Use {0} initializer for all stack allocated char arrays

Lots of places in the code were already using {0} to initialize stack char
arrays, but memset() was being used as well.  This commit removes all
unnecessary memset() calls against char arrays that are already initialized
via {0} (which sets all members to zero for such arrays).

client/config_init.c

@@ -278,12 +278,11 @@ static int
 is_rc_section(const char* line, uint16_t line_size, char* rc_section, uint16_t rc_section_size)
 {
     char    *ndx, *emark;
-    char    buf[MAX_LINE_LEN];
+    char    buf[MAX_LINE_LEN] = {0};
     int     section_found = 0;
 
     if (line_size < sizeof(buf))
     {
-        memset (buf, 0, sizeof(buf));
         strlcpy(buf, line, sizeof(buf));
 
         ndx = buf;
@@ -426,7 +425,7 @@ parse_time_offset(const char *offset_str)
     int os_len      = strlen(offset_str);
     int is_err;
 
-    char offset_digits[MAX_TIME_STR_LEN];
+    char offset_digits[MAX_TIME_STR_LEN] = {0};
 
     j=0;
     for (i=0; i < os_len; i++) {
@@ -866,7 +865,7 @@ parse_rc_param(fko_cli_options_t *options, const char *var, char * val)
 static void
 add_single_var_to_rc(FILE* fhandle, uint16_t arg_ndx, fko_cli_options_t *options)
 {
-    char    val[MAX_LINE_LEN]  = {0};
+    char    val[MAX_LINE_LEN] = {0};
 
     if (arg_ndx >= FWKNOP_CLI_ARG_NB)
         return;
@@ -874,10 +873,7 @@ add_single_var_to_rc(FILE* fhandle, uint16_t arg_ndx, fko_cli_options_t *options
     if (fhandle == NULL)
         return;
 
-    /* Zero the val buffer */
-    memset(val, 0, sizeof(val));
-
-    /* Selecty the argument to add and store its string value into val */
+    /* Select the argument to add and store its string value into val */
     switch (arg_ndx)
     {
         case FWKNOP_CLI_ARG_DIGEST_TYPE :
@@ -1033,8 +1029,8 @@ process_rc_section(char *section_name, fko_cli_options_t *options)
 {
     FILE           *rc;
     int             line_num = 0, do_exit = 0;
-    char            line[MAX_LINE_LEN];
-    char            rcfile[MAX_PATH_LEN];
+    char            line[MAX_LINE_LEN] = {0};
+    char            rcfile[MAX_PATH_LEN] = {0};
     char            curr_stanza[MAX_LINE_LEN] = {0};
     rc_file_param_t param;
     int             rc_section_found = 0;
@@ -1131,16 +1127,13 @@ update_rc(fko_cli_options_t *options, uint32_t args_bitmask)
     int             rcfile_fd = -1;
     int             stanza_found = 0;
     int             stanza_updated = 0;
-    char            line[MAX_LINE_LEN];
-    char            rcfile[MAX_PATH_LEN];
-    char            rcfile_update[MAX_PATH_LEN];
-    char            curr_stanza[MAX_LINE_LEN] = {0};
+    char            line[MAX_LINE_LEN]   = {0};
+    char            rcfile[MAX_PATH_LEN] = {0};
+    char            rcfile_update[MAX_PATH_LEN] = {0};
+    char            curr_stanza[MAX_LINE_LEN]   = {0};
     uint32_t        var_bm  = 0;                        /* Bitmask associated to a conf. variable */
     rc_file_param_t param;                              /* Structure to contain a conf. variable name with its value  */
 
-    memset(rcfile, 0, MAX_PATH_LEN);
-    memset(rcfile_update, 0, MAX_PATH_LEN);
-
     set_rc_file(rcfile, options);
 
