diff options
| author | Daiki Ueno <dueno@redhat.com> | 2020-03-31 06:58:48 +0200 |
|---|---|---|
| committer | Daiki Ueno <dueno@redhat.com> | 2020-04-04 06:10:45 +0200 |
| commit | 50ad8778a81f9421effa4c5a3b457f98e559b178 (patch) | |
| tree | 9218655da18732912b7f3808966fbac4053f5fcd /lib/state.c | |
| parent | 5c08aeda8f7c6453e43998fff5b528045d2b32a9 (diff) | |
| download | gnutls-50ad8778a81f9421effa4c5a3b457f98e559b178.tar.gz | |
build: use valgrind client request to detect undefined memory usetmp-valgrind-memcheck
This tightens the check introduced in
ac2f71b892d13a7ab4cc39086eef179042c7e23c, by using the valgrind client
request to explicitly mark the "uninitialized but initialization is
needed before use" regions. With this patch and the
fix (c01011c2d8533dbbbe754e49e256c109cb848d0d) reverted, you will see
the following error when running dtls_hello_random_value under
valgrind:
$ valgrind ./dtls_hello_random_value
testing: default
==520145== Conditional jump or move depends on uninitialised value(s)
==520145== at 0x4025F5: hello_callback (dtls_hello_random_value.c:90)
==520145== by 0x488BF97: _gnutls_call_hook_func (handshake.c:1215)
==520145== by 0x488C1AA: _gnutls_send_handshake2 (handshake.c:1332)
==520145== by 0x488FC7E: send_client_hello (handshake.c:2290)
==520145== by 0x48902A1: handshake_client (handshake.c:2908)
==520145== by 0x48902A1: gnutls_handshake (handshake.c:2740)
==520145== by 0x402CB3: client (dtls_hello_random_value.c:153)
==520145== by 0x402CB3: start (dtls_hello_random_value.c:317)
==520145== by 0x402EFE: doit (dtls_hello_random_value.c:331)
==520145== by 0x4023D4: main (utils.c:254)
==520145==
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Diffstat (limited to 'lib/state.c')
| -rw-r--r-- | lib/state.c | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/lib/state.c b/lib/state.c index 0e1d155442..98900c171f 100644 --- a/lib/state.c +++ b/lib/state.c @@ -55,6 +55,9 @@ #include "ext/cert_types.h" #include "locks.h" #include "kx.h" +#ifdef HAVE_VALGRIND_MEMCHECK_H +#include <valgrind/memcheck.h> +#endif /* to be used by supplemental data support to disable TLS1.3 * when supplemental data have been globally registered */ @@ -564,10 +567,22 @@ int gnutls_init(gnutls_session_t * session, unsigned int flags) UINT32_MAX; } - /* everything else not initialized here is initialized - * as NULL or 0. This is why calloc is used. + /* Everything else not initialized here is initialized as NULL + * or 0. This is why calloc is used. However, we want to + * ensure that certain portions of data are initialized at + * runtime before being used. Mark such regions with a + * valgrind client request as undefined. */ - +#ifdef HAVE_VALGRIND_MEMCHECK_H + if (RUNNING_ON_VALGRIND) { + if (flags & GNUTLS_CLIENT) + VALGRIND_MAKE_MEM_UNDEFINED((*session)->security_parameters.client_random, + GNUTLS_RANDOM_SIZE); + if (flags & GNUTLS_SERVER) + VALGRIND_MAKE_MEM_UNDEFINED((*session)->security_parameters.server_random, + GNUTLS_RANDOM_SIZE); + } +#endif handshake_internal_state_clear1(*session); #ifdef HAVE_WRITEV |