Possible Misuse of sizeof() in BIND-9.12.1-P2 (CWE-467)
Summary
In directory 'isc/dns', file 'openssldh_link.c', in function 'openssldh_tofile', there appears to be a possible misuse of sizeof for bufs which is declared:
unsigned char *bufs[4];
Here is the code snippet:
static isc_result_t openssldh_tofile(const dst_key_t *key, const char *directory) { int i; DH *dh; const BIGNUM *pub_key = NULL, *priv_key = NULL, *p = NULL, *g = NULL; dst_private_t priv; unsigned char *bufs[4]; isc_result_t result; if (key->keydata.dh == NULL) return (DST_R_NULLKEY); if (key->external) return (DST_R_EXTERNALKEY); dh = key->keydata.dh; DH_get0_key(dh, &pub_key, &priv_key); DH_get0_pqg(dh, &p, NULL, &g); memset(bufs, 0, sizeof(bufs));
Steps to reproduce
N/A
What is the current bug behavior?
Possible Misuse of sizeof()
What is the expected correct behavior?
Here is an example of a test program:
bill@snoopy:~$ cat test.c #include int main() { unsigned char *buf[4]; printf("size of buf is: %zu\n", sizeof(buf)); printf("size of *buf is: %zu\n", sizeof(*buf)); return 0; }
which produces the output below:
bill@snoopy:~$ gcc -Wall test.c bill@snoopy:~$ ./a.out size of buf is: 32 size of *buf is: 8
Relevant configuration files
N/A
Relevant logs and/or screenshots
N/A
Possible fixes
https://cwe.mitre.org/data/definitions/467.html
Should the call to memset be:
memset(bufs, 0, sizeof(*bufs));
instead?