     strlcpy(rcfile_update, rcfile, sizeof(rcfile_update));
@@ -1821,23 +1814,24 @@ usage(void)
             MY_NAME, MY_VERSION, MY_DESC, HTTP_RESOLVE_HOST);
     log_msg(LOG_VERBOSITY_NORMAL,
       "Usage: fwknop -A <port list> [-s|-R|-a] -D <spa_server> [options]\n\n"
-      " -h, --help                  Print this usage message and exit.\n"
+      " -n, --named-config          Specify a named configuration stanza in the\n"
+      "                             '$HOME/.fwknoprc' file to provide some of all\n"
+      "                             of the configuration parameters.\n"
+      "                             If more arguments are set through the command\n"
+      "                             line, the configuration is updated accordingly\n"
       " -A, --access                Provide a list of ports/protocols to open\n"
-      "                             on the server.\n"
+      "                             on the server (e.g. 'tcp/22').\n"
+      " -a, --allow-ip              Specify IP address to allow within the SPA\n"
+      "                             packet (e.g. '123.2.3.4').  If \n"
+      " -D, --destination           Specify the hostname or IP address of the\n"
+      "                             fwknop server.\n"
+      " -h, --help                  Print this usage message and exit.\n"
       " -B, --save-packet           Save the generated packet data to the\n"
       "                             specified file.\n"
       " -b, --save-packet-append    Append the generated packet data to the\n"
       "                             file specified with the -B option.\n"
-      " -a, --allow-ip              Specify IP address to allow within the SPA\n"
-      "                             packet.\n"
       " -C, --server-cmd            Specify a command that the fwknop server will\n"
       "                             execute on behalf of the fwknop client..\n"
-      " -D, --destination           Specify the IP address of the fwknop server.\n"
-      " -n, --named-config          Specify an named configuration stanza in the\n"
-      "                             '$HOME/.fwknoprc' file to provide some of all\n"
-      "                             of the configuration parameters.\n"
-      "                             If more arguments are set through the command\n"
-      "                             line, the configuration is updated accordingly\n"
       " -N, --nat-access            Gain NAT access to an internal service.\n"
       " -p, --server-port           Set the destination port for outgoing SPA\n"
       "                             packet.\n"

client/fwknop.c

@@ -129,12 +129,11 @@ is_ipv6_str(char *str)
 static int
 is_hostname_str_with_port(const char *str, char *hostname, size_t hostname_bufsize, int *port)
 {
-    int     valid = 0;              /* Result of the function */
-    char    buf[MAX_LINE_LEN];      /* Copy of the buffer eg. "hostname,port" */
-    char   *h;                      /* Pointer on the hostname string */
-    char   *p;                      /* Ponter on the port string */
+    int     valid = 0;                /* Result of the function */
+    char    buf[MAX_LINE_LEN] = {0};  /* Copy of the buffer eg. "hostname,port" */
+    char   *h;                        /* Pointer on the hostname string */
+    char   *p;                        /* Ponter on the port string */
 
-    memset(buf, 0, sizeof(buf));
     memset(hostname, 0, hostname_bufsize);
     *port = 0;
 
@@ -185,10 +184,6 @@ main(int argc, char **argv)
 
     fko_cli_options_t   options;
 
-    memset(key, 0x00, MAX_KEY_LEN+1);
-    memset(hmac_key, 0x00, MAX_KEY_LEN+1);
-    memset(access_buf, 0x00, MAX_LINE_LEN);
-
     /* Initialize the log module */
     log_new();
 
@@ -659,7 +654,7 @@ static int
 get_rand_port(fko_ctx_t ctx)
 {
     char *rand_val = NULL;
-    char  port_str[MAX_PORT_STR_LEN+1];
+    char  port_str[MAX_PORT_STR_LEN+1] = {0};
     int   tmpint, is_err;
     int   port     = 0;
     int   res      = 0;
@@ -742,8 +737,6 @@ set_access_buf(fko_ctx_t ctx, fko_cli_options_t *options, char *access_buf)
     char   *ndx = NULL, tmp_nat_port[MAX_PORT_STR_LEN+1] = {0};
     int     nat_port = 0;
 
-    memset(tmp_nat_port, 0x0, MAX_PORT_STR_LEN+1);
-
     if(options->access_str[0] != 0x0)
     {
         if (options->nat_rand_port)
@@ -812,15 +805,13 @@ static int
 set_nat_access(fko_ctx_t ctx, fko_cli_options_t *options, const char * const access_buf)
 {
     char                nat_access_buf[MAX_LINE_LEN] = {0};
-    char                tmp_access_port[MAX_PORT_STR_LEN+1], *ndx = NULL;
+    char                tmp_access_port[MAX_PORT_STR_LEN+1] = {0}, *ndx = NULL;
     int                 access_port = 0, i = 0, is_err = 0;
     char                dst_ip_str[INET_ADDRSTRLEN] = {0};
     char                hostname[HOSTNAME_BUFSIZE] = {0};
     int                 port = 0;
     struct addrinfo     hints;
 
