zrhoffman / rpms / 389-ds-base

Forked from rpms/389-ds-base 3 years ago
Clone

Blame SOURCES/0008-Issue-51095-abort-operation-if-CSN-can-not-be-genera.patch

d69b2b
From 8d14ff153e9335b09739438344f9c3c78a496548 Mon Sep 17 00:00:00 2001
d69b2b
From: Mark Reynolds <mreynolds@redhat.com>
d69b2b
Date: Fri, 22 May 2020 10:42:11 -0400
d69b2b
Subject: [PATCH 08/12] Issue 51095 - abort operation if CSN can not be
d69b2b
 generated
d69b2b
d69b2b
Bug Description:  If we fail to get the system time then we were using an
d69b2b
                  uninitialized timespec struct which could lead to bizarre
d69b2b
                  times in CSN's.
d69b2b
d69b2b
Fix description:  Check if the system time function fails, and if it does
d69b2b
                  then abort the update operation.
d69b2b
d69b2b
relates: https://pagure.io/389-ds-base/issue/51095
d69b2b
d69b2b
Reviewed by: firstyear & tbordaz(Thanks!!)
d69b2b
---
d69b2b
 ldap/servers/plugins/replication/repl5.h      |  2 +-
d69b2b
 .../plugins/replication/repl5_replica.c       | 33 ++++++++------
d69b2b
 ldap/servers/slapd/back-ldbm/ldbm_add.c       |  8 +++-
d69b2b
 ldap/servers/slapd/back-ldbm/ldbm_delete.c    |  9 +++-
d69b2b
 ldap/servers/slapd/back-ldbm/ldbm_modify.c    | 10 ++++-
d69b2b
 ldap/servers/slapd/back-ldbm/ldbm_modrdn.c    |  8 +++-
d69b2b
 ldap/servers/slapd/csngen.c                   | 18 +++++++-
d69b2b
 ldap/servers/slapd/entrywsi.c                 | 15 ++++---
d69b2b
 ldap/servers/slapd/slap.h                     |  2 +-
d69b2b
 ldap/servers/slapd/slapi-plugin.h             |  8 ++++
d69b2b
 ldap/servers/slapd/slapi-private.h            |  5 ++-
d69b2b
 ldap/servers/slapd/time.c                     | 43 +++++++++++++------
d69b2b
 12 files changed, 118 insertions(+), 43 deletions(-)
d69b2b
d69b2b
diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h
d69b2b
index 72b7089e3..638471744 100644
d69b2b
--- a/ldap/servers/plugins/replication/repl5.h
d69b2b
+++ b/ldap/servers/plugins/replication/repl5.h
d69b2b
@@ -776,7 +776,7 @@ void replica_disable_replication(Replica *r);
d69b2b
 int replica_start_agreement(Replica *r, Repl_Agmt *ra);
d69b2b
 int windows_replica_start_agreement(Replica *r, Repl_Agmt *ra);
d69b2b
 
d69b2b
-CSN *replica_generate_next_csn(Slapi_PBlock *pb, const CSN *basecsn);
d69b2b
+int32_t replica_generate_next_csn(Slapi_PBlock *pb, const CSN *basecsn, CSN **opcsn);
d69b2b
 int replica_get_attr(Slapi_PBlock *pb, const char *type, void *value);
d69b2b
 
