summaryrefslogtreecommitdiff
path: root/src/libsystemd
diff options
context:
space:
mode:
authorDaniel Mack <daniel@zonque.org>2015-10-12 14:44:26 +0200
committerDaniel Mack <daniel@zonque.org>2015-10-12 15:15:25 +0200
commit40f44238924acf4e7a3ddfc1b0b1c111032bb43d (patch)
treec697af52c33ab9c3d64015fd6077b5b98d01e6a2 /src/libsystemd
parent0a41d91f3022ae5107151ebd1af9b65a55030c7e (diff)
sd-daemon: wipe out memory before using CMSG_NXTHDR()
CMSG_NXTHDR() checks for cmsg->cmsg_len *after* it increased the pointer. While this makes sense for parsing received messages, that's a pitfall for code crafting messages with this macro. Wipe out the allocated memory to fix this.
Diffstat (limited to 'src/libsystemd')
-rw-r--r--src/libsystemd/sd-daemon/sd-daemon.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/libsystemd/sd-daemon/sd-daemon.c b/src/libsystemd/sd-daemon/sd-daemon.c
index 582fb53529..ae534ba5b9 100644
--- a/src/libsystemd/sd-daemon/sd-daemon.c
+++ b/src/libsystemd/sd-daemon/sd-daemon.c
@@ -454,7 +454,7 @@ _public_ int sd_pid_notify_with_fds(pid_t pid, int unset_environment, const char
(n_fds > 0 ? CMSG_SPACE(sizeof(int) * n_fds) : 0) +
(have_pid ? CMSG_SPACE(sizeof(struct ucred)) : 0);
- msghdr.msg_control = alloca(msghdr.msg_controllen);
+ msghdr.msg_control = alloca0(msghdr.msg_controllen);
cmsg = CMSG_FIRSTHDR(&msghdr);
if (n_fds > 0) {