zeroize struct image in packet_id_persist_save() before writing to disk

cron2 · cron2 · commit c58b6e73c350 · 2025-10-29T08:09:13.000+01:00
while this really is only a debug function, ensuring that no uninitialized heap content ends up in padding in the structure and thus to disk is good practice. Reported-by: Joshua Rogers <contact@joshua.hu> Found-by: ZeroPath (https://zeropath.com/) Change-Id: I7f4c7b0ca748975defca1e5104e7077a761cd49c Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Frank Lichtenheld <frank@lichtenheld.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1323 Message-Id: <20251028203156.11697-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg33983.html Signed-off-by: Gert Doering <gert@greenie.muc.de>
diff --git a/src/openvpn/packet_id.c b/src/openvpn/packet_id.c
@@ -511,6 +511,7 @@ packet_id_persist_save(struct packet_id_persist *p)
         && (p->time != p->time_last_written || p->id != p->id_last_written))
     {
         struct packet_id_persist_file_image image;
+        CLEAR(image);
         ssize_t n;
         off_t seek_ret;
         struct gc_arena gc = gc_new();

Original file line number	Diff line number	Diff line change
`@@ -511,6 +511,7 @@ packet_id_persist_save(struct packet_id_persist *p)`
`511`	`511`	`&& (p->time != p->time_last_written \|\| p->id != p->id_last_written))`
`512`	`512`	`{`
`513`	`513`	`struct packet_id_persist_file_image image;`
	`514`	`+ CLEAR(image);`
`514`	`515`	`ssize_t n;`
`515`	`516`	`off_t seek_ret;`
`516`	`517`	`struct gc_arena gc = gc_new();`