sd-daemon: wipe out memory before using CMSG_NXTHDR()

CMSG_NXTHDR() checks for cmsg->cmsg_len *after* it increased the pointer. While this makes sense for parsing received messages, that's a pitfall for code crafting messages with this macro. Wipe out the allocated memory to fix this.
author: Daniel Mack <daniel@zonque.org> 2015-10-12 14:44:26 +0200
committer: Sven Eden <yamakuzure@gmx.net> 2017-04-26 12:58:55 +0200
commit: dfbbceed38d59315271e2a7397c1f387a64c451b (patch)
tree: ab3b2e5db661fb7556c73b19d08f5c5b2bf3b6fd /src
parent: c221e39a6dce308a639185833310b995aad1fc56 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/libelogind/sd-daemon/sd-daemon.c b/src/libelogind/sd-daemon/sd-daemon.c
index 749a3646d..e10444f49 100644
--- a/src/libelogind/sd-daemon/sd-daemon.c
+++ b/src/libelogind/sd-daemon/sd-daemon.c
@@ -460,7 +460,7 @@ _public_ int sd_pid_notify_with_fds(pid_t pid, int unset_environment, const char
                         (n_fds > 0 ? CMSG_SPACE(sizeof(int) * n_fds) : 0) +
                         (have_pid ? CMSG_SPACE(sizeof(struct ucred)) : 0);
 
-                msghdr.msg_control = alloca(msghdr.msg_controllen);
+                msghdr.msg_control = alloca0(msghdr.msg_controllen);
 
                 cmsg = CMSG_FIRSTHDR(&msghdr);
                 if (n_fds > 0) {
author	Daniel Mack <daniel@zonque.org>	2015-10-12 14:44:26 +0200
committer	Sven Eden <yamakuzure@gmx.net>	2017-04-26 12:58:55 +0200
commit	dfbbceed38d59315271e2a7397c1f387a64c451b (patch)
tree	ab3b2e5db661fb7556c73b19d08f5c5b2bf3b6fd /src
parent	c221e39a6dce308a639185833310b995aad1fc56 (diff)