[AGENT++] receive_snmp_response() recvfrom() unitialized value

Kasperowski, Richard richard.kasperowski at centrepath.com
Thu Nov 4 19:09:09 CET 2004 

I ran my snmp++ 3.2.14-based application under valgrind on Linux kernel 2.4.20-28.7smp.  valgrind identified an unitialized value thet resulted from one of my many calls to Snmp::get(Pdu&, SnmpTarget const&):

-----
==2004-11-04 15:53:27.064 12024== Conditional jump or move depends on uninitialised value(s)
==2004-11-04 15:53:27.064 12024==    at 0x1BF4A5E0: receive_snmp_response(int, Snmp&, Pdu&, UdpAddress&, bool) (uxsnmp.cpp:322)
==2004-11-04 15:53:27.064 12024==    by 0x1BF3DCD3: CSNMPMessageQueue::HandleEvents(int, fd_set const&, fd_set const&, fd_set const&) (msgqueue.cpp:480)
==2004-11-04 15:53:27.065 12024==    by 0x1BF39BD0: CEventList::HandleEvents(int, fd_set const&, fd_set const&, fd_set const&) (eventlist.cpp:183)
==2004-11-04 15:53:27.065 12024==    by 0x1BF3A4A4: EventListHolder::SNMPProcessPendingEvents() (eventlistholder.cpp:213)
==2004-11-04 15:53:27.065 12024==    by 0x1BF3A6C2: EventListHolder::SNMPProcessEvents(int) (eventlistholder.cpp:266)
==2004-11-04 15:53:27.065 12024==    by 0x1BF3A30C: EventListHolder::SNMPBlockForResponse(unsigned long, Pdu&) (eventlistholder.cpp:161)
==2004-11-04 15:53:27.065 12024==    by 0x1BF4DA3F: Snmp::snmp_engine(Pdu&, long, long, SnmpTarget const&, void (*)(int, Snmp*, Pdu&, SnmpTarget&, void*), void const*) (uxsnmp.cpp:1739)
==2004-11-04 15:53:27.065 12024==    by 0x1BF4BCAA: Snmp::get(Pdu&, SnmpTarget const&) (uxsnmp.cpp:970)
-----

File uxsnmp.cpp line 322 is:

-----
  if (((sockaddr_in&)from_addr).sin_family == AF_INET)
-----

and the full context is:

-----
  do {
    receive_buffer_len = (long) recvfrom(sock, (char *) receive_buffer,
                                         MAX_SNMP_PACKET, 0,
                                         (struct sockaddr*) &from_addr,
                                         &fromlen);
    debugprintf(2, "++ SNMP++: something received...");
  } while ((receive_buffer_len < 0) && (EINTR == errno));

  if (receive_buffer_len <= 0 )                // error or no data pending
    return SNMP_CLASS_TL_FAILED;
  debugprintf(6, "Length received %i from socket %i; fromlen %i",
              receive_buffer_len, sock, fromlen);

  if (((sockaddr_in&)from_addr).sin_family == AF_INET)
  {
-----

This is very difficult to reproduce, and happens very infrequently, but it appears to be a real bug.  It looks like valgrind is complaining that from_addr has not been initialized.  I think this means that there is a weird case in which recvfrom() doesn't fill it in.

I don't know whether the bug is in the kernel or in snmp++, but, either way, I can cope with it in snmp++.  As a fix, I plan to put something like this in our copy uxsnmp.cpp, at line 296:

-----
#ifdef SNMP_PP_IPv6
  struct sockaddr_storage from_addr;
#else
  struct sockaddr_in from_addr;
#endif
  // Must initialize from_addr in case recvfrom doesn't fill it in.
  bzero(&from_addr, sizeof(from_addr));
-----

Is my analysis correct?  Does my proposed fix sound OK?  Is there a better fix?

Thanks,

--
Richard Kasperowski
CentrePath

More information about the AGENTPP mailing list