d69b2b
 /* mapping tree extensions manipulation */
d69b2b
diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c
d69b2b
index 02caa88d9..f01782330 100644
d69b2b
--- a/ldap/servers/plugins/replication/repl5_replica.c
d69b2b
+++ b/ldap/servers/plugins/replication/repl5_replica.c
d69b2b
@@ -3931,11 +3931,9 @@ windows_replica_start_agreement(Replica *r, Repl_Agmt *ra)
d69b2b
  * A callback function registered as op->o_csngen_handler and
d69b2b
  * called by backend ops to generate opcsn.
d69b2b
  */
d69b2b
-CSN *
d69b2b
-replica_generate_next_csn(Slapi_PBlock *pb, const CSN *basecsn)
d69b2b
+int32_t
d69b2b
+replica_generate_next_csn(Slapi_PBlock *pb, const CSN *basecsn, CSN **opcsn)
d69b2b
 {
d69b2b
-    CSN *opcsn = NULL;
d69b2b
-
d69b2b
     Replica *replica = replica_get_replica_for_op(pb);
d69b2b
     if (NULL != replica) {
d69b2b
         Slapi_Operation *op;
d69b2b
@@ -3946,17 +3944,26 @@ replica_generate_next_csn(Slapi_PBlock *pb, const CSN *basecsn)
d69b2b
                 CSNGen *gen = (CSNGen *)object_get_data(gen_obj);
d69b2b
                 if (NULL != gen) {
d69b2b
                     /* The new CSN should be greater than the base CSN */
d69b2b
-                    csngen_new_csn(gen, &opcsn, PR_FALSE /* don't notify */);
d69b2b
-                    if (csn_compare(opcsn, basecsn) <= 0) {
d69b2b
-                        char opcsnstr[CSN_STRSIZE], basecsnstr[CSN_STRSIZE];
d69b2b
+                    if (csngen_new_csn(gen, opcsn, PR_FALSE /* don't notify */) != CSN_SUCCESS) {
d69b2b
+                        /* Failed to generate CSN we must abort */
d69b2b
+                        object_release(gen_obj);
d69b2b
+                        return -1;
d69b2b
+                    }
d69b2b
+                    if (csn_compare(*opcsn, basecsn) <= 0) {
d69b2b
+                        char opcsnstr[CSN_STRSIZE];
d69b2b
+                        char basecsnstr[CSN_STRSIZE];
d69b2b
                         char opcsn2str[CSN_STRSIZE];
d69b2b
 
d69b2b
-                        csn_as_string(opcsn, PR_FALSE, opcsnstr);
d69b2b
+                        csn_as_string(*opcsn, PR_FALSE, opcsnstr);
d69b2b
                         csn_as_string(basecsn, PR_FALSE, basecsnstr);
d69b2b
-                        csn_free(&opcsn);
d69b2b
+                        csn_free(opcsn);
d69b2b
                         csngen_adjust_time(gen, basecsn);
d69b2b
-                        csngen_new_csn(gen, &opcsn, PR_FALSE /* don't notify */);
d69b2b
-                        csn_as_string(opcsn, PR_FALSE, opcsn2str);
d69b2b
+                        if (csngen_new_csn(gen, opcsn, PR_FALSE) != CSN_SUCCESS) {
d69b2b
+                            /* Failed to generate CSN we must abort */
d69b2b
+                            object_release(gen_obj);
d69b2b
+                            return -1;
d69b2b
+                        }
d69b2b
+                        csn_as_string(*opcsn, PR_FALSE, opcsn2str);
d69b2b
                         slapi_log_err(SLAPI_LOG_WARNING, repl_plugin_name,
d69b2b
                                       "replica_generate_next_csn - "
d69b2b
                                       "opcsn=%s <= basecsn=%s, adjusted opcsn=%s\n",
d69b2b
@@ -3966,14 +3973,14 @@ replica_generate_next_csn(Slapi_PBlock *pb, const CSN *basecsn)
d69b2b
                      * Insert opcsn into the csn pending list.
d69b2b
                      * This is the notify effect in csngen_new_csn().
d69b2b
                      */
d69b2b
-                    assign_csn_callback(opcsn, (void *)replica);
d69b2b
+                    assign_csn_callback(*opcsn, (void *)replica);
d69b2b
                 }
d69b2b
                 object_release(gen_obj);
d69b2b
             }
d69b2b
         }
d69b2b
     }
d69b2b
 
