From d920b51b05140c6d250ae4f86f0769a9fbd2a265 Mon Sep 17 00:00:00 2001 From: Erik Boasson Date: Fri, 4 Jan 2019 10:43:51 +0100 Subject: [PATCH] fix uninitialised value propagating into key of topic discovery data used by WHC The only consequence is that the tkmap would probably map the same topic to a different iid each time one was written, or that a different topic would get mapped to some other iid. The latter would cause the WHC to overwrite the older topic. Actual damage is minimal as it would only result in incomplete topic discovery by OpenSplice. That it is mostly harmless today does not mean it couldn't cause any number of interesting surprises in the future. Signed-off-by: Erik Boasson --- src/core/ddsi/src/ddsi_serdata_default.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/core/ddsi/src/ddsi_serdata_default.c b/src/core/ddsi/src/ddsi_serdata_default.c index 5704241..23c0971 100644 --- a/src/core/ddsi/src/ddsi_serdata_default.c +++ b/src/core/ddsi/src/ddsi_serdata_default.c @@ -370,7 +370,7 @@ static struct ddsi_serdata *serdata_default_from_sample_plist (const struct ddsi case PID_GROUP_GUID: d->keyhash.m_set = 1; d->keyhash.m_iskey = 1; - memcpy (&d->keyhash.m_hash, rawkey, 16); + memcpy (d->keyhash.m_hash, rawkey, 16); #ifndef NDEBUG keysize = 16; #endif @@ -383,13 +383,14 @@ static struct ddsi_serdata *serdata_default_from_sample_plist (const struct ddsi md5_state_t md5st; md5_byte_t digest[16]; topic_name_sz = (uint32_t) strlen (topic_name) + 1; + topic_name_sz_BE = toBE4u (topic_name_sz); d->keyhash.m_set = 1; d->keyhash.m_iskey = 0; md5_init (&md5st); md5_append (&md5st, (const md5_byte_t *) &topic_name_sz_BE, sizeof (topic_name_sz_BE)); md5_append (&md5st, (const md5_byte_t *) topic_name, topic_name_sz); md5_finish (&md5st, digest); - memcpy (&d->keyhash.m_hash, digest, 16); + memcpy (d->keyhash.m_hash, digest, 16); #ifndef NDEBUG keysize = sizeof (uint32_t) + topic_name_sz; #endif