projects / snapd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7808898)
[PATCH 10/36] cmd/libsnap-confine-private: Fix use of uninitialised variable
authorAlex Murray <alex.murray@canonical.com>
Wed, 17 Nov 2021 03:53:25 +0000 (14:23 +1030)
committerMichael Vogt <mvo@debian.org>
Thu, 17 Feb 2022 15:29:46 +0000 (15:29 +0000)
Ensure xdg_runtime_dir_env is zero initialisd in
sc_call_snap_update_ns_as_user() otherwise when XDG_RUNTIME_DIR is not
defined the uninitialised contents of this buffer will be passed to
snap-update-ns. This is unlikely to be an issue in practice as
snap-update-ns is quite defensive in terms of environment variable handing
already.

Signed-off-by: Alex Murray <alex.murray@canonical.com>
Gbp-Pq: Topic cve202144730
Gbp-Pq: Name 0010-cmd-libsnap-confine-private-Fix-use-of-uninitialised.patch

cmd/libsnap-confine-private/tool.c patch | blob | history

diff --git a/cmd/libsnap-confine-private/tool.c b/cmd/libsnap-confine-private/tool.c
index fc67ebb2447e49ab5fa6b4db551d9eb6f2aa797f..36666df919f17be92f8d96efd77b900fbd1d6bfc 100644 (file)
--- a/cmd/libsnap-confine-private/tool.c
+++ b/cmd/libsnap-confine-private/tool.c
@@ -105,7 +105,7 @@ void sc_call_snap_update_ns_as_user(int snap_update_ns_fd,
                         snap_name);
 
        const char *xdg_runtime_dir = getenv("XDG_RUNTIME_DIR");
-       char xdg_runtime_dir_env[PATH_MAX+strlen("XDG_RUNTIME_DIR=")];
+       char xdg_runtime_dir_env[PATH_MAX+sizeof("XDG_RUNTIME_DIR=")] = { 0 };
        if (xdg_runtime_dir != NULL) {
                sc_must_snprintf(xdg_runtime_dir_env,
                                 sizeof(xdg_runtime_dir_env),
Unnamed repository; edit this file 'description' to name the repository.