Open alexw91 opened 6 years ago
There's a bug report open with GCC since 2011. :(
Possibly uninitialized variables that should have = {0}
added:
$ grep -En "struct [a-z0-9_]+ [a-z0-9_]+;" ./**/s2n*.c
./bin/s2nc.c:225: struct verify_data unsafe_verify_data;
./bin/s2nd.c:666: struct stat st;
./crypto/s2n_composite_cipher_aes_sha.c:117: struct s2n_stuffer ctrl_stuffer;
./crypto/s2n_dhe.c:209: struct s2n_dh_params client_params;
./crypto/s2n_ecc.c:53: struct s2n_blob point;
./crypto/s2n_ecc.c:126: struct s2n_blob client_public_blob;
./crypto/s2n_ecc.c:225: struct s2n_blob point_blob;
./crypto/s2n_ecc.c:261: struct s2n_stuffer iana_ids_in;
./crypto/s2n_ecdsa.c:86: struct s2n_blob random_input;
./stuffer/s2n_stuffer_file.c:80: struct stat st;
./stuffer/s2n_stuffer_pem.c:79: struct s2n_stuffer base64_stuffer;
./tests/fuzz/s2n_client_cert_verify_recv_test.c:122:static struct s2n_pkey public_key;
./tests/fuzz/s2n_client_fuzz_test.c:194: struct s2n_stuffer in;
./tests/fuzz/s2n_openssl_diff_pem_parsing_test.c:88: struct s2n_blob mem;
./tests/fuzz/s2n_openssl_diff_pem_parsing_test.c:117: struct s2n_stuffer in;
./tests/fuzz/s2n_server_fuzz_test.c:201: struct s2n_stuffer in;
./tests/fuzz/s2n_stuffer_pem_fuzz_test.c:31: struct s2n_stuffer in;
./tests/fuzz/s2n_stuffer_pem_fuzz_test.c:32: struct s2n_stuffer out;
./tests/sidewinder/working/s2n-record-read-aead/s2n_record_read_wrapper.c:145: struct s2n_session_key session_key;
./tests/sidewinder/working/s2n-record-read-cbc/s2n_record_read_wrapper.c:140: struct s2n_session_key session_key;
./tests/sidewinder/working/s2n-record-read-composite/s2n_record_read_wrapper.c:150: struct s2n_session_key session_key;
./tests/sidewinder/working/s2n-record-read-stream/s2n_record_read_wrapper.c:139: struct s2n_session_key session_key;
./tests/unit/s2n_array_test.c:34: struct s2n_blob mem;
./tests/unit/s2n_drbg_test.c:46:struct s2n_stuffer nist_reference_entropy;
./tests/unit/s2n_drbg_test.c:162: struct s2n_timer timer;
./tests/unit/s2n_drbg_test.c:165: struct s2n_stuffer nist_reference_personalization_strings;
./tests/unit/s2n_drbg_test.c:166: struct s2n_stuffer nist_reference_returned_bits;
./tests/unit/s2n_drbg_test.c:167: struct s2n_stuffer nist_reference_values;
./tests/unit/s2n_ecc_test.c:30: struct s2n_stuffer wire;
./tests/unit/s2n_ecdsa_test.c:51: struct s2n_blob b;
./tests/unit/s2n_ecdsa_test.c:95: struct s2n_pkey pub_key;
./tests/unit/s2n_ecdsa_test.c:96: struct s2n_pkey priv_key;
./tests/unit/s2n_ecdsa_test.c:97: struct s2n_pkey unmatched_priv_key;
./tests/unit/s2n_handshake_test.c:101: struct s2n_cipher_preferences server_cipher_preferences;
./tests/unit/s2n_hash_test.c:34: struct s2n_stuffer output;
./tests/unit/s2n_hkdf_test.c:522: struct s2n_hmac_state hmac;
./tests/unit/s2n_hmac_test.c:31: struct s2n_stuffer output;
./tests/unit/s2n_map_test.c:28: struct s2n_blob key;
./tests/unit/s2n_map_test.c:29: struct s2n_blob val;
./tests/unit/s2n_mutual_auth_test.c:146: struct s2n_cipher_preferences server_cipher_preferences;
./tests/unit/s2n_mutual_auth_test.c:151: struct s2n_stuffer client_to_server;
./tests/unit/s2n_mutual_auth_test.c:152: struct s2n_stuffer server_to_client;
./tests/unit/s2n_mutual_auth_test.c:228: struct s2n_cipher_preferences server_cipher_preferences;
./tests/unit/s2n_mutual_auth_test.c:233: struct s2n_stuffer client_to_server;
./tests/unit/s2n_mutual_auth_test.c:234: struct s2n_stuffer server_to_client;
./tests/unit/s2n_mutual_auth_test.c:306: struct s2n_cipher_preferences server_cipher_preferences;
./tests/unit/s2n_mutual_auth_test.c:311: struct s2n_stuffer client_to_server;
./tests/unit/s2n_mutual_auth_test.c:312: struct s2n_stuffer server_to_client;
./tests/unit/s2n_mutual_auth_test.c:387: struct s2n_cipher_preferences server_cipher_preferences;
./tests/unit/s2n_mutual_auth_test.c:392: struct s2n_stuffer client_to_server;
./tests/unit/s2n_mutual_auth_test.c:393: struct s2n_stuffer server_to_client;
./tests/unit/s2n_optional_client_auth_test.c:111: struct s2n_cipher_preferences server_cipher_preferences;
