From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 15 Sep 2021 14:29:11 +0000 (+0900)
Subject: journal,network,timesync: fix segfault on 32bit timeval/timespec systems
X-Git-Tag: v250-rc1~659
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f782eee68aea996c68b8cfeba5f288dae7fc876f;p=thirdparty%2Fsystemd.git

journal,network,timesync: fix segfault on 32bit timeval/timespec systems

Fixes #20741.
---

diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
index 8c6684b2d35..c93499bbc61 100644
--- a/src/journal/journald-server.c
+++ b/src/journal/journald-server.c
@@ -1267,11 +1267,14 @@ int server_process_datagram(
         /* We use NAME_MAX space for the SELinux label here. The kernel currently enforces no limit, but
          * according to suggestions from the SELinux people this will change and it will probably be
          * identical to NAME_MAX. For now we use that, but this should be updated one day when the final
-         * limit is known. */
+         * limit is known.
+         *
+         * Here, we need to explicitly initialize the buffer with zero, as glibc has a bug in
+         * __convert_scm_timestamps(), which assumes the buffer is initialized. See #20741. */
         CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct ucred)) +
                          CMSG_SPACE_TIMEVAL +
                          CMSG_SPACE(sizeof(int)) + /* fd */
-                         CMSG_SPACE(NAME_MAX) /* selinux label */) control;
+                         CMSG_SPACE(NAME_MAX) /* selinux label */) control = {};
 
         union sockaddr_union sa = {};
 
diff --git a/src/libsystemd-network/icmp6-util.c b/src/libsystemd-network/icmp6-util.c
index 823be0f2752..3832bbd920c 100644
--- a/src/libsystemd-network/icmp6-util.c
+++ b/src/libsystemd-network/icmp6-util.c
@@ -148,8 +148,9 @@ int icmp6_send_router_solicitation(int s, const struct ether_addr *ether_addr) {
 int icmp6_receive(int fd, void *buffer, size_t size, struct in6_addr *ret_dst,
                   triple_timestamp *ret_timestamp) {
 
+        /* This needs to be initialized with zero. See #20741. */
         CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(int)) + /* ttl */
-                         CMSG_SPACE_TIMEVAL) control;
+                         CMSG_SPACE_TIMEVAL) control = {};
         struct iovec iov = {};
         union sockaddr_union sa = {};
         struct msghdr msg = {
diff --git a/src/timesync/timesyncd-manager.c b/src/timesync/timesyncd-manager.c
index d7060aaa45c..f21c5c316ba 100644
--- a/src/timesync/timesyncd-manager.c
+++ b/src/timesync/timesyncd-manager.c
@@ -416,7 +416,8 @@ static int manager_receive_response(sd_event_source *source, int fd, uint32_t re
                 .iov_base = &ntpmsg,
                 .iov_len = sizeof(ntpmsg),
         };
-        CMSG_BUFFER_TYPE(CMSG_SPACE_TIMESPEC) control;
+        /* This needs to be initialized with zero. See #20741. */
+        CMSG_BUFFER_TYPE(CMSG_SPACE_TIMESPEC) control = {};
         union sockaddr_union server_addr;
         struct msghdr msghdr = {
                 .msg_iov = &iov,