lib: Fix uninitialized read in msghdr_copy

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11955

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jun  8 18:34:27 CEST 2016 on sn-devel-144

(cherry picked from commit 0e2711b2a0adeda6873f9c8161b9b01a56ae7098)

diff --git a/source3/lib/msghdr.c b/source3/lib/msghdr.c
index 2aa2f2e05164a7b98d19e44502db245ab41a2420..6917069d925813bd344cee33019c157c1a9fb109 100644 (file)
--- a/source3/lib/msghdr.c
+++ b/source3/lib/msghdr.c
@@ -204,7 +204,14 @@ ssize_t msghdr_copy(struct msghdr_buf *msg, size_t msgsize,
        bufsize = (msgsize > offsetof(struct msghdr_buf, buf)) ?
                msgsize - offsetof(struct msghdr_buf, buf) : 0;
 
-       fd_len = msghdr_prep_fds(&msg->msg, msg->buf, bufsize, fds, num_fds);
+       if (msg != NULL) {
+               msg->msg = (struct msghdr) {};
+
+               fd_len = msghdr_prep_fds(&msg->msg, msg->buf, bufsize,
+                                        fds, num_fds);
+       } else {
+               fd_len = msghdr_prep_fds(NULL, NULL, bufsize, fds, num_fds);
+       }
 
        if (fd_len == -1) {
                return -1;