./tests/unit/s2n_optional_client_auth_test.c:182: struct s2n_cipher_preferences server_cipher_preferences;
./tests/unit/s2n_optional_client_auth_test.c:249: struct s2n_cipher_preferences server_cipher_preferences;
./tests/unit/s2n_optional_client_auth_test.c:326: struct s2n_cipher_preferences server_cipher_preferences;
./tests/unit/s2n_optional_client_auth_test.c:413: struct s2n_cipher_preferences server_cipher_preferences;
./tests/unit/s2n_override_openssl_random_test.c:34: struct s2n_dh_params dh_params;
./tests/unit/s2n_override_openssl_random_test.c:35: struct s2n_blob b;
./tests/unit/s2n_pem_rsa_dhe_test.c:64: struct s2n_blob b;
./tests/unit/s2n_pem_rsa_dhe_test.c:104: struct s2n_pkey priv_key;
./tests/unit/s2n_pem_rsa_dhe_test.c:105: struct s2n_pkey pub_key;
./tests/unit/s2n_pem_rsa_dhe_test.c:122: struct s2n_dh_params dh_params;
./tests/unit/s2n_pem_rsa_dhe_test.c:131: struct s2n_blob signature;
./tests/unit/s2n_record_test.c:75: struct s2n_hmac_state check_mac;
./tests/unit/s2n_self_talk_client_hello_cb_test.c:191: struct client_hello_context client_hello_ctx;
./tests/unit/s2n_self_talk_nonblocking_test.c:120: struct s2n_blob blob;
./tests/unit/s2n_ssl_prf_test.c:43: struct s2n_stuffer client_random_in;
./tests/unit/s2n_ssl_prf_test.c:44: struct s2n_stuffer server_random_in;
./tests/unit/s2n_ssl_prf_test.c:45: struct s2n_stuffer premaster_secret_in;
./tests/unit/s2n_ssl_prf_test.c:46: struct s2n_stuffer master_secret_hex_out;
./tests/unit/s2n_ssl_prf_test.c:48: struct s2n_blob pms;
./tests/unit/s2n_stuffer_hex_test.c:26: struct s2n_stuffer stuffer;
./tests/unit/s2n_stuffer_test.c:25: struct s2n_stuffer stuffer;
./tests/unit/s2n_stuffer_text_test.c:114: struct s2n_stuffer lstuffer;
./tests/unit/s2n_timer_test.c:33: struct s2n_timer timer;
./tests/unit/s2n_tls_prf_test.c:43: struct s2n_stuffer client_random_in;
./tests/unit/s2n_tls_prf_test.c:44: struct s2n_stuffer server_random_in;
./tests/unit/s2n_tls_prf_test.c:45: struct s2n_stuffer premaster_secret_in;
./tests/unit/s2n_tls_prf_test.c:46: struct s2n_stuffer master_secret_hex_out;
./tests/unit/s2n_tls_prf_test.c:48: struct s2n_blob pms;
./tests/unit/s2n_tls_record_stuffer_test.c:28: struct s2n_record_stuffer writer;
./tests/unit/s2n_x509_validator_test.c:110: struct s2n_x509_trust_store trust_store;
./tests/unit/s2n_x509_validator_test.c:118: struct s2n_x509_trust_store trust_store;
./tests/unit/s2n_x509_validator_test.c:128: struct s2n_x509_trust_store trust_store;
./tests/unit/s2n_x509_validator_test.c:142: struct s2n_x509_trust_store trust_store;
./tests/unit/s2n_x509_validator_test.c:152: struct s2n_x509_trust_store trust_store;
./tests/unit/s2n_x509_validator_test.c:164: struct s2n_x509_validator validator;
./tests/unit/s2n_x509_validator_test.c:170: struct s2n_stuffer chain_stuffer;
./tests/unit/s2n_x509_validator_test.c:175: struct s2n_pkey public_key_out;
./tests/unit/s2n_x509_validator_test.c:189: struct s2n_x509_validator validator;
./tests/unit/s2n_x509_validator_test.c:195: struct s2n_stuffer chain_stuffer;
./tests/unit/s2n_x509_validator_test.c:201: struct s2n_pkey public_key_out;
./tests/unit/s2n_x509_validator_test.c:215: struct s2n_x509_trust_store trust_store;
./tests/unit/s2n_x509_validator_test.c:218: struct s2n_x509_validator validator;
./tests/unit/s2n_x509_validator_test.c:228: struct s2n_x509_trust_store trust_store;
./tests/unit/s2n_x509_validator_test.c:237: struct s2n_x509_validator validator;
./tests/unit/s2n_x509_validator_test.c:242: struct s2n_stuffer chain_stuffer;
./tests/unit/s2n_x509_validator_test.c:247: struct s2n_pkey public_key_out;
./tests/unit/s2n_x509_validator_test.c:264: struct s2n_x509_trust_store trust_store;
./tests/unit/s2n_x509_validator_test.c:268: struct s2n_x509_validator validator;
./tests/unit/s2n_x509_validator_test.c:279: struct s2n_stuffer chain_stuffer;
./tests/unit/s2n_x509_validator_test.c:284: struct s2n_pkey public_key_out;
./tests/unit/s2n_x509_validator_test.c:301: struct s2n_x509_trust_store trust_store;
