test: Zeroify scm buffer before filling

Submitted by Pavel Emelianov on Aug. 18, 2017, 3:19 p.m.

Details

Message ID 599951a2-e775-ba6e-547a-809bfd626cc3@virtuozzo.com
State Accepted
Series "test: Zeroify scm buffer before filling"
Commit 15b5430387d63b6e24d275449fb73c0168b236b3
Headers show

Commit Message

Pavel Emelianov Aug. 18, 2017, 3:19 p.m.
The CMSG_NXTHDR checks the length of the __next__ cmsg, i.e. the one
that it is about to return for filling. Thus, keeping there anything
but zeroes is unsafe.

Reported-by: Pavel Tikhomirov <snorcht@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
---
 test/zdtm/static/scm03.c | 1 +
 1 file changed, 1 insertion(+)

Patch hide | download patch | download mbox

diff --git a/test/zdtm/static/scm03.c b/test/zdtm/static/scm03.c
index 881bdf8..cf60497 100644
--- a/test/zdtm/static/scm03.c
+++ b/test/zdtm/static/scm03.c
@@ -22,6 +22,7 @@  static int send_fd(int via, int fd1, int fd2)
 	char c = '\0';
 	int *fdp;
 
+	memset(buf, 0, sizeof(buf));
 	h.msg_control = buf;
 	h.msg_controllen = sizeof(buf);
 #ifdef SEPARATE