From: Alex Murray <alex.murray@canonical.com>
Date: Wed, 17 Nov 2021 03:53:25 +0000 (+1030)
Subject: [PATCH 10/36] cmd/libsnap-confine-private: Fix use of uninitialised variable
X-Git-Tag: archive/raspbian/2.37.4-1+rpi1+deb10u2^2~8
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=28d51ce76fd3f91173cbd4ec9020e1728eb27915;p=snapd.git

[PATCH 10/36] cmd/libsnap-confine-private: Fix use of uninitialised variable

Ensure xdg_runtime_dir_env is zero initialisd in
sc_call_snap_update_ns_as_user() otherwise when XDG_RUNTIME_DIR is not
defined the uninitialised contents of this buffer will be passed to
snap-update-ns. This is unlikely to be an issue in practice as
snap-update-ns is quite defensive in terms of environment variable handing
already.

Signed-off-by: Alex Murray <alex.murray@canonical.com>

Gbp-Pq: Topic cve202144730
Gbp-Pq: Name 0010-cmd-libsnap-confine-private-Fix-use-of-uninitialised.patch
---

diff --git a/cmd/libsnap-confine-private/tool.c b/cmd/libsnap-confine-private/tool.c
index fc67ebb2..36666df9 100644
--- a/cmd/libsnap-confine-private/tool.c
+++ b/cmd/libsnap-confine-private/tool.c
@@ -105,7 +105,7 @@ void sc_call_snap_update_ns_as_user(int snap_update_ns_fd,
 			 snap_name);
 
 	const char *xdg_runtime_dir = getenv("XDG_RUNTIME_DIR");
-	char xdg_runtime_dir_env[PATH_MAX+strlen("XDG_RUNTIME_DIR=")];
+	char xdg_runtime_dir_env[PATH_MAX+sizeof("XDG_RUNTIME_DIR=")] = { 0 };
 	if (xdg_runtime_dir != NULL) {
 		sc_must_snprintf(xdg_runtime_dir_env,
 				 sizeof(xdg_runtime_dir_env),