./tests/unit/s2n_x509_validator_test.c:311: struct s2n_x509_validator validator;
./tests/unit/s2n_x509_validator_test.c:322: struct s2n_stuffer chain_stuffer;
./tests/unit/s2n_x509_validator_test.c:327: struct s2n_pkey public_key_out;
./tests/unit/s2n_x509_validator_test.c:343: struct s2n_x509_trust_store trust_store;
./tests/unit/s2n_x509_validator_test.c:347: struct s2n_x509_validator validator;
./tests/unit/s2n_x509_validator_test.c:358: struct s2n_stuffer chain_stuffer;
./tests/unit/s2n_x509_validator_test.c:364: struct s2n_pkey public_key_out;
./tests/unit/s2n_x509_validator_test.c:381: struct s2n_x509_trust_store trust_store;
./tests/unit/s2n_x509_validator_test.c:385: struct s2n_x509_validator validator;
./tests/unit/s2n_x509_validator_test.c:396: struct s2n_stuffer chain_stuffer;
./tests/unit/s2n_x509_validator_test.c:404: struct s2n_pkey public_key_out;
./tests/unit/s2n_x509_validator_test.c:422: struct s2n_x509_trust_store trust_store;
./tests/unit/s2n_x509_validator_test.c:426: struct s2n_x509_validator validator;
./tests/unit/s2n_x509_validator_test.c:437: struct s2n_stuffer chain_stuffer;
./tests/unit/s2n_x509_validator_test.c:443: struct s2n_pkey public_key_out;
./tests/unit/s2n_x509_validator_test.c:459: struct s2n_x509_trust_store trust_store;
./tests/unit/s2n_x509_validator_test.c:465: struct s2n_x509_validator validator;
./tests/unit/s2n_x509_validator_test.c:474: struct s2n_stuffer chain_stuffer;
./tests/unit/s2n_x509_validator_test.c:479: struct s2n_pkey public_key_out;
./tests/unit/s2n_x509_validator_test.c:494: struct s2n_x509_trust_store trust_store;
./tests/unit/s2n_x509_validator_test.c:506: struct s2n_x509_validator validator;
./tests/unit/s2n_x509_validator_test.c:515: struct s2n_stuffer chain_stuffer;
./tests/unit/s2n_x509_validator_test.c:520: struct s2n_pkey public_key_out;
./tests/unit/s2n_x509_validator_test.c:534: struct s2n_x509_trust_store trust_store;
./tests/unit/s2n_x509_validator_test.c:540: struct s2n_x509_validator validator;
./tests/unit/s2n_x509_validator_test.c:549: struct s2n_stuffer chain_stuffer;
./tests/unit/s2n_x509_validator_test.c:554: struct s2n_pkey public_key_out;
./tests/unit/s2n_x509_validator_test.c:571: struct s2n_x509_trust_store trust_store;
./tests/unit/s2n_x509_validator_test.c:583: struct s2n_x509_validator validator;
./tests/unit/s2n_x509_validator_test.c:592: struct s2n_stuffer chain_stuffer;
./tests/unit/s2n_x509_validator_test.c:597: struct s2n_pkey public_key_out;
./tests/unit/s2n_x509_validator_test.c:615: struct s2n_x509_trust_store trust_store;
./tests/unit/s2n_x509_validator_test.c:620: struct s2n_x509_validator validator;
./tests/unit/s2n_x509_validator_test.c:630: struct s2n_stuffer chain_stuffer;
./tests/unit/s2n_x509_validator_test.c:635: struct s2n_pkey public_key_out;
./tests/unit/s2n_x509_validator_test.c:656: struct s2n_x509_trust_store trust_store;
./tests/unit/s2n_x509_validator_test.c:662: struct s2n_x509_validator validator;
./tests/unit/s2n_x509_validator_test.c:672: struct s2n_stuffer chain_stuffer;
./tests/unit/s2n_x509_validator_test.c:677: struct s2n_pkey public_key_out;
./tests/unit/s2n_x509_validator_test.c:698: struct s2n_x509_trust_store trust_store;
./tests/unit/s2n_x509_validator_test.c:704: struct s2n_x509_validator validator;
./tests/unit/s2n_x509_validator_test.c:714: struct s2n_stuffer chain_stuffer;
./tests/unit/s2n_x509_validator_test.c:719: struct s2n_pkey public_key_out;
./tests/unit/s2n_x509_validator_test.c:738: struct s2n_x509_trust_store trust_store;
./tests/unit/s2n_x509_validator_test.c:742: struct s2n_x509_validator validator;
./tests/unit/s2n_x509_validator_test.c:753: struct s2n_stuffer chain_stuffer;
./tests/unit/s2n_x509_validator_test.c:758: struct s2n_pkey public_key_out;
./tests/unit/s2n_x509_validator_test.c:766: struct s2n_stuffer ocsp_data_stuffer;
./tests/unit/s2n_x509_validator_test.c:782: struct s2n_x509_trust_store trust_store;
./tests/unit/s2n_x509_validator_test.c:792: struct s2n_x509_validator validator;
