From: Yu Watanabe Date: Thu, 1 May 2025 03:44:23 +0000 (+0900) Subject: user-util,user-record-nss: initialize buffer before calling getpwnam_r() and friends X-Git-Tag: v258-rc1~657^2~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=64fc712fe7a20856379a1904683784b227a44abb;p=thirdparty%2Fsystemd.git user-util,user-record-nss: initialize buffer before calling getpwnam_r() and friends The buffer will be used by a library outside of our code base, and may not be initialized even on success. Let's initialize them for safety. Hopefully fixes the following fuzzer warning: ``` ==2039==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x7f9ad8be3ae6 in _nss_files_getsgnam_r (/lib/x86_64-linux-gnu/libnss_files.so.2+0x8ae6) (BuildId: 013bf05b4846ebbdbebdb05585acc9726c2fabce) #1 0x7f9ad93e5902 in getsgnam_r (/lib/x86_64-linux-gnu/libc.so.6+0x126902) (BuildId: 0323ab4806bee6f846d9ad4bccfc29afdca49a58) #2 0x7f9ad9b98153 in nss_sgrp_for_group /work/build/../../src/systemd/src/shared/user-record-nss.c:357:21 #3 0x7f9ad9b98926 in nss_group_record_by_gid /work/build/../../src/systemd/src/shared/user-record-nss.c:431:21 #4 0x7f9ad9bcebd7 in groupdb_by_gid_fallbacks /work/build/../../src/systemd/src/shared/userdb.c:1372:29 Uninitialized value was created by a heap allocation #0 0x556fd5294302 in malloc /src/llvm-project/compiler-rt/lib/msan/msan_interceptors.cpp:1021:3 #1 0x7f9ad9b9811d in nss_sgrp_for_group /work/build/../../src/systemd/src/shared/user-record-nss.c:353:23 #2 0x7f9ad9b98926 in nss_group_record_by_gid /work/build/../../src/systemd/src/shared/user-record-nss.c:431:21 #3 0x7f9ad9bcebd7 in groupdb_by_gid_fallbacks /work/build/../../src/systemd/src/shared/userdb.c:1372:29 ``` --- diff --git a/src/basic/user-util.c b/src/basic/user-util.c index eed4bac8953..3936192f391 100644 --- a/src/basic/user-util.c +++ b/src/basic/user-util.c @@ -1086,7 +1086,7 @@ int getpwnam_malloc(const char *name, struct passwd **ret) { for (;;) { _cleanup_free_ void *buf = NULL; - buf = malloc(ALIGN(sizeof(struct passwd)) + bufsize); + buf = malloc0(ALIGN(sizeof(struct passwd)) + bufsize); if (!buf) return -ENOMEM; @@ -1127,7 +1127,7 @@ int getpwuid_malloc(uid_t uid, struct passwd **ret) { for (;;) { _cleanup_free_ void *buf = NULL; - buf = malloc(ALIGN(sizeof(struct passwd)) + bufsize); + buf = malloc0(ALIGN(sizeof(struct passwd)) + bufsize); if (!buf) return -ENOMEM; @@ -1171,7 +1171,7 @@ int getgrnam_malloc(const char *name, struct group **ret) { for (;;) { _cleanup_free_ void *buf = NULL; - buf = malloc(ALIGN(sizeof(struct group)) + bufsize); + buf = malloc0(ALIGN(sizeof(struct group)) + bufsize); if (!buf) return -ENOMEM; @@ -1210,7 +1210,7 @@ int getgrgid_malloc(gid_t gid, struct group **ret) { for (;;) { _cleanup_free_ void *buf = NULL; - buf = malloc(ALIGN(sizeof(struct group)) + bufsize); + buf = malloc0(ALIGN(sizeof(struct group)) + bufsize); if (!buf) return -ENOMEM; diff --git a/src/shared/user-record-nss.c b/src/shared/user-record-nss.c index 404003d18ef..c2ad11a0c20 100644 --- a/src/shared/user-record-nss.c +++ b/src/shared/user-record-nss.c @@ -177,9 +177,9 @@ int nss_spwd_for_passwd(const struct passwd *pwd, struct spwd *ret_spwd, char ** for (;;) { _cleanup_free_ char *buf = NULL; - struct spwd spwd, *result; + struct spwd spwd = {}, *result = NULL; - buf = malloc(buflen); + buf = malloc0(buflen); if (!buf) return -ENOMEM; @@ -349,9 +349,9 @@ int nss_sgrp_for_group(const struct group *grp, struct sgrp *ret_sgrp, char **re for (;;) { _cleanup_free_ char *buf = NULL; - struct sgrp sgrp, *result; + struct sgrp sgrp = {}, *result = NULL; - buf = malloc(buflen); + buf = malloc0(buflen); if (!buf) return -ENOMEM;