Syscall param ioctl(SIOCGIFINDEX) points to uninitialised byte(s) in GetNetworkInterfaceIndexByName

Bug #1509863 reported by Michele Spagnuolo on 2015-10-25
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
avahi (Ubuntu)
High
Unassigned

Bug Description

Issuing two dbus method calls of GetNetworkInterfaceIndexByName, first with a short string and then with a long one, makes avahi-daemon point to uninitialised bytes when calling ioctl(SIOCGIFINDEX), according to valgrind.

DEBUG:root:TEST #1201: org.freedesktop.Avahi / org.freedesktop.Avahi.Server->GetNetworkInterfaceIndexByName with (('en0',),)
DEBUG:root:TEST #1202: org.freedesktop.Avahi / org.freedesktop.Avahi.Server->GetNetworkInterfaceIndexByName with (('AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA',),)

==7836== Syscall param ioctl(SIOCGIFINDEX) points to uninitialised byte(s)
==7836== at 0x6206337: ioctl (syscall-template.S:81)
==7836== by 0x6228076: if_nametoindex (if_index.c:48)
==7836== by 0x40EAE0: msg_server_impl (dbus-protocol.c:376)
==7836== by 0x5ACBE95: ??? (in /lib/x86_64-linux-gnu/libdbus-1.so.3.7.6)
==7836== by 0x5ABEA20: dbus_connection_dispatch (in /lib/x86_64-linux-gnu/libdbus-1.so.3.7.6)
==7836== by 0x414B35: dispatch_timeout_callback (dbus-watch-glue.c:105)
==7836== by 0x4E3E647: avahi_simple_poll_dispatch (in /usr/lib/x86_64-linux-gnu/libavahi-common.so.3.5.3)
==7836== by 0x406FD9: main (main.c:1256)
==7836== Address 0xfff0004b0 is on thread 1's stack
==7836== Uninitialised value was created by a stack allocation
==7836== at 0x405D60: ??? (in /tmp/avahi-daemon-noasan)
==7836==

Sebastien Bacher (seb128) wrote :

Thanks, maybe you could report the issue upstream on http://www.avahi.org/report ?

Changed in avahi (Ubuntu):
importance: Undecided → High

​Hi Sebastien,

Avahi's Trac signup functionality is broken (returns a server error).

I reported the issue to their Github too.

Thanks!​

On Mon, Oct 26, 2015 at 10:12 AM, Sebastien Bacher <email address hidden>
wrote:

> or maybe on https://github.com/lathiat/avahi/issues
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1509863
>
> Title:
> Syscall param ioctl(SIOCGIFINDEX) points to uninitialised byte(s) in
> GetNetworkInterfaceIndexByName
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/1509863/+subscriptions
>

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers