heimdal: Fix CID 240793 Uninitialized scalar variable

tmp.data is uninitialized in the fwrite call

Hopefully I don't create a problem here: If tmp.data is supposed to be randomly
set, I think the right fix would have been to explicitly call a random function
initializing it.

<jra@samba.org>
------------------------------------------------------------
I have looked through the code carefully. Your fix is safe.

The first entry in the replay file created in krb5_rc_initialize()
is only used to store the 'krb5_deltat auth_lifespan' value, the
associated data[16] value is never looked at. (Look at the
code in krb5_rc_store() and krb5_rc_get_lifespan() to confirm).

Only subsequent data[16] values are checked with memcmp.
------------------------------------------------------------

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/source4/heimdal/lib/krb5/replay.c b/source4/heimdal/lib/krb5/replay.c
index 965dd44437d9456253705ebd172aee70368b46bd..d85424db341cc5c85c0be7c6f4ddd80001abe49d 100644 (file)
--- a/source4/heimdal/lib/krb5/replay.c
+++ b/source4/heimdal/lib/krb5/replay.c
@@ -129,7 +129,7 @@ krb5_rc_initialize(krb5_context context,
                   krb5_deltat auth_lifespan)
 {
     FILE *f = fopen(id->name, "w");
-    struct rc_entry tmp;
+    struct rc_entry tmp = { .stamp = auth_lifespan };
     int ret;
 
     if(f == NULL) {
@@ -139,7 +139,6 @@ krb5_rc_initialize(krb5_context context,
        krb5_set_error_message(context, ret, "open(%s): %s", id->name, buf);
        return ret;
     }
-    tmp.stamp = auth_lifespan;
     fwrite(&tmp, 1, sizeof(tmp), f);
     fclose(f);
     return 0;