d69b2b
-    return opcsn;
d69b2b
+    return 0;
d69b2b
 }
d69b2b
 
d69b2b
 /*
d69b2b
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_add.c b/ldap/servers/slapd/back-ldbm/ldbm_add.c
d69b2b
index d0d88bf16..ee366c74c 100644
d69b2b
--- a/ldap/servers/slapd/back-ldbm/ldbm_add.c
d69b2b
+++ b/ldap/servers/slapd/back-ldbm/ldbm_add.c
d69b2b
@@ -645,7 +645,13 @@ ldbm_back_add(Slapi_PBlock *pb)
d69b2b
                          * Current op is a user request. Opcsn will be assigned
d69b2b
                          * if the dn is in an updatable replica.
d69b2b
                          */
d69b2b
-                        opcsn = entry_assign_operation_csn(pb, e, parententry ? parententry->ep_entry : NULL);
d69b2b
+                        if (entry_assign_operation_csn(pb, e, parententry ? parententry->ep_entry : NULL, &opcsn) != 0) {
d69b2b
+                            slapi_log_err(SLAPI_LOG_ERR, "ldbm_back_add",
d69b2b
+                                    "failed to generate add CSN for entry (%s), aborting operation\n",
d69b2b
+                                    slapi_entry_get_dn(e));
d69b2b
+                            ldap_result_code = LDAP_OPERATIONS_ERROR;
d69b2b
+                            goto error_return;
d69b2b
+                        }
d69b2b
                     }
d69b2b
                     if (opcsn != NULL) {
d69b2b
                         entry_set_csn(e, opcsn);
d69b2b
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_delete.c b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
d69b2b
index 873b5b00e..fbcb57310 100644
d69b2b
--- a/ldap/servers/slapd/back-ldbm/ldbm_delete.c
d69b2b
+++ b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
d69b2b
@@ -464,7 +464,14 @@ replace_entry:
d69b2b
                      * by entry_assign_operation_csn() if the dn is in an
d69b2b
                      * updatable replica.
d69b2b
                      */
d69b2b
-                    opcsn = entry_assign_operation_csn ( pb, e->ep_entry, NULL );
d69b2b
+                    if (entry_assign_operation_csn(pb, e->ep_entry, NULL, &opcsn) != 0) {
d69b2b
+                        slapi_log_err(SLAPI_LOG_ERR, "ldbm_back_delete",
d69b2b
+                                "failed to generate delete CSN for entry (%s), aborting operation\n",
d69b2b
+                                slapi_entry_get_dn(e->ep_entry));
d69b2b
+                        retval = -1;
d69b2b
+                        ldap_result_code = LDAP_OPERATIONS_ERROR;
d69b2b
+                        goto error_return;
d69b2b
+                    }
d69b2b
                 }
d69b2b
                 if (opcsn != NULL) {
d69b2b
                     if (!is_fixup_operation) {
d69b2b
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modify.c b/ldap/servers/slapd/back-ldbm/ldbm_modify.c
d69b2b
index b0c477e3f..e9d7e87e3 100644
d69b2b
--- a/ldap/servers/slapd/back-ldbm/ldbm_modify.c
d69b2b
+++ b/ldap/servers/slapd/back-ldbm/ldbm_modify.c
d69b2b
@@ -598,12 +598,18 @@ ldbm_back_modify(Slapi_PBlock *pb)
d69b2b
                     goto error_return;
d69b2b
                 }
d69b2b
                 opcsn = operation_get_csn(operation);
d69b2b
-                if (NULL == opcsn && operation->o_csngen_handler) {
d69b2b
+                if (opcsn == NULL && operation->o_csngen_handler) {
d69b2b
                     /*
d69b2b
                      * Current op is a user request. Opcsn will be assigned
d69b2b
                      * if the dn is in an updatable replica.
d69b2b
                      */
d69b2b
-                    opcsn = entry_assign_operation_csn(pb, e->ep_entry, NULL);
d69b2b
+                    if (entry_assign_operation_csn(pb, e->ep_entry, NULL, &opcsn) != 0) {
d69b2b
+                        slapi_log_err(SLAPI_LOG_ERR, "ldbm_back_modify",
d69b2b
+                                "failed to generate modify CSN for entry (%s), aborting operation\n",
d69b2b
+                                slapi_entry_get_dn(e->ep_entry));
d69b2b
+                        ldap_result_code = LDAP_OPERATIONS_ERROR;
d69b2b
+                        goto error_return;
d69b2b
+                    }
d69b2b
                 }
d69b2b
                 if (opcsn) {
d69b2b
                     entry_set_maxcsn(e->ep_entry, opcsn);
d69b2b
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
d69b2b
index 26698012a..fde83c99f 100644
d69b2b
--- a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
d69b2b
+++ b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
d69b2b
@@ -543,7 +543,13 @@ ldbm_back_modrdn(Slapi_PBlock *pb)
d69b2b
                      * Current op is a user request. Opcsn will be assigned
d69b2b
                      * if the dn is in an updatable replica.
d69b2b
                      */
d69b2b
-                    opcsn = entry_assign_operation_csn(pb, e->ep_entry, parententry ? parententry->ep_entry : NULL);
d69b2b
+                    if (entry_assign_operation_csn(pb, e->ep_entry, parententry ? parententry->ep_entry : NULL, &opcsn) != 0) {
d69b2b
+                        slapi_log_err(SLAPI_LOG_ERR, "ldbm_back_modrdn",
d69b2b
+                                "failed to generate modrdn CSN for entry (%s), aborting operation\n",
d69b2b
+                                slapi_entry_get_dn(e->ep_entry));
d69b2b
+                        ldap_result_code = LDAP_OPERATIONS_ERROR;
d69b2b
+                        goto error_return;
d69b2b
+                    }
d69b2b
                 }
d69b2b
                 if (opcsn != NULL) {
d69b2b
                     entry_set_maxcsn(e->ep_entry, opcsn);
d69b2b
diff --git a/ldap/servers/slapd/csngen.c b/ldap/servers/slapd/csngen.c
d69b2b
index 68dbbda8e..b08d8b25c 100644
d69b2b
--- a/ldap/servers/slapd/csngen.c
d69b2b
+++ b/ldap/servers/slapd/csngen.c
d69b2b
@@ -164,6 +164,7 @@ csngen_free(CSNGen **gen)
d69b2b
 int
d69b2b
 csngen_new_csn(CSNGen *gen, CSN **csn, PRBool notify)
d69b2b
 {
d69b2b
+    struct timespec now = {0};
d69b2b
     int rc = CSN_SUCCESS;
d69b2b
     time_t cur_time;
d69b2b
     int delta;
d69b2b
@@ -179,12 +180,25 @@ csngen_new_csn(CSNGen *gen, CSN **csn, PRBool notify)
d69b2b
         return CSN_MEMORY_ERROR;
d69b2b
     }
d69b2b
 
