[Pkg-vsquare-devel] Bug#434071: vde2: vdeq/vdeqemu uses uninitialised variable for socket mode

[John Hughes]

Package: vde2
Version: 2.1.6+r154-1+b1
Severity: normal


In vdeq.c we have:

 mode_t mode;
[...]
 if (argc > 2 && (
                  (strcmp(argv[1],"--mod")==0) ||
                  (strcmp(argv[1],"-m")==0))
            ){
        sscanf(argv[2],"%o",&mode);
        argv+=2;
        argc-=2;
    }
[...]
  for (i=0; i<nb_nics; i++) {
                struct vde_open_args vdearg={ports[i],NULL,mode};
                conn[i]=vde_open(sockname[i],"vdeqemu",&vdearg);

so if the user doesn't give the --mod or -m option vde_open gets called 
with unitialised mode and so the socket gets chmoded to some 
unpredictable mode, which will stop everything working of it happens not 
to have write permission.

Fix is simple, initialise mode to zero on declaration.

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.21-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages vde2 depends on:
ii  adduser                  3.104           add and remove users and groups
ii  libc6                    2.6-2           GNU C Library: Shared libraries
ii  libvdeplug2              2.1.6+r154-1+b1 Virtual Distributed Ethernet - Plu

Versions of packages vde2 recommends:
ii  daemon                        0.6.3-1    turns other processes into daemons

-- no debconf information