Possible Misuse of sizeof() in BIND-9.12.1-P2 (CWE-467)
Summary
In directory 'isc/dns', file 'openssldh_link.c', in function 'openssldh_tofile', there appears to be a possible misuse of sizeof for bufs which is declared:
unsigned char *bufs[4];
Here is the code snippet:
static isc_result_t
openssldh_tofile(const dst_key_t *key, const char *directory) {
int i;
DH *dh;
const BIGNUM *pub_key = NULL, *priv_key = NULL, *p = NULL, *g = NULL;
dst_private_t priv;
unsigned char *bufs[4];
isc_result_t result;
if (key->keydata.dh == NULL)
return (DST_R_NULLKEY);
if (key->external)
return (DST_R_EXTERNALKEY);
dh = key->keydata.dh;
DH_get0_key(dh, &pub_key, &priv_key);
DH_get0_pqg(dh, &p, NULL, &g);
memset(bufs, 0, sizeof(bufs));
Steps to reproduce
N/A
What is the current bug behavior?
Possible Misuse of sizeof()
What is the expected correct behavior?
Here is an example of a test program:
bill@snoopy:~$ cat test.c
#include
int main()
{
unsigned char *buf[4];
printf("size of buf is: %zu\n", sizeof(buf));
printf("size of *buf is: %zu\n", sizeof(*buf));
return 0;
}
which produces the output below:
bill@snoopy:~$ gcc -Wall test.c bill@snoopy:~$ ./a.out size of buf is: 32 size of *buf is: 8
Relevant configuration files
N/A
Relevant logs and/or screenshots
N/A
Possible fixes
https://cwe.mitre.org/data/definitions/467.html
Should the call to memset be:
memset(bufs, 0, sizeof(*bufs));
instead?