user-util,user-record-nss: initialize buffer before calling getpwnam_r() and friends

The buffer will be used by a library outside of our code base,
and may not be initialized even on success. Let's initialize
them for safety.

Hopefully fixes the following fuzzer warning:
```
==2039==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x7f9ad8be3ae6 in _nss_files_getsgnam_r (/lib/x86_64-linux-gnu/libnss_files.so.2+0x8ae6) (BuildId: 013bf05b4846ebbdbebdb05585acc9726c2fabce)
    #1 0x7f9ad93e5902 in getsgnam_r (/lib/x86_64-linux-gnu/libc.so.6+0x126902) (BuildId: 0323ab4806bee6f846d9ad4bccfc29afdca49a58)
    #2 0x7f9ad9b98153 in nss_sgrp_for_group /work/build/../../src/systemd/src/shared/user-record-nss.c:357:21
    #3 0x7f9ad9b98926 in nss_group_record_by_gid /work/build/../../src/systemd/src/shared/user-record-nss.c:431:21
    #4 0x7f9ad9bcebd7 in groupdb_by_gid_fallbacks /work/build/../../src/systemd/src/shared/userdb.c:1372:29

  Uninitialized value was created by a heap allocation
    #0 0x556fd5294302 in malloc /src/llvm-project/compiler-rt/lib/msan/msan_interceptors.cpp:1021:3
    #1 0x7f9ad9b9811d in nss_sgrp_for_group /work/build/../../src/systemd/src/shared/user-record-nss.c:353:23
    #2 0x7f9ad9b98926 in nss_group_record_by_gid /work/build/../../src/systemd/src/shared/user-record-nss.c:431:21
    #3 0x7f9ad9bcebd7 in groupdb_by_gid_fallbacks /work/build/../../src/systemd/src/shared/userdb.c:1372:29
```

diff --git a/src/basic/user-util.c b/src/basic/user-util.c
index eed4bac8953a13d888fd43162163344a37b4bf9e..3936192f391189ca945feb097ddcdaf5ca65e9e7 100644 (file)
--- a/src/basic/user-util.c
+++ b/src/basic/user-util.c
@@ -1086,7 +1086,7 @@ int getpwnam_malloc(const char *name, struct passwd **ret) {
         for (;;) {
                 _cleanup_free_ void *buf = NULL;
 
-                buf = malloc(ALIGN(sizeof(struct passwd)) + bufsize);
+                buf = malloc0(ALIGN(sizeof(struct passwd)) + bufsize);
                 if (!buf)
                         return -ENOMEM;
 
@@ -1127,7 +1127,7 @@ int getpwuid_malloc(uid_t uid, struct passwd **ret) {
         for (;;) {
                 _cleanup_free_ void *buf = NULL;
 
-                buf = malloc(ALIGN(sizeof(struct passwd)) + bufsize);
+                buf = malloc0(ALIGN(sizeof(struct passwd)) + bufsize);
                 if (!buf)
                         return -ENOMEM;
 
@@ -1171,7 +1171,7 @@ int getgrnam_malloc(const char *name, struct group **ret) {
         for (;;) {
                 _cleanup_free_ void *buf = NULL;
 
-                buf = malloc(ALIGN(sizeof(struct group)) + bufsize);
+                buf = malloc0(ALIGN(sizeof(struct group)) + bufsize);
                 if (!buf)
                         return -ENOMEM;
 
@@ -1210,7 +1210,7 @@ int getgrgid_malloc(gid_t gid, struct group **ret) {
         for (;;) {
                 _cleanup_free_ void *buf = NULL;
 
-                buf = malloc(ALIGN(sizeof(struct group)) + bufsize);
+                buf = malloc0(ALIGN(sizeof(struct group)) + bufsize);
                 if (!buf)
                         return -ENOMEM;
 

diff --git a/src/shared/user-record-nss.c b/src/shared/user-record-nss.c
index 404003d18ef00f818580a2f3ec063d77f3e7709c..c2ad11a0c2024b1038464f427dbf0e0c7e8d7bb4 100644 (file)
--- a/src/shared/user-record-nss.c
+++ b/src/shared/user-record-nss.c
@@ -177,9 +177,9 @@ int nss_spwd_for_passwd(const struct passwd *pwd, struct spwd *ret_spwd, char **
 
         for (;;) {
                 _cleanup_free_ char *buf = NULL;
-                struct spwd spwd, *result;
+                struct spwd spwd = {}, *result = NULL;
 
-                buf = malloc(buflen);
+                buf = malloc0(buflen);
                 if (!buf)
                         return -ENOMEM;
 
@@ -349,9 +349,9 @@ int nss_sgrp_for_group(const struct group *grp, struct sgrp *ret_sgrp, char **re
 
         for (;;) {
                 _cleanup_free_ char *buf = NULL;
-                struct sgrp sgrp, *result;
+                struct sgrp sgrp = {}, *result = NULL;
 
-                buf = malloc(buflen);
+                buf = malloc0(buflen);
                 if (!buf)
                         return -ENOMEM;