c b/src/rx/IRIX/rx_knet.c
index 1bab1a66e..42d9b4da5 100644
--- a/src/rx/IRIX/rx_knet.c
+++ b/src/rx/IRIX/rx_knet.c
@@ -58,6 +58,9 @@ osi_NetReceive(osi_socket so, struct sockaddr_in *addr, struct iovec *dvec,
     BHV_PDATA(&bhv) = (void *)so;
 #endif
 
+    memset(&tuio, 0, sizeof(tuio));
+    memset(&tmpvec, 0, sizeof(tmpvec));
+
     tuio.uio_iov = tmpvec;
     tuio.uio_iovcnt = nvecs;
     tuio.uio_offset = 0;
@@ -430,6 +433,9 @@ osi_NetSend(asocket, addr, dvec, nvec, asize, istack)
     int i;
     bhv_desc_t bhv;
 
+    memset(&tuio, 0, sizeof(tuio));
+    memset(&tvecs, 0, sizeof(tvecs));
+
     if (nvec > RX_MAXWVECS + 1) {
 	osi_Panic("osi_NetSend: %d: Too many iovecs.\n", nvec);
     }
diff --git a/src/rx/NBSD/rx_knet.c b/src/rx/NBSD/rx_knet.c
index e08b27864..6ee14101b 100644
--- a/src/rx/NBSD/rx_knet.c
+++ b/src/rx/NBSD/rx_knet.c
@@ -24,6 +24,9 @@ osi_NetReceive(osi_socket asocket, struct sockaddr_in *addr,
 
     int glocked = ISAFS_GLOCK();
 
+    memset(&u, 0, sizeof(u));
+    memset(&iov, 0, sizeof(iov));
+
     if (nvecs > RX_MAXIOVECS)
 	osi_Panic("osi_NetReceive: %d: too many iovecs\n", nvecs);
 
@@ -94,6 +97,9 @@ osi_NetSend(osi_socket asocket, struct sockaddr_in *addr, struct iovec *dvec,
     struct mbuf *nam;
     int glocked = ISAFS_GLOCK();
 
+    memset(&u, 0, sizeof(u));
+    memset(&iov, 0, sizeof(iov));
+
     AFS_STATCNT(osi_NetSend);
     if (nvecs > RX_MAXIOVECS)
 	osi_Panic("osi_NetSend: %d: Too many iovecs.\n", nvecs);
diff --git a/src/rx/OBSD/rx_knet.c b/src/rx/OBSD/rx_knet.c
index 569caac46..9e61c33d6 100644
--- a/src/rx/OBSD/rx_knet.c
+++ b/src/rx/OBSD/rx_knet.c
@@ -24,6 +24,9 @@ osi_NetReceive(osi_socket asocket, struct sockaddr_in *addr,
 
     int haveGlock = ISAFS_GLOCK();
 
+    memset(&u, 0, sizeof(u));
+    memset(&iov, 0, sizeof(iov));
+
     if (nvecs > RX_MAXIOVECS)
 	osi_Panic("osi_NetReceive: %d: too many iovecs\n", nvecs);
 
@@ -92,6 +95,9 @@ osi_NetSend(osi_socket asocket, struct sockaddr_in *addr, struct iovec *dvec,
     struct mbuf *nam;
     int haveGlock = ISAFS_GLOCK();
 
+    memset(&u, 0, sizeof(u));
+    memset(&iov, 0, sizeof(iov));
+
     AFS_STATCNT(osi_NetSend);
     if (nvecs > RX_MAXIOVECS)
 	osi_Panic("osi_NetSend: %d: Too many iovecs.\n", nvecs);
diff --git a/src/rx/SOLARIS/rx_knet.c b/src/rx/SOLARIS/rx_knet.c
index 85e21ee8a..101356b39 100644
--- a/src/rx/SOLARIS/rx_knet.c
+++ b/src/rx/SOLARIS/rx_knet.c
@@ -484,6 +484,9 @@ osi_NetSend(osi_socket asocket, struct sockaddr_in *addr, struct iovec *dvec,
     int error;
     int i;
 
+    memset(&uio, 0, sizeof(uio));
+    memset(&iov, 0, sizeof(iov));
+
     if (nvecs > RX_MAXIOVECS) {
 	osi_Panic("osi_NetSend: %d: Too many iovecs.\n", nvecs);
     }
@@ -524,6 +527,9 @@ osi_NetReceive(osi_socket so, struct sockaddr_in *addr, struct iovec *dvec,
     int error;
     int i;
 
+    memset(&uio, 0, sizeof(uio));
+    memset(&iov, 0, sizeof(iov));
+
     if (nvecs > RX_MAXIOVECS) {
 	osi_Panic("osi_NetSend: %d: Too many iovecs.\n", nvecs);
     }
-- 
2.39.5