./tests/unit/s2n_x509_validator_test.c:803: struct s2n_stuffer chain_stuffer;
./tests/unit/s2n_x509_validator_test.c:808: struct s2n_pkey public_key_out;
./tests/unit/s2n_x509_validator_test.c:816: struct s2n_stuffer ocsp_data_stuffer;
./tests/unit/s2n_x509_validator_test.c:831: struct s2n_x509_trust_store trust_store;
./tests/unit/s2n_x509_validator_test.c:835: struct s2n_x509_validator validator;
./tests/unit/s2n_x509_validator_test.c:845: struct s2n_stuffer chain_stuffer;
./tests/unit/s2n_x509_validator_test.c:850: struct s2n_pkey public_key_out;
./tests/unit/s2n_x509_validator_test.c:866: struct s2n_x509_trust_store trust_store;
./tests/unit/s2n_x509_validator_test.c:870: struct s2n_x509_validator validator;
./tests/unit/s2n_x509_validator_test.c:880: struct s2n_stuffer chain_stuffer;
./tests/unit/s2n_x509_validator_test.c:885: struct s2n_pkey public_key_out;
./tests/unit/s2n_x509_validator_test.c:901: struct s2n_x509_trust_store trust_store;
./tests/unit/s2n_x509_validator_test.c:905: struct s2n_x509_validator validator;
./tests/unit/s2n_x509_validator_test.c:915: struct s2n_stuffer chain_stuffer;
./tests/unit/s2n_x509_validator_test.c:920: struct s2n_pkey public_key_out;
./tests/unit/s2n_x509_validator_test.c:936: struct s2n_x509_trust_store trust_store;
./tests/unit/s2n_x509_validator_test.c:940: struct s2n_x509_validator validator;
./tests/unit/s2n_x509_validator_test.c:948: struct s2n_stuffer chain_stuffer;
./tests/unit/s2n_x509_validator_test.c:953: struct s2n_pkey public_key_out;
./tests/unit/s2n_x509_validator_test.c:969: struct s2n_x509_trust_store trust_store;
./tests/unit/s2n_x509_validator_test.c:973: struct s2n_x509_validator validator;
./tests/unit/s2n_x509_validator_test.c:984: struct s2n_stuffer chain_stuffer;
./tests/unit/s2n_x509_validator_test.c:989: struct s2n_pkey public_key_out;
./tests/unit/s2n_x509_validator_test.c:1000: struct s2n_stuffer ocsp_data_stuffer;
./tests/unit/s2n_x509_validator_test.c:1017: struct s2n_x509_trust_store trust_store;
./tests/unit/s2n_x509_validator_test.c:1021: struct s2n_x509_validator validator;
./tests/unit/s2n_x509_validator_test.c:1032: struct s2n_stuffer chain_stuffer;
./tests/unit/s2n_x509_validator_test.c:1037: struct s2n_pkey public_key_out;
./tests/unit/s2n_x509_validator_test.c:1048: struct s2n_stuffer ocsp_data_stuffer;
./tests/unit/s2n_x509_validator_test.c:1067: struct s2n_x509_trust_store trust_store;
./tests/unit/s2n_x509_validator_test.c:1071: struct s2n_x509_validator validator;
./tests/unit/s2n_x509_validator_test.c:1082: struct s2n_stuffer chain_stuffer;
./tests/unit/s2n_x509_validator_test.c:1087: struct s2n_pkey public_key_out;
./tests/unit/s2n_x509_validator_test.c:1095: struct s2n_stuffer ocsp_data_stuffer;
./tls/s2n_client_cert.c:34: struct s2n_blob client_cert_chain;
./tls/s2n_client_cert_verify.c:42: struct s2n_blob signature;
./tls/s2n_client_cert_verify.c:47: struct s2n_hash_state hash_state;
./tls/s2n_client_cert_verify.c:81: struct s2n_hash_state hash_state;
./tls/s2n_client_cert_verify.c:84: struct s2n_blob signature;
./tls/s2n_client_extensions.c:113: struct s2n_blob server_name;
./tls/s2n_client_extensions.c:182: struct s2n_stuffer extension;
./tls/s2n_client_extensions.c:270: struct s2n_stuffer client_protos;
./tls/s2n_client_extensions.c:271: struct s2n_stuffer server_protos;
./tls/s2n_client_extensions.c:344: struct s2n_blob proposed_curves;
./tls/s2n_client_hello.c:259: struct s2n_stuffer in;
./tls/s2n_client_hello.c:323: struct s2n_stuffer client_random;
./tls/s2n_client_hello.c:425: struct s2n_blob b;
./tls/s2n_client_hello.c:445: struct s2n_client_hello_parsed_extension search;
./tls/s2n_client_hello.c:463: struct s2n_client_hello_parsed_extension parsed_extension;
./tls/s2n_client_hello.c:478: struct s2n_client_hello_parsed_extension parsed_extension;
./tls/s2n_client_key_exchange.c:92: struct s2n_blob shared_key;
./tls/s2n_client_key_exchange.c:138: struct s2n_blob shared_key;
./tls/s2n_client_key_exchange.c:177: struct s2n_blob pms;