d69b2b
-    slapi_rwlock_wrlock(gen->lock);
d69b2b
+    if ((rc = slapi_clock_gettime(&now)) != 0) {
d69b2b
+        /* Failed to get system time, we must abort */
d69b2b
+        slapi_log_err(SLAPI_LOG_ERR, "csngen_new_csn",
d69b2b
+                "Failed to get system time (%s)\n",
d69b2b
+                slapd_system_strerror(rc));
d69b2b
+        return CSN_TIME_ERROR;
d69b2b
+    }
d69b2b
+    cur_time = now.tv_sec;
d69b2b
 
d69b2b
-    cur_time = slapi_current_utc_time();
d69b2b
+    slapi_rwlock_wrlock(gen->lock);
d69b2b
 
d69b2b
     /* check if the time should be adjusted */
d69b2b
     delta = cur_time - gen->state.sampled_time;
d69b2b
+    if (delta > _SEC_PER_DAY || delta < (-1 * _SEC_PER_DAY)) {
d69b2b
+        /* We had a jump larger than a day */
d69b2b
+        slapi_log_err(SLAPI_LOG_INFO, "csngen_new_csn",
d69b2b
+                "Detected large jump in CSN time.  Delta: %d (current time: %ld  vs  previous time: %ld)\n",
d69b2b
+                delta, cur_time, gen->state.sampled_time);
d69b2b
+    }
d69b2b
     if (delta > 0) {
d69b2b
         rc = _csngen_adjust_local_time(gen, cur_time);
d69b2b
         if (rc != CSN_SUCCESS) {
d69b2b
diff --git a/ldap/servers/slapd/entrywsi.c b/ldap/servers/slapd/entrywsi.c
d69b2b
index 5d1d7238a..31bf65d8e 100644
d69b2b
--- a/ldap/servers/slapd/entrywsi.c
d69b2b
+++ b/ldap/servers/slapd/entrywsi.c
d69b2b
@@ -224,13 +224,12 @@ entry_add_rdn_csn(Slapi_Entry *e, const CSN *csn)
d69b2b
     slapi_rdn_free(&rdn;;
d69b2b
 }
d69b2b
 
