netlink: Zero-initialize writer structures allocated on the stack

The prevailing pattern seems to be to simply initialize all fields to
zero.  Without this, it's possible to trigger a branch on uninitialized
memory, specifically, when testing nw->ignore_limit in
nlmsg_refill_buffer().

Initialize the writer structure in a couple of functions where this is
necessary.

Reported by:	KMSAN
Reviewed by:	melifaro
Approved by:    re(cperciva)
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D38213

(cherry picked from commit 7a78ae88659e0f6a901574d17672d1ccdc3e971b)
(cherry picked from commit 2de541757e0a2e25ce974b3c4c29bc8b753b8b6a)

1 files changed, 3 insertions, 4 deletions

diff --git a/sys/netlink/route/rt.c b/sys/netlink/route/rt.c
index 48a6b0928cab..59b34c53ad4b 100644
--- a/sys/netlink/route/rt.c
+++ b/sys/netlink/route/rt.c
@@ -341,9 +341,9 @@ static void
 report_operation(uint32_t fibnum, struct rib_cmd_info *rc,
     struct nlpcb *nlp, struct nlmsghdr *hdr)
 {
-	struct nl_writer nw;
-
+	struct nl_writer nw = {};
 	uint32_t group_id = family_to_group(rt_get_family(rc->rc_rt));
+
 	if (nlmsg_get_group_writer(&nw, NLMSG_SMALL, NETLINK_ROUTE, group_id)) {
 		struct route_nhop_data rnd = {
 			.rnd_nhop = rc_get_nhop(rc),
@@ -926,10 +926,9 @@ rtnl_handle_getroute(struct nlmsghdr *hdr, struct nlpcb *nlp, struct nl_pstate *
 void
 rtnl_handle_route_event(uint32_t fibnum, const struct rib_cmd_info *rc)
 {
+	struct nl_writer nw = {};
 	int family, nlm_flags = 0;
 
-	struct nl_writer nw;
-
 	family = rt_get_family(rc->rc_rt);
 
 	/* XXX: check if there are active listeners first */