./tls/s2n_client_key_exchange.c:193: struct s2n_blob encrypted;
./tls/s2n_config.c:36: struct timespec current_time;
./tls/s2n_config.c:48: struct timespec current_time;
./tls/s2n_config.c:65:static struct s2n_config s2n_default_config;
./tls/s2n_config.c:68:static struct s2n_config s2n_unsafe_client_testing_config;
./tls/s2n_config.c:70:static struct s2n_config s2n_unsafe_client_ecdsa_testing_config;
./tls/s2n_config.c:72:static struct s2n_config default_client_config;
./tls/s2n_config.c:74:static struct s2n_config s2n_default_fips_config;
./tls/s2n_config.c:227: struct s2n_blob allocator;
./tls/s2n_config.c:297: struct s2n_stuffer protocol_stuffer;
./tls/s2n_config.c:427: struct s2n_stuffer cert_out_stuffer;
./tls/s2n_config.c:442: struct s2n_blob mem;
./tls/s2n_config.c:470: struct s2n_stuffer chain_in_stuffer;
./tls/s2n_config.c:484: struct s2n_blob key_blob;
./tls/s2n_config.c:508: struct s2n_blob mem;
./tls/s2n_config.c:523: struct s2n_pkey public_key;
./tls/s2n_config.c:543: struct s2n_blob mem;
./tls/s2n_connection.c:140: struct s2n_blob blob;
./tls/s2n_connection.c:534: struct s2n_stuffer alert_in;
./tls/s2n_connection.c:535: struct s2n_stuffer reader_alert_out;
./tls/s2n_connection.c:536: struct s2n_stuffer writer_alert_out;
./tls/s2n_connection.c:537: struct s2n_stuffer handshake_io;
./tls/s2n_connection.c:538: struct s2n_stuffer client_hello_raw_message;
./tls/s2n_connection.c:539: struct s2n_stuffer header_in;
./tls/s2n_connection.c:540: struct s2n_stuffer in;
./tls/s2n_connection.c:541: struct s2n_stuffer out;
./tls/s2n_connection.c:543: struct s2n_session_key initial_client_key;
./tls/s2n_connection.c:544: struct s2n_session_key initial_server_key;
./tls/s2n_connection.c:545: struct s2n_session_key secure_client_key;
./tls/s2n_connection.c:546: struct s2n_session_key secure_server_key;
./tls/s2n_connection.c:548: struct s2n_connection_prf_handles prf_handles;
./tls/s2n_connection.c:549: struct s2n_connection_hash_handles hash_handles;
./tls/s2n_connection.c:550: struct s2n_connection_hmac_handles hmac_handles;
./tls/s2n_connection.c:738: struct s2n_blob ctx_mem;
./tls/s2n_connection.c:760: struct s2n_blob ctx_mem;
./tls/s2n_connection.c:885: struct s2n_client_hello_parsed_extension parsed_extension;
./tls/s2n_connection.c:889: struct s2n_stuffer extension;
./tls/s2n_handshake_io.c:418: struct s2n_blob out;
./tls/s2n_handshake_io.c:501: struct s2n_blob handshake_record;
./tls/s2n_prf.c:363: struct s2n_blob label;
./tls/s2n_prf.c:444: struct s2n_blob client_finished;
./tls/s2n_prf.c:445: struct s2n_blob label;
./tls/s2n_prf.c:497: struct s2n_blob server_finished;
./tls/s2n_prf.c:498: struct s2n_blob label;
./tls/s2n_prf.c:546: struct s2n_blob client_key;
./tls/s2n_prf.c:562: struct s2n_blob server_key;
./tls/s2n_prf.c:590: struct s2n_stuffer key_material;
./tls/s2n_record_read_aead.c:54: struct s2n_stuffer iv_stuffer;
./tls/s2n_record_read_aead.c:83: struct s2n_stuffer ad_stuffer;
./tls/s2n_record_write.c:177: struct s2n_stuffer iv_stuffer;
./tls/s2n_record_write.c:205: struct s2n_stuffer ad_stuffer;
./tls/s2n_record_write.c:276: struct s2n_blob en;
./tls/s2n_resume.c:179: struct s2n_stuffer from;
./tls/s2n_resume.c:208: struct s2n_stuffer to;
./tls/s2n_resume.c:236: struct s2n_blob session_data;
./tls/s2n_resume.c:240: struct s2n_stuffer from;
./tls/s2n_resume.c:266: struct s2n_blob serailized_data;
./tls/s2n_resume.c:271: struct s2n_stuffer to;
./tls/s2n_send.c:64: struct s2n_blob alert;
./tls/s2n_send.c:77: struct s2n_blob alert;
./tls/s2n_server_cert.c:37: struct s2n_blob cert_chain;
./tls/s2n_server_extensions.c:127: struct s2n_stuffer in;
./tls/s2n_server_extensions.c:133: struct s2n_blob ext;
./tls/s2n_server_extensions.c:135: struct s2n_stuffer extension;
./tls/s2n_server_hello.c:99: struct s2n_blob extensions;
./tls/s2n_server_hello.c:130: struct s2n_stuffer server_random;
./tls/s2n_server_key_exchange.c:51: struct s2n_blob ecdhparams;
./tls/s2n_server_key_exchange.c:52: struct s2n_blob signature;
./tls/s2n_server_key_exchange.c:163: struct s2n_blob ecdhparams;
./tls/s2n_server_key_exchange.c:218: struct s2n_blob signature;
./tls/s2n_x509_validator.c:90: struct s2n_stuffer pem_in_stuffer;
./tls/s2n_x509_validator.c:91: struct s2n_stuffer der_out_stuffer;
./tls/s2n_x509_validator.c:92: struct s2n_blob next_cert;
./tls/s2n_x509_validator.c:285: struct s2n_stuffer cert_chain_in_stuffer;
./tls/s2n_x509_validator.c:298: struct s2n_pkey public_key;
./tls/s2n_x509_validator.c:312: struct s2n_blob asn1cert;
./utils/s2n_array.c:43: struct s2n_blob mem;
./utils/s2n_array.c:94: struct s2n_blob mem;
./utils/s2n_asn1_time.c:56: struct tm time_ptr;
./utils/s2n_asn1_time.c:70: struct tm time;
./utils/s2n_map.c:33: struct s2n_blob key;
./utils/s2n_map.c:34: struct s2n_blob value;
./utils/s2n_map.c:50: struct s2n_hash_state sha256;
./utils/s2n_map.c:70: struct s2n_blob mem;
./utils/s2n_map.c:71: struct s2n_map tmp;
./utils/s2n_map.c:109: struct s2n_blob mem;
./utils/s2n_map.c:228: struct s2n_blob mem;
./utils/s2n_random.c:325: struct s2n_stuffer stuffer;
Just an idea: Maybe GCC's MemorySanitizer
can help as well. (That strategy would require extremely good test coverage though.. e.g. the bug I encountered would only have been found if a test triggered the early goto, which is something that isn't even captured by the typical %-SLOC-coverage metric..)
Looks like there's still one uninitialized struct left after #791 got merged.
$ grep -En "struct [a-z0-9_]+ [a-z0-9_]+;" --include=\*.c -r api -r bin -r crypto -r error -r stuffer -r tls -r utils
bin/s2nc.c:225: struct verify_data unsafe_verify_data;
$ grep -En "struct [a-zA-Z0-9_]+ [a-zA-Z0-9_]+;" -r api -r bin -r crypto -r error -r stuffer -r tls -r utils --include="*.c"
bin/s2nc.c:235: struct verify_data unsafe_verify_data;
bin/s2nd.c:761: struct stat st;
crypto/s2n_dhe.c:254: struct s2n_blob Yc;
tls/s2n_server_new_session_ticket.c:53: struct s2n_stuffer to;
tls/s2n_resume.c:469: struct s2n_session_key aes_ticket_key;
tls/s2n_resume.c:470: struct s2n_blob aes_key_blob;
tls/s2n_resume.c:477: struct s2n_stuffer aad;
tls/s2n_resume.c:481: struct s2n_stuffer state;
tls/s2n_resume.c:518: struct s2n_session_key aes_ticket_key;
tls/s2n_resume.c:519: struct s2n_blob aes_key_blob;
tls/s2n_resume.c:529: struct s2n_stuffer aad;
tls/s2n_resume.c:533: struct s2n_stuffer state;
utils/s2n_socket.c:193: struct sockaddr_storage addr;
This should also be possible by using clang with the -Wsometimes-uninitialized
flag.
Tried Clang's -Wsometimes-uninitialized
and it doesn't catch https://github.com/awslabs/s2n/pull/2258. Still don't know of a good way to force the compiler to warn for these so that we can fix them all just to be safe.
Here's a grep command that uncovers likely places where we aren't initializing variables when we define them, but is probably noisy with false positives and negatives.
$ grep -En "[a-z0-9_]*int[a-z0-9_]* [a-zA-Z0-9_]+;" -r bin -r crypto -r error -r stuffer -r tls -r utils --include='*.c'
bin/echo.c:90: int client_hello_version;
bin/echo.c:91: int client_protocol_version;
bin/echo.c:92: int server_protocol_version;
bin/echo.c:93: int actual_protocol_version;
bin/echo.c:128: uint32_t length;
bin/echo.c:155: int p;
bin/s2nd.c:159: uint8_t key_len;
bin/s2nd.c:161: uint8_t value_len;
bin/s2nd.c:311: uint32_t https_bench;
bin/s2nd.c:312: int max_conns;
bin/s2nd.c:720: uint32_t st_key_length;
bin/s2nd.c:760: int fd;
crypto/s2n_hmac.c:295: uint64_t bytes_in_hash;
crypto/s2n_ecdsa.c:49: uint8_t digest_length;
crypto/s2n_ecdsa.c:74: uint8_t digest_length;
crypto/s2n_rsa_signing.c:58: uint8_t digest_length;
crypto/s2n_rsa_signing.c:59: int NID_type;
crypto/s2n_rsa_signing.c:79: uint8_t digest_length;
crypto/s2n_rsa_signing.c:80: int digest_NID_type;
crypto/s2n_rsa_signing.c:142: uint8_t digest_length;
crypto/s2n_rsa_signing.c:175: uint8_t digest_length;
crypto/s2n_pkey.c:143: int ret;
crypto/s2n_pkey.c:195: int ret;
crypto/s2n_hash.c:351: uint8_t expected_digest_size;
