From: Jeremy Allison <jra@samba.org>
Date: Wed, 8 Jun 2016 12:34:20 +0000 (+0200)
Subject: lib: Fix uninitialized read in msghdr_copy
X-Git-Tag: samba-4.3.12~139
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fd1bccc9450081d6d121decb965668b848b08342;p=thirdparty%2Fsamba.git

lib: Fix uninitialized read in msghdr_copy

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11955

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jun  8 18:34:27 CEST 2016 on sn-devel-144

(cherry picked from commit 0e2711b2a0adeda6873f9c8161b9b01a56ae7098)
---

diff --git a/source3/lib/msghdr.c b/source3/lib/msghdr.c
index 2aa2f2e0516..6917069d925 100644
--- a/source3/lib/msghdr.c
+++ b/source3/lib/msghdr.c
@@ -204,7 +204,14 @@ ssize_t msghdr_copy(struct msghdr_buf *msg, size_t msgsize,
 	bufsize = (msgsize > offsetof(struct msghdr_buf, buf)) ?
 		msgsize - offsetof(struct msghdr_buf, buf) : 0;
 
-	fd_len = msghdr_prep_fds(&msg->msg, msg->buf, bufsize, fds, num_fds);
+	if (msg != NULL) {
+		msg->msg = (struct msghdr) {};
+
+		fd_len = msghdr_prep_fds(&msg->msg, msg->buf, bufsize,
+					 fds, num_fds);
+	} else {
+		fd_len = msghdr_prep_fds(NULL, NULL, bufsize, fds, num_fds);
+	}
 
 	if (fd_len == -1) {
 		return -1;