d69b2b
-CSN *
d69b2b
-entry_assign_operation_csn(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *parententry)
d69b2b
+int32_t
d69b2b
+entry_assign_operation_csn(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *parententry, CSN **opcsn)
d69b2b
 {
d69b2b
     Slapi_Operation *op;
d69b2b
     const CSN *basecsn = NULL;
d69b2b
     const CSN *parententry_dncsn = NULL;
d69b2b
-    CSN *opcsn = NULL;
d69b2b
 
d69b2b
     slapi_pblock_get(pb, SLAPI_OPERATION, &op);
d69b2b
 
d69b2b
@@ -252,14 +251,16 @@ entry_assign_operation_csn(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *parent
d69b2b
                 basecsn = parententry_dncsn;
d69b2b
             }
d69b2b
         }
d69b2b
-        opcsn = op->o_csngen_handler(pb, basecsn);
d69b2b
+        if(op->o_csngen_handler(pb, basecsn, opcsn) != 0) {
d69b2b
+            return -1;
d69b2b
+        }
d69b2b
 
d69b2b
-        if (NULL != opcsn) {
d69b2b
-            operation_set_csn(op, opcsn);
d69b2b
+        if (*opcsn) {
d69b2b
+            operation_set_csn(op, *opcsn);
d69b2b
         }
d69b2b
     }
d69b2b
 
d69b2b
-    return opcsn;
d69b2b
+    return 0;
d69b2b
 }
d69b2b
 
d69b2b
 /*
d69b2b
diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
d69b2b
index a4cae784a..cef8c789c 100644
d69b2b
--- a/ldap/servers/slapd/slap.h
d69b2b
+++ b/ldap/servers/slapd/slap.h
d69b2b
@@ -1480,7 +1480,7 @@ struct op;
d69b2b
 typedef void (*result_handler)(struct conn *, struct op *, int, char *, char *, int, struct berval **);
d69b2b
 typedef int (*search_entry_handler)(Slapi_Backend *, struct conn *, struct op *, struct slapi_entry *);
d69b2b
 typedef int (*search_referral_handler)(Slapi_Backend *, struct conn *, struct op *, struct berval **);
d69b2b
-typedef CSN *(*csngen_handler)(Slapi_PBlock *pb, const CSN *basecsn);
d69b2b
+typedef int32_t *(*csngen_handler)(Slapi_PBlock *pb, const CSN *basecsn, CSN **opcsn);
d69b2b
 typedef int (*replica_attr_handler)(Slapi_PBlock *pb, const char *type, void **value);
d69b2b
 
d69b2b
 /*
d69b2b
diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h
d69b2b
index be1e52e4d..834a98742 100644
d69b2b
--- a/ldap/servers/slapd/slapi-plugin.h
d69b2b
+++ b/ldap/servers/slapd/slapi-plugin.h
d69b2b
@@ -6743,6 +6743,14 @@ int slapi_reslimit_get_integer_limit(Slapi_Connection *conn, int handle, int *li
d69b2b
  */
d69b2b
 time_t slapi_current_time(void) __attribute__((deprecated));
d69b2b
 
d69b2b
+/**
d69b2b
+ * Get the system time and check for errors.  Return
d69b2b
+ *
d69b2b
+ * \param tp - a timespec struct where the system time is set
d69b2b
+ * \return result code, upon success tp is set to the system time
d69b2b
+ */
d69b2b
+int32_t slapi_clock_gettime(struct timespec *tp);
d69b2b
+
d69b2b
 /**
d69b2b
  * Returns the current system time as a hr clock relative to uptime
d69b2b
  * This means the clock is not affected by timezones
d69b2b
diff --git a/ldap/servers/slapd/slapi-private.h b/ldap/servers/slapd/slapi-private.h
d69b2b
index d85ee43e5..c98c1947c 100644
d69b2b
--- a/ldap/servers/slapd/slapi-private.h
d69b2b
+++ b/ldap/servers/slapd/slapi-private.h
d69b2b
@@ -233,7 +233,8 @@ enum
d69b2b
     CSN_INVALID_PARAMETER, /* invalid function argument */
d69b2b
     CSN_INVALID_FORMAT,    /* invalid state format */
d69b2b
     CSN_LDAP_ERROR,        /* LDAP operation failed */
d69b2b
-    CSN_NSPR_ERROR         /* NSPR API failure */
d69b2b
+    CSN_NSPR_ERROR,        /* NSPR API failure */
d69b2b
+    CSN_TIME_ERROR         /* Error generating new CSN due to clock failure */
d69b2b
 };
d69b2b
 