crypto/s2n_hash.c:356: uint8_t sha1_digest_size;
crypto/s2n_hash.c:357: unsigned int sha1_primary_digest_size;
crypto/s2n_hash.c:358: unsigned int md5_secondary_digest_size;
crypto/s2n_hash.c:585: uint64_t hash_block_size;
crypto/s2n_aead_cipher_chacha20_poly1305.c:57: int out_len;
crypto/s2n_aead_cipher_chacha20_poly1305.c:93: int out_len;
crypto/s2n_aead_cipher_aes_gcm.c:49: int out_len;
crypto/s2n_aead_cipher_aes_gcm.c:81: int out_len;
crypto/s2n_ecc_evp.c:207: uint8_t client_public_len;
crypto/s2n_ecc_evp.c:316: uint8_t curve_type;
crypto/s2n_ecc_evp.c:317: uint8_t point_length;
crypto/s2n_ecc_evp.c:363: uint8_t point_len;
crypto/s2n_ecc_evp.c:473: uint16_t iana_id;
crypto/s2n_dhe.c:211: uint16_t client_pub_key_size;
crypto/s2n_dhe.c:212: int shared_key_size;
crypto/s2n_dhe.c:253: uint16_t Yc_length;
crypto/s2n_dhe.c:255: int shared_key_size;
crypto/s2n_hkdf.c:36: uint8_t hmac_size;
crypto/s2n_hkdf.c:54: uint8_t hash_len;
crypto/s2n_hkdf.c:64: uint32_t cat_len;
error/s2n_errno.c:31:__thread int s2n_errno;
stuffer/s2n_stuffer_pem.c:131: int rc;
stuffer/s2n_stuffer_file.c:95: int fd;
tls/s2n_resume.c:47: uint64_t now;
tls/s2n_resume.c:66: uint8_t format;
tls/s2n_resume.c:67: uint8_t protocol_version;
tls/s2n_resume.c:81: uint64_t now;
tls/s2n_resume.c:84: uint64_t then;
tls/s2n_resume.c:121: uint8_t format;
tls/s2n_resume.c:122: uint64_t then;
tls/s2n_resume.c:145: uint8_t session_id_len;
tls/s2n_resume.c:163: uint16_t session_ticket_len;
tls/s2n_resume.c:180: uint8_t format;
tls/s2n_resume.c:319: uint64_t now;
tls/s2n_resume.c:403: uint64_t now;
tls/s2n_resume.c:431: int8_t idx;
tls/s2n_resume.c:443: uint64_t now;
tls/s2n_resume.c:581: uint64_t now;
tls/s2n_resume.c:679: uint64_t now;
tls/s2n_server_key_exchange.c:70: uint16_t signature_length;
tls/s2n_server_key_exchange.c:108: uint16_t p_length;
tls/s2n_server_key_exchange.c:109: uint16_t g_length;
tls/s2n_server_key_exchange.c:110: uint16_t Ys_length;
tls/s2n_change_cipher_spec.c:33: uint8_t type;
tls/s2n_send.c:37: int w;
tls/s2n_send.c:138: uint64_t elapsed;
tls/s2n_record_read_stream.c:50: uint8_t mac_digest_size;
tls/s2n_record_read_composite.c:54: uint8_t mac_digest_size;
tls/s2n_record_write.c:36:extern uint8_t s2n_unknown_protocol_version;
tls/s2n_record_write.c:49: uint8_t extra;
tls/s2n_record_write.c:226: uint8_t mac_digest_size;
tls/s2n_record_write.c:282: int pad_and_mac_len;
tls/s2n_client_key_exchange.c:111: uint16_t length;
tls/s2n_recv.c:43: int r;
tls/s2n_recv.c:76: uint16_t fragment_length;
tls/s2n_recv.c:149: uint8_t record_type;
tls/s2n_recv.c:228: uint8_t record_type;
tls/s2n_recv.c:229: int isSSLv2;
tls/s2n_x509_validator.c:422: int i;
tls/s2n_x509_validator.c:453: int status_reason;
tls/s2n_cbc.c:56: uint8_t mac_digest_size;
tls/s2n_key_update.c:35: uint8_t key_update_request;
tls/s2n_server_cert_request.c:68: uint8_t cert_types_len;
tls/s2n_server_cert_request.c:106: uint8_t request_context_length;
tls/s2n_prf.c:264: uint8_t digest_size;
tls/s2n_prf.c:631: uint8_t mac_size;
tls/s2n_client_cert_verify.c:39: uint16_t signature_size;
tls/s2n_shutdown.c:34: uint64_t elapsed;
tls/s2n_record_read.c:116: uint8_t content_type;
tls/s2n_record_read.c:117: uint16_t encrypted_length;
tls/s2n_server_new_session_ticket.c:36: uint16_t session_ticket_len;
tls/s2n_connection.c:927: uint8_t ipv6;
tls/s2n_connection.c:1129: uint64_t elapsed;
tls/s2n_connection.c:1160: int r;
tls/extensions/s2n_server_alpn.c:62: uint16_t size_of_all;
tls/extensions/s2n_server_alpn.c:69: uint8_t protocol_len;
tls/extensions/s2n_client_status_request.c:70: uint8_t type;
tls/extensions/s2n_server_renegotiation_info.c:57: uint8_t renegotiated_connection_len;
tls/extensions/s2n_cookie.c:67: uint16_t cookie_len;
tls/extensions/s2n_server_key_share.c:109: uint16_t received_total_share_size;
tls/extensions/s2n_server_key_share.c:121: uint16_t ecc_share_size;
tls/extensions/s2n_server_key_share.c:169: uint16_t share_size;
tls/extensions/s2n_client_supported_versions.c:62: uint8_t minimum_supported_version;
