test: Zeroify scm buffer before filling

The CMSG_NXTHDR checks the length of the __next__ cmsg, i.e. the one that it is about to return for filling. Thus, keeping there anything but zeroes is unsafe. Reported-by: Pavel Tikhomirov <snorcht@gmail.com> Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>

test: Zeroify scm buffer before filling
The CMSG_NXTHDR checks the length of the __next__ cmsg, i.e. the one that it is about to return for filling. Thus, keeping there anything but zeroes is unsafe. Reported-by: Pavel Tikhomirov <snorcht@gmail.com> Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
fd9fd568 · Pavel Emelyanov · 5087faa0 · fd9fd568
Commit fd9fd568 authored Aug 18, 2017 by Pavel Emelyanov
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

scm03.c test/zdtm/static/scm03.c +1 -0

No files found.
--- a/test/zdtm/static/scm03.c
+++ b/test/zdtm/static/scm03.c
@@ -22,6 +22,7 @@ static int send_fd(int via, int fd1, int fd2)
 	char c = '\0';
 	int *fdp;
+	memset(buf, 0, sizeof(buf));
 	h.msg_control = buf;
 	h.msg_controllen = sizeof(buf);
 #ifdef SEPARATE