From a013777abc919c6287b2c467aca11ae6e97e9efe Mon Sep 17 00:00:00 2001
From: Donald Sharp <sharpd@nvidia.com>
Date: Sun, 31 Jan 2021 08:56:00 -0500
Subject: [PATCH] zebra: Prevent sending of unininted data

valgrind is reporting:
2448137-==2448137== Thread 5 zebra_apic:
2448137-==2448137== Syscall param writev(vector[...]) points to uninitialised byte(s)
2448137:==2448137==    at 0x4D6FDDD: __writev (writev.c:26)
2448137-==2448137==    by 0x4D6FDDD: writev (writev.c:24)
2448137-==2448137==    by 0x48A35F5: buffer_flush_available (buffer.c:431)
2448137-==2448137==    by 0x48A3504: buffer_flush_all (buffer.c:237)
2448137-==2448137==    by 0x495948: zserv_write (zserv.c:263)
2448137-==2448137==    by 0x4904B7E: thread_call (thread.c:1681)
2448137-==2448137==    by 0x48BD3E5: fpt_run (frr_pthread.c:308)
2448137-==2448137==    by 0x4C61EA6: start_thread (pthread_create.c:477)
2448137-==2448137==    by 0x4D78DEE: clone (clone.S:95)
2448137-==2448137==  Address 0x720c3ce is 62 bytes inside a block of size 4,120 alloc'd
2448137:==2448137==    at 0x483877F: malloc (vg_replace_malloc.c:307)
2448137-==2448137==    by 0x48D2977: qmalloc (memory.c:110)
2448137-==2448137==    by 0x48A30E3: buffer_add (buffer.c:135)
2448137-==2448137==    by 0x48A30E3: buffer_put (buffer.c:161)
2448137-==2448137==    by 0x49591B: zserv_write (zserv.c:256)
2448137-==2448137==    by 0x4904B7E: thread_call (thread.c:1681)
2448137-==2448137==    by 0x48BD3E5: fpt_run (frr_pthread.c:308)
2448137-==2448137==    by 0x4C61EA6: start_thread (pthread_create.c:477)
2448137-==2448137==    by 0x4D78DEE: clone (clone.S:95)
2448137-==2448137==  Uninitialised value was created by a stack allocation
2448137:==2448137==    at 0x43E490: zserv_encode_vrf (zapi_msg.c:103)

Effectively we are sending `struct vrf_data` without ensuring
data has been properly initialized.

Signed-off-by: Donald Sharp <sharpd@nvidia.com>
---
 zebra/zapi_msg.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/zebra/zapi_msg.c b/zebra/zapi_msg.c
index 8e68984823..21bff96b7d 100644
--- a/zebra/zapi_msg.c
+++ b/zebra/zapi_msg.c
@@ -104,6 +104,7 @@ static void zserv_encode_vrf(struct stream *s, struct zebra_vrf *zvrf)
 	struct vrf_data data;
 	const char *netns_name = zvrf_ns_name(zvrf);
 
+	memset(&data, 0, sizeof(data));
 	data.l.table_id = zvrf->table_id;
 
 	if (netns_name)
-- 
2.39.5