-    memset(nat_access_buf, 0x0, MAX_LINE_LEN);
-    memset(tmp_access_port, 0x0, MAX_PORT_STR_LEN+1);
     memset(&hints, 0 , sizeof(hints));
 
     ndx = strchr(options->access_str, '/');
@@ -938,7 +929,7 @@ prev_exec(fko_cli_options_t *options, int argc, char **argv)
 static void
 show_last_command(const char * const args_save_file)
 {
-    char args_str[MAX_LINE_LEN] = "";
+    char args_str[MAX_LINE_LEN] = {0};
     FILE *args_file_ptr = NULL;
 
     verify_file_perms_ownership(args_save_file);
@@ -1058,7 +1049,7 @@ get_save_file(char *args_save_file)
 static void
 save_args(int argc, char **argv, const char * const args_save_file)
 {
-    char args_str[MAX_LINE_LEN] = "";
+    char args_str[MAX_LINE_LEN] = {0};
     int i = 0, args_str_len = 0, args_file_fd = -1;
 
     args_file_fd = open(args_save_file, O_WRONLY|O_CREAT, S_IRUSR|S_IWUSR);

client/getpasswd.c

@@ -175,8 +175,6 @@ get_key_file(char *key, int *key_len, const char *key_file,
     char           *lptr;
 
     memset(key, 0x00, MAX_KEY_LEN+1);
-    memset(conf_line_buf, 0x00, MAX_LINE_LEN);
-    memset(tmp_char_buf, 0x00, MAX_LINE_LEN);
 
     if ((pwfile_ptr = fopen(key_file, "r")) == NULL)
     {

client/http_resolve_host.c

@@ -58,7 +58,7 @@ try_url(struct url *url, fko_cli_options_t *options)
     int     bytes_read = 0, position = 0;
     int     o1, o2, o3, o4;
     struct  addrinfo *result, *rp, hints;
-    char    http_buf[HTTP_MAX_REQUEST_LEN];
+    char    http_buf[HTTP_MAX_REQUEST_LEN]       = {0};
     char    http_response[HTTP_MAX_RESPONSE_LEN] = {0};
     char   *ndx;
 

client/spa_comm.c

@@ -35,7 +35,7 @@
 static void
 dump_transmit_options(const fko_cli_options_t *options)
 {
-    char proto_str[PROTOCOL_BUFSIZE];   /* Protocol string */
+    char proto_str[PROTOCOL_BUFSIZE] = {0};   /* Protocol string */
 
     proto_inttostr(options->spa_proto, proto_str, sizeof(proto_str));
 
@@ -89,7 +89,7 @@ send_spa_packet_tcp_or_udp(const char *spa_data, const int sd_len,
 {
     int     sock, res=0, error;
     struct  addrinfo *result, *rp, hints;
-    char    port_str[MAX_PORT_STR_LEN+1];
+    char    port_str[MAX_PORT_STR_LEN+1] = {0};
 
     if (options->test)
     {
@@ -495,7 +495,7 @@ static int
 send_spa_packet_http(const char *spa_data, const int sd_len,
     fko_cli_options_t *options)
 {
-    char http_buf[HTTP_MAX_REQUEST_LEN], *spa_data_copy = NULL;
+    char http_buf[HTTP_MAX_REQUEST_LEN] = {0}, *spa_data_copy = NULL;
     char *ndx = options->http_proxy;
     int  i, proxy_port = 0, is_err;
 

lib/cipher_funcs.c

@@ -118,19 +118,14 @@ static void
 rij_salt_and_iv(RIJNDAEL_context *ctx, const char *key,
         const int key_len, const unsigned char *data, const int mode_flag)
 {
-    char            pw_buf[RIJNDAEL_MAX_KEYSIZE];
-    unsigned char   tmp_buf[MD5_DIGEST_LEN+RIJNDAEL_MAX_KEYSIZE+RIJNDAEL_BLOCKSIZE];
-    unsigned char   kiv_buf[RIJNDAEL_MAX_KEYSIZE+RIJNDAEL_BLOCKSIZE]; /* Key and IV buffer */
-    unsigned char   md5_buf[MD5_DIGEST_LEN]; /* Buffer for computed md5 hash */
+    char            pw_buf[RIJNDAEL_MAX_KEYSIZE] = {0};
+    unsigned char   tmp_buf[MD5_DIGEST_LEN+RIJNDAEL_MAX_KEYSIZE+RIJNDAEL_BLOCKSIZE] = {0};
+    unsigned char   kiv_buf[RIJNDAEL_MAX_KEYSIZE+RIJNDAEL_BLOCKSIZE] = {0}; /* Key and IV buffer */
+    unsigned char   md5_buf[MD5_DIGEST_LEN] = {0}; /* Buffer for computed md5 hash */
 
     int             final_key_len = 0;
     size_t          kiv_len = 0;
 
-    memset(pw_buf,  0x00, RIJNDAEL_MAX_KEYSIZE);
-    memset(tmp_buf, 0x00, MD5_DIGEST_LEN+RIJNDAEL_MAX_KEYSIZE+RIJNDAEL_BLOCKSIZE);
-    memset(kiv_buf, 0x00, RIJNDAEL_MAX_KEYSIZE+RIJNDAEL_BLOCKSIZE);
-    memset(md5_buf, 0x00, MD5_DIGEST_LEN);
-
     if(mode_flag == FKO_ENC_MODE_CBC_LEGACY_IV)
     {
         /* Pad the pw with '0' chars up to the minimum Rijndael key size.

lib/fko_hmac.c

@@ -209,8 +209,6 @@ int fko_set_spa_hmac(fko_ctx_t ctx,
     if(hmac_key_len > MAX_DIGEST_BLOCK_LEN)
         return(FKO_ERROR_INVALID_HMAC_KEY_LEN);
 
-    memset(hmac, 0x00, SHA512_DIGEST_STR_LEN);
-
     if(ctx->hmac_type == FKO_HMAC_MD5)
     {
         hmac_md5(ctx->encrypted_msg,

lib/hmac.c

@@ -103,9 +103,6 @@ hmac_md5_init(hmac_md5_ctx *ctx, const char *key, const int key_len)
     unsigned char  init_key[MAX_DIGEST_BLOCK_LEN]  = {0};
     int            final_len = key_len;
 
-    memset(final_key, 0x00, MAX_DIGEST_BLOCK_LEN);
-    memset(init_key, 0x00, MAX_DIGEST_BLOCK_LEN);
-
     if(key_len > MAX_DIGEST_BLOCK_LEN)
         final_len = MAX_DIGEST_BLOCK_LEN;
 
@@ -177,9 +174,6 @@ hmac_sha1_init(hmac_sha1_ctx *ctx, const char *key, const int key_len)
     unsigned char  init_key[MAX_DIGEST_BLOCK_LEN]  = {0};
     int            final_len = key_len;
 
-    memset(final_key, 0x00, MAX_DIGEST_BLOCK_LEN);
-    memset(init_key, 0x00, MAX_DIGEST_BLOCK_LEN);
-
     if(key_len > MAX_DIGEST_BLOCK_LEN)
         final_len = MAX_DIGEST_BLOCK_LEN;
 
@@ -251,9 +245,6 @@ hmac_sha256_init(hmac_sha256_ctx *ctx, const char *key, const int key_len)
     unsigned char  init_key[MAX_DIGEST_BLOCK_LEN]  = {0};
     int            final_len = key_len;
 
-    memset(final_key, 0x00, MAX_DIGEST_BLOCK_LEN);
-    memset(init_key, 0x00, MAX_DIGEST_BLOCK_LEN);
-
     if(key_len > MAX_DIGEST_BLOCK_LEN)
         final_len = MAX_DIGEST_BLOCK_LEN;
 
@@ -324,8 +315,6 @@ hmac_sha384_init(hmac_sha384_ctx *ctx, const char *key, const int key_len)
     unsigned char  final_key[MAX_DIGEST_BLOCK_LEN] = {0};
     int            final_len = key_len;
 
-    memset(final_key, 0x00, MAX_DIGEST_BLOCK_LEN);
-
     if(key_len > MAX_DIGEST_BLOCK_LEN)
         final_len = MAX_DIGEST_BLOCK_LEN;
 
@@ -388,8 +377,6 @@ hmac_sha512_init(hmac_sha512_ctx *ctx, const char *key, const int key_len)
     unsigned char  final_key[MAX_DIGEST_BLOCK_LEN] = {0};
     int            final_len = key_len;
 
-    memset(final_key, 0x00, MAX_DIGEST_BLOCK_LEN);
-
     if(key_len > MAX_DIGEST_BLOCK_LEN)
         final_len = MAX_DIGEST_BLOCK_LEN;
 

server/access.c

@@ -300,7 +300,7 @@ static int
 expand_acc_source(fko_srv_options_t *opts, acc_stanza_t *acc)
 {
     char           *ndx, *start;
-    char            buf[ACCESS_BUF_LEN];
+    char            buf[ACCESS_BUF_LEN] = {0};
     int             res = 1;
 
     start = acc->source;
@@ -346,7 +346,7 @@ static int
 parse_proto_and_port(char *pstr, int *proto, int *port)
 {
     char    *ndx;
-    char    proto_str[ACCESS_BUF_LEN];
+    char    proto_str[ACCESS_BUF_LEN] = {0};
     int     is_err;
 
     /* Parse the string into its components.
@@ -493,7 +493,7 @@ int
 expand_acc_port_list(acc_port_list_t **plist, char *plist_str)
 {
     char           *ndx, *start;
-    char            buf[ACCESS_BUF_LEN];
+    char            buf[ACCESS_BUF_LEN] = {0};
 
     start = plist_str;
 
@@ -540,7 +540,7 @@ static int
 expand_acc_string_list(acc_string_list_t **stlist, char *stlist_str)
 {
     char           *ndx, *start;
-    char            buf[1024];
+    char            buf[MAX_LINE_LEN] = {0};
 
     start = stlist_str;
 
@@ -553,7 +553,7 @@ expand_acc_string_list(acc_string_list_t **stlist, char *stlist_str)
             while(isspace(*start))
                 start++;
 
-            if(((ndx-start)+1) >= 1024)
+            if(((ndx-start)+1) >= MAX_LINE_LEN)
                 return 0;
 
             strlcpy(buf, start, (ndx-start)+1);
@@ -567,7 +567,7 @@ expand_acc_string_list(acc_string_list_t **stlist, char *stlist_str)
     while(isspace(*start))
         start++;
 
-    if(((ndx-start)+1) >= 1024)
+    if(((ndx-start)+1) >= MAX_LINE_LEN)
         return 0;
 
     strlcpy(buf, start, (ndx-start)+1);
@@ -914,8 +914,8 @@ parse_access_file(fko_srv_options_t *opts)
     unsigned int    num_lines = 0;
 
     char            access_line_buf[MAX_LINE_LEN] = {0};
-    char            var[MAX_LINE_LEN]  = {0};
-    char            val[MAX_LINE_LEN]  = {0};
+    char            var[MAX_LINE_LEN] = {0};
+    char            val[MAX_LINE_LEN] = {0};
 
     struct passwd  *pw;
     struct stat     st;
@@ -1370,7 +1370,7 @@ acc_check_port_access(acc_stanza_t *acc, char *port_str)
 {
     int             res = 1, ctr = 0;
 
-    char            buf[ACCESS_BUF_LEN];
+    char            buf[ACCESS_BUF_LEN] = {0};
     char           *ndx, *start;
 
     acc_port_list_t *o_pl   = acc->oport_list;

server/config_init.c

@@ -298,7 +298,7 @@ parse_config_file(fko_srv_options_t *opts, const char *config_file)
 static void
 validate_options(fko_srv_options_t *opts)
 {
-    char tmp_path[MAX_PATH_LEN];
+    char tmp_path[MAX_PATH_LEN] = {0};
 
     /* If no conf dir is set in the config file, use the default.
     */
@@ -650,7 +650,7 @@ config_init(fko_srv_options_t *opts, int argc, char **argv)
     int             cmd_arg, index, is_err;
     unsigned char   got_conf_file = 0, got_override_config = 0;
 
-    char            override_file[MAX_LINE_LEN];
+    char            override_file[MAX_LINE_LEN] = {0};
     char           *ndx, *cmrk;
 
     /* Zero out options and opts_track.

server/extcmd.c

@@ -94,7 +94,7 @@ _run_extcmd(uid_t user_uid, const char *cmd, char *so_buf, const size_t so_buf_s
 {
     FILE   *ipt;
     int     retval = 0;
-    char    so_read_buf[IO_READ_BUF_LEN];
+    char    so_read_buf[IO_READ_BUF_LEN] = {0};
     pid_t   pid;
     int     res;
 

server/fw_util_ipf.c

@@ -152,8 +152,8 @@ check_firewall_rules(const fko_srv_options_t *opts)
 
     /* TODO: Implement me */
 
-    char             exp_str[12];
-    char             rule_num_str[6];
+    char             exp_str[12]     = {0};
+    char             rule_num_str[6] = {0};
     char            *ndx, *rn_start, *rn_end, *tmp_mark;
 
     int             i, res, rn_offset;

server/fw_util_ipfw.c

@@ -592,8 +592,8 @@ process_spa_request(const fko_srv_options_t * const opts,
 void
 check_firewall_rules(const fko_srv_options_t * const opts)
 {
-    char            exp_str[12];
-    char            rule_num_str[6];
+    char            exp_str[12]     = {0};
+    char            rule_num_str[6] = {0};
     char           *ndx, *rn_start, *rn_end, *tmp_mark;
 
     int             i=0, res=0, is_err;

server/fw_util_iptables.c

@@ -191,8 +191,8 @@ static int
 jump_rule_exists(const fko_srv_options_t * const opts, const int chain_num)
 {
     int     num, pos = 0;
-    char    cmd_buf[CMD_BUFSIZE] = {0};
-    char    target[CMD_BUFSIZE] = {0};
+    char    cmd_buf[CMD_BUFSIZE]  = {0};
+    char    target[CMD_BUFSIZE]   = {0};
     char    line_buf[CMD_BUFSIZE] = {0};
     FILE   *ipt;
 
@@ -459,8 +459,8 @@ static void
 set_fw_chain_conf(const int type, const char * const conf_str)
 {
     int i, j, is_err;
-    char tbuf[1024]     = {0};
-    const char *ndx     = conf_str;
+    char tbuf[MAX_LINE_LEN]  = {0};
+    const char *ndx          = conf_str;
 
     char *chain_fields[FW_NUM_CHAIN_FIELDS];
 
@@ -713,8 +713,8 @@ process_spa_request(const fko_srv_options_t * const opts,
 {
     char             nat_ip[MAX_IPV4_STR_LEN] = {0};
     char             snat_target[SNAT_TARGET_BUFSIZE] = {0};
+    char             rule_buf[CMD_BUFSIZE] = {0};
     char            *ndx;
-    char             rule_buf[CMD_BUFSIZE];
 
     unsigned int     nat_port = 0;
 
@@ -1076,8 +1076,8 @@ process_spa_request(const fko_srv_options_t * const opts,
 void
 check_firewall_rules(const fko_srv_options_t * const opts)
 {
-    char             exp_str[12];
-    char             rule_num_str[6];
+    char             exp_str[12]     = {0};
+    char             rule_num_str[6] = {0};
     char            *ndx, *rn_start, *rn_end, *tmp_mark;
 
     int             i, res, rn_offset, rule_num, is_err;

server/fw_util_pf.c

@@ -194,8 +194,8 @@ int
 process_spa_request(const fko_srv_options_t * const opts,
         const acc_stanza_t * const acc, spa_data_t * const spadat)
 {
-    char             new_rule[MAX_PF_NEW_RULE_LEN];
-    char             write_cmd[CMD_BUFSIZE];
+    char             new_rule[MAX_PF_NEW_RULE_LEN] = {0};
+    char             write_cmd[CMD_BUFSIZE] = {0};
 
     FILE            *pfctl_fd = NULL;
 