d69b2b
 typedef struct csngen CSNGen;
d69b2b
@@ -326,7 +327,7 @@ int slapi_entries_diff(Slapi_Entry **old_entries, Slapi_Entry **new_entries, int
d69b2b
 void set_attr_to_protected_list(char *attr, int flag);
d69b2b
 
d69b2b
 /* entrywsi.c */
d69b2b
-CSN *entry_assign_operation_csn(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *parententry);
d69b2b
+int32_t entry_assign_operation_csn(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *parententry, CSN **opcsn);
d69b2b
 const CSN *entry_get_maxcsn(const Slapi_Entry *entry);
d69b2b
 void entry_set_maxcsn(Slapi_Entry *entry, const CSN *csn);
d69b2b
 const CSN *entry_get_dncsn(const Slapi_Entry *entry);
d69b2b
diff --git a/ldap/servers/slapd/time.c b/ldap/servers/slapd/time.c
d69b2b
index 8048a3359..545538404 100644
d69b2b
--- a/ldap/servers/slapd/time.c
d69b2b
+++ b/ldap/servers/slapd/time.c
d69b2b
@@ -61,6 +61,25 @@ poll_current_time()
d69b2b
     return 0;
d69b2b
 }
d69b2b
 
d69b2b
+/*
d69b2b
+ * Check if the time function returns an error.  If so return the errno
d69b2b
+ */
d69b2b
+int32_t
d69b2b
+slapi_clock_gettime(struct timespec *tp)
d69b2b
+{
d69b2b
+    int32_t rc = 0;
d69b2b
+
d69b2b
+    PR_ASSERT(tp && tp->tv_nsec == 0 && tp->tv_sec == 0);
d69b2b
+
d69b2b
+    if (clock_gettime(CLOCK_REALTIME, tp) != 0) {
d69b2b
+        rc = errno;
d69b2b
+    }
d69b2b
+
d69b2b
+    PR_ASSERT(rc == 0);
d69b2b
+
d69b2b
+    return rc;
d69b2b
+}
d69b2b
+
d69b2b
 time_t
d69b2b
 current_time(void)
d69b2b
 {
d69b2b
@@ -69,7 +88,7 @@ current_time(void)
d69b2b
      * but this should be removed in favour of the
d69b2b
      * more accurately named slapi_current_utc_time
d69b2b
      */
d69b2b
-    struct timespec now;
d69b2b
+    struct timespec now = {0};
d69b2b
     clock_gettime(CLOCK_REALTIME, &now;;
d69b2b
     return now.tv_sec;
d69b2b
 }
d69b2b
@@ -83,7 +102,7 @@ slapi_current_time(void)
d69b2b
 struct timespec
d69b2b
 slapi_current_rel_time_hr(void)
d69b2b
 {
d69b2b
-    struct timespec now;
d69b2b
+    struct timespec now = {0};
d69b2b
     clock_gettime(CLOCK_MONOTONIC, &now;;
d69b2b
     return now;
d69b2b
 }
d69b2b
@@ -91,7 +110,7 @@ slapi_current_rel_time_hr(void)
d69b2b
 struct timespec
d69b2b
 slapi_current_utc_time_hr(void)
d69b2b
 {
d69b2b
-    struct timespec ltnow;
d69b2b
+    struct timespec ltnow = {0};
d69b2b
     clock_gettime(CLOCK_REALTIME, &ltnow);
d69b2b
     return ltnow;
d69b2b
 }
d69b2b
@@ -99,7 +118,7 @@ slapi_current_utc_time_hr(void)
d69b2b
 time_t
d69b2b
 slapi_current_utc_time(void)
d69b2b
 {
d69b2b
-    struct timespec ltnow;
d69b2b
+    struct timespec ltnow = {0};
d69b2b
     clock_gettime(CLOCK_REALTIME, &ltnow);
d69b2b
     return ltnow.tv_sec;
d69b2b
 }
d69b2b
@@ -108,8 +127,8 @@ void
d69b2b
 slapi_timestamp_utc_hr(char *buf, size_t bufsize)
d69b2b
 {
d69b2b
     PR_ASSERT(bufsize >= SLAPI_TIMESTAMP_BUFSIZE);
d69b2b
-    struct timespec ltnow;
d69b2b
-    struct tm utctm;
d69b2b
+    struct timespec ltnow = {0};
d69b2b
+    struct tm utctm = {0};
d69b2b
     clock_gettime(CLOCK_REALTIME, &ltnow);
d69b2b
     gmtime_r(&(ltnow.tv_sec), &utctm);
d69b2b
     strftime(buf, bufsize, "%Y%m%d%H%M%SZ", &utctm);
d69b2b
@@ -140,7 +159,7 @@ format_localTime_log(time_t t, int initsize __attribute__((unused)), char *buf,
d69b2b
 {
d69b2b
 
d69b2b
     long tz;
d69b2b
-    struct tm *tmsp, tms;
d69b2b
+    struct tm *tmsp, tms = {0};
d69b2b
     char tbuf[*bufsize];
d69b2b
     char sign;
d69b2b
     /* make sure our buffer will be big enough. Need at least 29 */
d69b2b
@@ -191,7 +210,7 @@ format_localTime_hr_log(time_t t, long nsec, int initsize __attribute__((unused)
d69b2b
 {
d69b2b
 
d69b2b
     long tz;
d69b2b
-    struct tm *tmsp, tms;
d69b2b
+    struct tm *tmsp, tms = {0};
d69b2b
     char tbuf[*bufsize];
d69b2b
     char sign;
d69b2b
     /* make sure our buffer will be big enough. Need at least 39 */
d69b2b
@@ -278,7 +297,7 @@ slapi_timespec_expire_check(struct timespec *expire)
d69b2b
     if (expire->tv_sec == 0 && expire->tv_nsec == 0) {
d69b2b
         return TIMER_CONTINUE;
d69b2b
     }
d69b2b
-    struct timespec now;
d69b2b
+    struct timespec now = {0};
d69b2b
     clock_gettime(CLOCK_MONOTONIC, &now;;
d69b2b
     if (now.tv_sec > expire->tv_sec ||
d69b2b
         (expire->tv_sec == now.tv_sec && now.tv_sec > expire->tv_nsec)) {
d69b2b
@@ -293,7 +312,7 @@ format_localTime(time_t from)
d69b2b
        in the syntax of a generalizedTime, except without the time zone. */
d69b2b
 {
d69b2b
     char *into;
d69b2b
-    struct tm t;
d69b2b
+    struct tm t = {0};
d69b2b
 
d69b2b
     localtime_r(&from, &t);
d69b2b
 
d69b2b
@@ -362,7 +381,7 @@ format_genTime(time_t from)
d69b2b
        in the syntax of a generalizedTime. */
d69b2b
 {
d69b2b
     char *into;
d69b2b
-    struct tm t;
d69b2b
+    struct tm t = {0};
d69b2b
 
d69b2b
     gmtime_r(&from, &t);
d69b2b
     into = slapi_ch_malloc(SLAPI_TIMESTAMP_BUFSIZE);
d69b2b
@@ -382,7 +401,7 @@ time_t
d69b2b
 read_genTime(struct berval *from)
d69b2b
 {
d69b2b
     struct tm t = {0};
d69b2b
-    time_t retTime;
d69b2b
+    time_t retTime = {0};
d69b2b
     time_t diffsec = 0;
d69b2b
     int i, gflag = 0, havesec = 0;
d69b2b
 
d69b2b
-- 
d69b2b
2.26.2
d69b2b