tls/extensions/s2n_client_supported_versions.c:78: uint8_t minimum_supported_version;
tls/extensions/s2n_client_supported_versions.c:81: uint8_t size_of_version_list;
tls/extensions/s2n_client_supported_versions.c:138: uint8_t minimum_supported_version;
tls/extensions/s2n_client_alpn.c:62: uint16_t size_of_all;
tls/extensions/s2n_client_alpn.c:92: uint8_t length;
tls/extensions/s2n_client_alpn.c:98: uint8_t client_length;
tls/extensions/s2n_client_renegotiation_info.c:38: uint8_t renegotiated_connection_len;
tls/extensions/s2n_client_key_share.c:184: uint16_t key_shares_size;
tls/extensions/s2n_client_key_share.c:191: uint32_t supported_curve_index;
tls/extensions/s2n_server_certificate_status.c:62: uint8_t type;
tls/extensions/s2n_server_certificate_status.c:69: uint32_t status_size;
tls/extensions/s2n_client_pq_kem.c:63: uint16_t size_of_all;
tls/extensions/s2n_client_server_name.c:65: uint16_t size_of_all;
tls/extensions/s2n_client_server_name.c:69: uint8_t server_name_type;
tls/extensions/s2n_client_server_name.c:90: uint16_t server_name_len;
tls/extensions/s2n_server_max_fragment_length.c:57: uint8_t mfl_code;
tls/extensions/s2n_client_supported_groups.c:82: uint16_t size_of_all;
tls/extensions/s2n_client_supported_groups.c:117: uint16_t iana_id;
tls/extensions/s2n_client_max_frag_len.c:54: uint8_t mfl_code;
tls/extensions/s2n_server_supported_versions.c:64: uint8_t minimum_supported_version;
tls/extensions/s2n_extension_list.c:127: uint16_t extension_type;
tls/extensions/s2n_extension_list.c:131: uint16_t extension_size;
tls/extensions/s2n_extension_list.c:165: uint16_t total_extensions_size;
tls/s2n_client_cert.c:34: uint8_t certificate_request_context_len;
tls/s2n_config.c:796: uint64_t now;
tls/s2n_server_cert.c:29: uint8_t certificate_request_context_len;
tls/s2n_server_cert.c:34: uint32_t size_of_all_certificates;
tls/s2n_post_handshake.c:31: uint8_t post_handshake_id;
tls/s2n_post_handshake.c:32: uint32_t message_length;
tls/s2n_client_hello.c:385: uint16_t cipher_suites_length;
tls/s2n_client_hello.c:390: uint16_t session_id_length;
tls/s2n_client_hello.c:393: uint16_t challenge_length;
tls/s2n_tls13_certificate_verify.c:171: uint16_t signature_size;
tls/s2n_record_read_cbc.c:63: uint8_t mac_digest_size;
tls/s2n_server_hello.c:109: uint8_t compression_method;
tls/s2n_server_hello.c:110: uint8_t session_id_len;
tls/s2n_handshake_io.c:45: uint8_t record_type;
tls/s2n_handshake_io.c:46: uint8_t message_type;
tls/s2n_handshake_io.c:763: uint32_t handshake_message_length;
tls/s2n_handshake_io.c:787: uint8_t message_type;
tls/s2n_handshake_io.c:788: uint32_t handshake_message_length;
tls/s2n_handshake_io.c:877: uint8_t record_type;
tls/s2n_handshake_io.c:878: int isSSLv2;
tls/s2n_handshake_io.c:934: int r;
tls/s2n_handshake_io.c:935: uint8_t actual_handshake_message_type;
tls/s2n_signature_algorithms.c:130: uint16_t actual_iana_val;
tls/s2n_signature_algorithms.c:260: uint16_t length_of_all_pairs;
utils/s2n_rfc5952.c:113: int j;
utils/s2n_map.c:197: uint32_t slot;
utils/s2n_array.c:38: uint32_t mem_needed;
utils/s2n_array.c:43: uint32_t array_elements_size;
utils/s2n_array.c:103: uint32_t new_capacity;
utils/s2n_mem.c:95: uint32_t allocate;
utils/s2n_timer.c:31: uint64_t current_time;
utils/s2n_random.c:183: uint64_t r;
utils/s2n_random.c:357: uint64_t u64;
utils/s2n_random.c:361: uint32_t u_low;
utils/s2n_random.c:362: uint32_t u_high;
Looks like SonarQube has checks for this, and they have a GitHub integration:
Problem: The bug from https://github.com/awslabs/s2n/pull/786 was caused due to an uninitialized struct value (missing
= {0}
). We should find a way to enforce all values are initialized.Proposed Solution: Investigate tools to catch this issue, and add one that fails the build if any are found. We already have the
-Wuninitialized
flag in ourDEFAULT_CFLAGS
, but it didn't catch this issue.One possible solution is to ensure the following grep is empty on every Travis build, which would catch the obvious cases: