all_query_respond(): handle ConvertAddr failure sooner

Don't try to process returned data values that may not be set

Resolves Oracle Parfait issue:

Error: Uninitialised memory
   Uninitialised memory variable [uninitialised-mem-var] (CWE 457):
      Possible access to uninitialised memory referenced by variable 'length'
        at line 238 of xdm/xdmcp.c in function 'all_query_respond'.
        Path in callee avoiding write at line 237
          length allocated at line 231

Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

1 files changed, 4 insertions, 2 deletions

diff --git a/xdm/xdmcp.c b/xdm/xdmcp.c
index 9f2bc41..ddf2418 100644
--- a/xdm/xdmcp.c
+++ b/xdm/xdmcp.c
@@ -235,6 +235,10 @@ all_query_respond (
 # endif
 
     family = ConvertAddr((XdmcpNetaddr) from, &length, (char **)&(addr.data));
+    if (family < 0) {
+	Debug("all_query_respond: ConvertAddr failed: conntype=%d\n", family);
+	return;
+    }
     addr.length = length;	/* convert int to short */
     if (debugLevel > 0) {
 # if defined(IPv6) && defined(AF_INET6)
@@ -254,8 +258,6 @@ all_query_respond (
 	Debug("all_query_respond: conntype=%d, addr=%s, len=%d\n",
 	    family, addrstring, addr.length);
     }
-    if (family < 0)
-	return;
     connectionType = family;
 
     if (type == INDIRECT_QUERY)