@@ -339,9 +339,9 @@ process_spa_request(const fko_srv_options_t * const opts,
 void
 check_firewall_rules(const fko_srv_options_t * const opts)
 {
-    char            exp_str[12];
-    char            anchor_rules_copy[STANDARD_CMD_OUT_BUFSIZE];
-    char            write_cmd[CMD_BUFSIZE];
+    char            exp_str[12] = {0};
+    char            anchor_rules_copy[STANDARD_CMD_OUT_BUFSIZE] = {0};
+    char            write_cmd[CMD_BUFSIZE] = {0};
     char           *ndx, *tmp_mark, *tmp_ndx, *newline_tmp_ndx;
 
     time_t          now, rule_exp, min_exp=0;

server/fwknopd_common.h

@@ -163,10 +163,11 @@
 
 /* fwknopd-specific limits
 */
-#define MAX_PCAP_FILTER_LEN 1024
-#define MAX_IFNAME_LEN      128
-#define MAX_SPA_PACKET_LEN  1500 /* --DSS check this? */
-#define MAX_HOSTNAME_LEN    64
+#define MAX_PCAP_FILTER_LEN     1024
+#define MAX_IFNAME_LEN          128
+#define MAX_SPA_PACKET_LEN      1500 /* --DSS check this? */
+#define MAX_HOSTNAME_LEN        64
+#define MAX_DECRYPTED_SPA_LEN   1024
 
 /* The minimum possible valid SPA data size.
 */

server/incoming_spa.c

@@ -647,7 +647,7 @@ incoming_spa(fko_srv_options_t *opts)
             break;
         }
 
-        strlcpy(spadat.spa_message_remain, spa_ip_demark+1, 1024);
+        strlcpy(spadat.spa_message_remain, spa_ip_demark+1, MAX_DECRYPTED_SPA_LEN);
 
         /* If use source IP was requested (embedded IP of 0.0.0.0), make sure it
          * is allowed.

server/replay_cache.c

@@ -143,10 +143,10 @@ replay_warning(fko_srv_options_t *opts, digest_cache_info_t *digest_info)
 {
     char        src_ip[INET_ADDRSTRLEN+1] = {0};
     char        orig_src_ip[INET_ADDRSTRLEN+1] = {0};
-    char        created[DATE_LEN];
+    char        created[DATE_LEN] = {0};
 
 #if ! USE_FILE_CACHE
-    char        first[DATE_LEN], last[DATE_LEN];
+    char        first[DATE_LEN] = {0}, last[DATE_LEN] = {0};
 #endif
 
     /* Convert the IPs to a human readable form
@@ -234,7 +234,7 @@ replay_file_cache_init(fko_srv_options_t *opts)
 {
     FILE           *digest_file_ptr = NULL;
     unsigned int    num_lines = 0, digest_ctr = 0;
-    char            line_buf[MAX_LINE_LEN] = {0};
+    char            line_buf[MAX_LINE_LEN]    = {0};
     char            src_ip[INET_ADDRSTRLEN+1] = {0};
     char            dst_ip[INET_ADDRSTRLEN+1] = {0};
     long int        time_tmp;

server/tcp_server.c

@@ -60,7 +60,7 @@ run_tcp_server(fko_srv_options_t *opts)
     fd_set              sfd_set;
     struct sockaddr_in  saddr, caddr;
     struct timeval      tv;
-    char                sipbuf[MAX_IPV4_STR_LEN];
+    char                sipbuf[MAX_IPV4_STR_LEN] = {0};
 
     unsigned short      port;
 

server/utils.c

@@ -114,7 +114,7 @@ hex_dump(const unsigned char *data, const int size)
 char *
 dump_ctx(fko_ctx_t ctx)
 {
-    static char buf[CTX_DUMP_BUFSIZE];
+    static char buf[CTX_DUMP_BUFSIZE] = {0};
     int         cp = 0;
     size_t      bytes_left;
 
@@ -164,7 +164,6 @@ dump_ctx(fko_ctx_t ctx)
     hmac_digest_inttostr(hmac_type, hmac_str, sizeof(hmac_str));
     enc_mode_inttostr(encryption_mode, enc_mode_str, sizeof(enc_mode_str));
 
-    memset(buf, 0x0, sizeof(buf));
     bytes_left = sizeof(buf) - 1;
 
     cp  = append_msg_to_buf(buf,    bytes_left,    "SPA Field Values:\n=================\n");